{
    "info": {
        "author": "Matthisk Heimensen",
        "author_email": "m@tthisk.nl",
        "bugtrack_url": null,
        "classifiers": [
            "Development Status :: 5 - Production/Stable",
            "Environment :: Web Environment",
            "Intended Audience :: Developers",
            "License :: OSI Approved :: MIT License",
            "Operating System :: OS Independent",
            "Programming Language :: Python",
            "Programming Language :: Python :: 2.7",
            "Programming Language :: Python :: 3.2",
            "Programming Language :: Python :: 3.3",
            "Programming Language :: Python :: 3.4",
            "Topic :: Internet :: WWW/HTTP",
            "Topic :: Software Development :: Libraries :: Python Modules"
        ],
        "description": "httpsig\n=======\n\n.. image:: https://travis-ci.org/ahknight/httpsig.svg?branch=master\n    :target: https://travis-ci.org/ahknight/httpsig\n    \n.. image:: https://travis-ci.org/ahknight/httpsig.svg?branch=develop\n    :target: https://travis-ci.org/ahknight/httpsig\n\nSign HTTP requests with secure signatures according to the IETF HTTP Signatures specification (`Draft 3`_).  This is a fork of the original module_ to fully support both RSA and HMAC schemes as well as unit test both schemes to prove they work.  It's being used in production and is actively-developed.\n\nSee the original project_, original Python module_, original spec_, and `current IETF draft`_ for more details on the signing scheme.\n\n.. _project: https://github.com/joyent/node-http-signature\n.. _module: https://github.com/zzsnzmn/py-http-signature\n.. _spec: https://github.com/joyent/node-http-signature/blob/master/http_signing.md\n.. _`current IETF draft`: https://datatracker.ietf.org/doc/draft-cavage-http-signatures/\n.. _`Draft 3`: http://tools.ietf.org/html/draft-cavage-http-signatures-03\n\nRequirements\n------------\n\n* Python 2.7, 3.2, 3.3, 3.4\n* PyCrypto_\n\nOptional:\n\n* requests_\n\n.. _PyCrypto: https://pypi.python.org/pypi/pycrypto\n.. _requests: https://pypi.python.org/pypi/requests\n\nUsage\n-----\n\nReal documentation is forthcoming, but for now this should get you started.\n\nFor simple raw signing:\n\n.. code:: python\n\n    import httpsig\n    \n    secret = open('rsa_private.pem', 'rb').read()\n    \n    sig_maker = httpsig.Signer(secret=secret, algorithm='rsa-sha256')\n    sig_maker.sign('hello world!')\n\nFor general use with web frameworks:\n    \n.. code:: python\n\n    import httpsig\n    \n    key_id = \"Some Key ID\"\n    secret = b'some big secret'\n    \n    hs = httpsig.HeaderSigner(key_id, secret, algorithm=\"hmac-sha256\", headers=['(request-target)', 'host', 'date'])\n    signed_headers_dict = hs.sign({\"Date\": \"Tue, 01 Jan 2014 01:01:01 GMT\", \"Host\": \"example.com\"}, method=\"GET\", path=\"/api/1/object/1\")\n\nFor use with requests:\n\n.. code:: python\n\n    import json\n    import requests\n    from httpsig.requests_auth import HTTPSignatureAuth\n    \n    secret = open('rsa_private.pem', 'rb').read()\n    \n    auth = HTTPSignatureAuth(key_id='Test', secret=secret)\n    z = requests.get('https://api.example.com/path/to/endpoint', \n                             auth=auth, headers={'X-Api-Version': '~6.5'})\n\nClass initialization parameters\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\nNote that keys and secrets should be bytes objects.  At attempt will be made to convert them, but if that fails then exceptions will be thrown.\n\n.. code:: python\n\n    httpsig.Signer(secret, algorithm='rsa-sha256')\n\n``secret``, in the case of an RSA signature, is a string containing private RSA pem. In the case of HMAC, it is a secret password.  \n``algorithm`` is one of the six allowed signatures: ``rsa-sha1``, ``rsa-sha256``, ``rsa-sha512``, ``hmac-sha1``, ``hmac-sha256``, \n``hmac-sha512``.\n\n\n.. code:: python\n\n    httpsig.requests_auth.HTTPSignatureAuth(key_id, secret, algorithm='rsa-sha256', headers=None)\n\n``key_id`` is the label by which the server system knows your RSA signature or password.  \n``headers`` is the list of HTTP headers that are concatenated and used as signing objects. By default it is the specification's minimum, the ``Date`` HTTP header.  \n``secret`` and ``algorithm`` are as above.\n\nTests\n-----\n\nTo run tests::\n\n    python setup.py test\n\nor::\n\n    tox\n\nLicense\n-------\n\nBoth this module and the original module_ are licensed under the MIT license.\n\n\nhttpsig Changes\n---------------\n\n1.1.2 (2015-Feb-11)\n-------------------\n\n* HMAC verification is now constant-time.\n\n1.1.1 (2015-Feb-11)\n-------------------\n\n* (pulled)\n\n1.1.0 (2014-Jul-24)\n-------------------\n\n* Changed \"(request-line)\" to \"(request-target)\" to comply with Draft 3.\n\n1.0.3 (2014-Jul-09)\n-------------------\n\n* Unified the default signing algo under one setting. Setting httpsig.sign.DEFAULT_SIGN_ALGORITHM changes it for all future instances.