{ "info": { "author": "Eugene Naydenov", "author_email": "t.34.oxygen+github+signit@gmail.com", "bugtrack_url": null, "classifiers": [ "Intended Audience :: Developers", "License :: OSI Approved :: Apache Software License", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: Implementation :: CPython", "Topic :: Security", "Topic :: Security :: Cryptography", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "SignIt\n======\n\n|Build Status| |Coverage Status| |PyPI version|\n\nAbout\n^^^^^\n\n**SignIt** is a helper-library to create and verify HMAC (HMAC-SHA256 by\ndefault) signatures that could be used to sign requests to the APIs.\n\n--------------\n\nUse cases\n^^^^^^^^^\n\nOn the **client** side you could\n\n- sign your requests using ``signit.signature.create()``\n\nOn the **server** side you could\n\n- parse a signature retrieved from request header or query string using\n ``signit.signature.parse()``\n- verify retrieved signature using ``signit.signature.verify()``\n- generate access and secret keys for client using\n ``signit.key.generate()``\n\n--------------\n\nExample of usage (client)\n^^^^^^^^^^^^^^^^^^^^^^^^^\n\n.. code:: py\n\n import datetime\n import requests\n import signit\n\n ACCESS_KEY = 'MY_ACCESS_KEY'\n SECRET_KEY = 'MY_SECRET_KEY'\n\n def create_user(user: dict) -> bool:\n msg = str(datetime.datetime.utcnow().timestamp())\n auth = signit.signature.create(MY_ACCESS_KEY, MY_SECRET_KEY, msg)\n headers = {\n 'Unix-Timestamp': msg,\n 'Authorization': auth,\n }\n r = requests.post('http://example.com/users', json=user, headers=headers)\n return r.status_code == 201\n\nThe Authorization header will look like\n\n.. code:: http\n\n Authorization: HMAC-SHA256 MY_ACCESS_KEY:0947c88ce16d078dde4a2aded1fe4627643a378757dccc3428c19569fea99542\n\n--------------\n\nExample of usage (server)\n^^^^^^^^^^^^^^^^^^^^^^^^^\n\nThe server has issued an access key and a secret key for you. And only\nyou and the server know the secret key.\n\nSo that the server could identify you by your public access key and\nensure that you used the secret key to produce a hash of the message in\nthis way:\n\n.. code:: python\n\n # ...somewhere in my_api/resources/user.py\n import signit\n from aiohttp import web\n from psycopg2 import IntegrityError\n\n async def post(request):\n message = request.headers['Unix-Timestamp']\n signature = request.headers['Authorization']\n prefix, access_key, hmac_digest = signit.signature.parse(signature)\n secret_key = await get_secret_key_from_db(access_key)\n if not signit.signature.verify(hmac_digest, secret_key, message):\n raise web.HTTPUnauthorized('Invalid signature')\n try:\n await create_user(request)\n except IntegrityError:\n raise web.HTTPConflict()\n return web.HTTPCreated()\n\nAdditionally if you use a ``Unix-Timestamp`` as a message message the\nserver could check if the request is too old and deny with ``401`` to\nprotect against \"replay attacks\".\n\n.. |Build Status| image:: https://travis-ci.org/f0t0n/signit.svg?branch=master\n :target: https://travis-ci.org/f0t0n/signit\n.. |Coverage Status| image:: https://coveralls.io/repos/github/f0t0n/signit/badge.svg?branch=master\n :target: https://coveralls.io/github/f0t0n/signit?branch=master\n.. |PyPI version| image:: https://badge.fury.io/py/signit.svg\n :target: https://badge.fury.io/py/signit", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/f0t0n/signit/", "keywords": null, "license": "Apache 2", "maintainer": null, "maintainer_email": null, "name": "signit", "package_url": "https://pypi.org/project/signit/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/signit/", "project_urls": { "Download": "UNKNOWN", "Homepage": "https://github.com/f0t0n/signit/" }, "release_url": "https://pypi.org/project/signit/0.3.0/", "requires_dist": null, "requires_python": null, "summary": "HMAC signature library for http requests signing", "version": "0.3.0" }, "last_serial": 2012189, "releases": { "0.1.0": [], "0.1.1": [ { "comment_text": "", "digests": { "md5": "23ac5a42bb7a9dcc6c142d0a404c0e3f", "sha256": "0e657b7b6615d6e91bd8685cc63e70aa8fff28fb7eb2437bac4b503139d325ab" }, "downloads": -1, "filename": "signit-0.1.1.tar.gz", "has_sig": false, "md5_digest": "23ac5a42bb7a9dcc6c142d0a404c0e3f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3875, "upload_time": "2016-03-11T18:45:08", "url": "https://files.pythonhosted.org/packages/68/d9/b02bcda6cf4412e7a0535ce469dd28bd419906b3fb6ef89db56a9d51facc/signit-0.1.1.tar.gz" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "d7a790ad4fcea66c7b53c5ef956f1c8a", "sha256": "9b7103b484aee464043b857dddc288cd298441a8aa147c45e78e86fc942750df" }, "downloads": -1, "filename": "signit-0.1.2.tar.gz", "has_sig": false, "md5_digest": "d7a790ad4fcea66c7b53c5ef956f1c8a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3836, "upload_time": "2016-03-11T19:19:28", "url": "https://files.pythonhosted.org/packages/e1/b1/a46e2e93d167b52d92888d1e53367f50099fe340d50a13705206b57db45f/signit-0.1.2.tar.gz" } ], "0.1.3": [ { "comment_text": "", "digests": { "md5": "048a8b812c72fe293b6313c027eff2b1", "sha256": "e6838ada9db184a5441d90e674a8bf8cc3d4b27f6aef0ec369e2e6e47cf0a2ae" }, "downloads": -1, "filename": "signit-0.1.3.tar.gz", "has_sig": false, "md5_digest": "048a8b812c72fe293b6313c027eff2b1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3841, "upload_time": "2016-03-11T19:59:43", "url": "https://files.pythonhosted.org/packages/eb/5f/14263ca3657e63ff096f02a931b755030ff0462efc045331087af6432037/signit-0.1.3.tar.gz" } ], "0.2.0": [ { "comment_text": "", "digests": { "md5": "6355ab7c6bae7b67ef819a5cd9d2032b", "sha256": "a3665c30dda2738f8c302bfc892dbb4e9e009cb828374ad2f670c554cb71be36" }, "downloads": -1, "filename": "signit-0.2.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "6355ab7c6bae7b67ef819a5cd9d2032b", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 6261, "upload_time": "2016-03-13T02:00:22", "url": "https://files.pythonhosted.org/packages/66/85/81ac406fee683d7b00729b990c13aedef9945e2a5166cc8310a28235267d/signit-0.2.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "4f525cc033d29fa69319e385ba887bbf", "sha256": "5d11c2de624fdb7cd836ed8a17387da5abe90914907abbdc8fbc03f35bfcec34" }, "downloads": -1, "filename": "signit-0.2.0.tar.gz", "has_sig": false, "md5_digest": "4f525cc033d29fa69319e385ba887bbf", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3795, "upload_time": "2016-03-13T02:00:02", "url": "https://files.pythonhosted.org/packages/45/50/fdc548e85f8c6fa4fd28e29970b812d4b08570bfb172bcc60fa6d966dc79/signit-0.2.0.tar.gz" } ], "0.3.0": [ { "comment_text": "", "digests": { "md5": "b4ce2981bc33b8524f2ed28c5f7f0dd5", "sha256": "61edddf9fb8d925f043b477a63ebcbcfb999c2ddb27726309a08855e6531bf4f" }, "downloads": -1, "filename": "signit-0.3.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "b4ce2981bc33b8524f2ed28c5f7f0dd5", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 6297, "upload_time": "2016-03-17T12:59:57", "url": "https://files.pythonhosted.org/packages/73/f9/09f481e8536cbf43fb2bf90a06742bd4173847eda6108b6857dca6ecb97e/signit-0.3.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "53ed563efd29f42be8dc1325302d002b", "sha256": "c97a65dd336b37391d8197b7af0a7a9da856366b62ce35608b20bcf2185ba936" }, "downloads": -1, "filename": "signit-0.3.0.tar.gz", "has_sig": false, "md5_digest": "53ed563efd29f42be8dc1325302d002b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3857, "upload_time": "2016-03-17T12:59:50", "url": "https://files.pythonhosted.org/packages/17/48/a89a63fe7f5b0a7faa093e5cd3bcb95018fb836a6372987988f7c2f7fa36/signit-0.3.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "b4ce2981bc33b8524f2ed28c5f7f0dd5", "sha256": "61edddf9fb8d925f043b477a63ebcbcfb999c2ddb27726309a08855e6531bf4f" }, "downloads": -1, "filename": "signit-0.3.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "b4ce2981bc33b8524f2ed28c5f7f0dd5", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 6297, "upload_time": "2016-03-17T12:59:57", "url": "https://files.pythonhosted.org/packages/73/f9/09f481e8536cbf43fb2bf90a06742bd4173847eda6108b6857dca6ecb97e/signit-0.3.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "53ed563efd29f42be8dc1325302d002b", "sha256": "c97a65dd336b37391d8197b7af0a7a9da856366b62ce35608b20bcf2185ba936" }, "downloads": -1, "filename": "signit-0.3.0.tar.gz", "has_sig": false, "md5_digest": "53ed563efd29f42be8dc1325302d002b", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 3857, "upload_time": "2016-03-17T12:59:50", "url": "https://files.pythonhosted.org/packages/17/48/a89a63fe7f5b0a7faa093e5cd3bcb95018fb836a6372987988f7c2f7fa36/signit-0.3.0.tar.gz" } ] }