signedjson 1.1.4

Features

• More than one entity can sign the same object.

• Each entity can sign the object with more than one key making it easier to rotate keys

• ED25519 can be replaced with a different algorithm.

• Unprotected data can be added to the object under the "unsigned" key.

Installing

pip install signedjson

Using

from signedjson.key import generate_signing_key, get_verify_key
from signedjson.sign import (
    sign_json, verify_signed_json, SignatureVerifyException
)

signing_key = generate_signing_key('zxcvb')
signed_json = sign_json({'my_key': 'my_data'}, 'Alice', signing_key)

verify_key = get_verify_key(signing_key)

try:
    verify_signed_json(signed_json, 'Alice', verify_key)
    print 'Signature is valid'
except SignatureVerifyException:
    print 'Signature is invalid'

Format

{
    "<protected_name>": "<protected_value>",
    "signatures": {
        "<entity_name>": {
            "ed25519:<key_id>": "<unpadded_base64_signature>"
        }
    },
    "unsigned": {
        "<unprotected_name>": "<unprotected_value>",
    }
}