\n* Handle invalid params a little better.\n\n1.0.2 (2014-Jul-02)\n-------------------\n\n* Ensure we treat headers as ASCII strings.\n* Handle a case in the authorization header where there's garbage (non-keypairs) after the method name.\n\n1.0.1 (2014-Jul-02)\n~~~~~~~~~~~~~~~~~~~\n\n* Python 3 support (2.7 + 3.2-3.4)\n* Updated tox and Travis CI configs to test the supported Python versions.\n* Updated README.\n\n1.0.0 (2014-Jul-01)\n~~~~~~~~~~~~~~~~~~~\n* Written against http://tools.ietf.org/html/draft-cavage-http-signatures-02\n* Added \"setup.py test\" and tox support.\n* Added sign/verify unit tests for all currently-supported algorithms.\n* HeaderSigner and HeaderVerifier now share the same message-building logic.\n* The HTTP method in the message is now properly lower-case.\n* Resolved unit test failures.\n* Updated Verifier and HeaderVerifier to handle verifying both RSA and HMAC sigs.\n* Updated versioneer.\n* Updated contact/author info.\n* Removed stray keypair in test dir.\n* Removed SSH agent support.\n* Removed suport for reading keyfiles from disk as this is a huge security hole if this is used in a server framework like drf-httpsig.\n\n1.0b1 (2014-Jun-23)\n~~~~~~~~~~~~~~~~~~~~~~\n* Removed HTTP version from request-line, per spec (breaks backwards compatability).\n* Removed auto-generation of missing Date header (ensures client compatability).\n\n\nhttp-signature (previous)\n-------------------------\n\n0.2.0 (unreleased)\n~~~~~~~~~~~~~~~~~~\n\n* Update to newer spec (incompatible with prior version).\n* Handle `request-line` meta-header.\n* Allow secret to be a PEM encoded string.\n* Add test cases from spec.\n\n0.1.4 (2012-10-03)\n~~~~~~~~~~~~~~~~~~\n\n* Account for ssh now being re-merged into paramiko: either package is acceptable (but paramiko should ideally be >= 1.8.0)\n\n0.1.3 (2012-10-02)\n~~~~~~~~~~~~~~~~~~\n\n* Stop enabling `allow_agent` by default\n* Stop requiring `ssh` package by default -- it is imported only when `allow_agent=True`\n* Changed logic around ssh-agent: if one key is available, don't bother with any other authentication method\n* Changed logic around key file usage: if decryption fails, prompt for password\n* Bug fix: ssh-agent resulted in a nonsensical error if it found no correct keys (thanks, petervolpe)\n* Introduce versioneer.py",
        "description_content_type": null,
        "docs_url": null,
        "download_url": "UNKNOWN",
        "downloads": {
            "last_day": -1,
            "last_month": -1,
            "last_week": -1
        },
        "home_page": "https://github.com/ahknight/httpsig",
        "keywords": "http,authorization,api,web",
        "license": "MIT",
        "maintainer": null,
        "maintainer_email": null,
        "name": "matthisk_httpsig",
        "package_url": "https://pypi.org/project/matthisk_httpsig/",
        "platform": "UNKNOWN",
        "project_url": "https://pypi.org/project/matthisk_httpsig/",
        "project_urls": {
            "Download": "UNKNOWN",
            "Homepage": "https://github.com/ahknight/httpsig"
        },
        "release_url": "https://pypi.org/project/matthisk_httpsig/1.1.2/",
        "requires_dist": null,
        "requires_python": null,
        "summary": "Secure HTTP request signing using the HTTP Signature draft specification",
        "version": "1.1.2"
    },
    "last_serial": 1891226,
    "releases": {
        "1.1.2": [
            {
                "comment_text": "",
                "digests": {
                    "md5": "b6c016d9e47e9af2c5263e82ca678678",
                    "sha256": "fcb91128417349f6c97930b05548239097ef35d85b17827f58374f2fb9d9fa50"
                },
                "downloads": -1,
                "filename": "matthisk_httpsig-1.1.2.tar.gz",
                "has_sig": false,
                "md5_digest": "b6c016d9e47e9af2c5263e82ca678678",
                "packagetype": "sdist",
                "python_version": "source",
                "requires_python": null,
                "size": 25146,
                "upload_time": "2016-01-06T13:41:17",
                "url": "https://files.pythonhosted.org/packages/c0/2f/b1645485c442dc8c742a2f5eae4d4218c2e79acf7ce5139e0cee3f1e4f98/matthisk_httpsig-1.1.2.tar.gz"
            }
        ]
    },
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "md5": "b6c016d9e47e9af2c5263e82ca678678",
                "sha256": "fcb91128417349f6c97930b05548239097ef35d85b17827f58374f2fb9d9fa50"
            },
            "downloads": -1,
            "filename": "matthisk_httpsig-1.1.2.tar.gz",
            "has_sig": false,
            "md5_digest": "b6c016d9e47e9af2c5263e82ca678678",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": null,
            "size": 25146,
            "upload_time": "2016-01-06T13:41:17",
            "url": "https://files.pythonhosted.org/packages/c0/2f/b1645485c442dc8c742a2f5eae4d4218c2e79acf7ce5139e0cee3f1e4f98/matthisk_httpsig-1.1.2.tar.gz"
        }
    ]
}