kinto-signer

Kinto signer

These details have been verified by PyPI

Maintainers

alexis.metaireau glasserc leplatrem magopian mythmon Natim tarek

These details have not been verified by PyPI

Project description

What does this do?

Kinto signer is a Kinto plugin that makes it possible to sign the updates of Kinto collections. In other words, it’s a way to verify that the data the client has got is the data the original authors intended to distribute.

This works with two Kinto instances:

A, the authority (also known as “the signer”). It is where the original data are sent. The authority is configured to sign the data for a specific “origin”.
O, the origin, which will end up distributing the data and the signatures. It is where the client retrieve the data.

Triggering a signature on the authority

Once started, the authority is behaving like a normal Kinto server, until you ask for a signature of the collection. To trigger this signature operation, you need to add a specific field on the collection: status: "to-sign".

Here is how to do it with httpie:

echo '{"data": {"status": "to-sign"}}' | http PATCH http://0.0.0.0:8888/v1/buckets/default/collections/tasks --auth user:pass

From there, the authority will:

Retrieve all records on the collection, compute a hash of the records, and generate a signature out of it.
Send all local changes to the Origin server, with a signature.
Update the collection metadata with status:signed.

Configuring kinto-signer

To install this plugin in a Kinto server, a few configuration variables need to be set.

Here is an example of what a configuration could look like:

kinto.includes = kinto_signer

kinto.signer.resources =
    source/collection1;destination/collection1
    source/collection2;destination/collection2

Setting name	What does it do?
kinto.signer.resources	The name of the buckets and collections on which signatures can be triggered and the destination where the data and the signatures will end-up.
kinto.signer.signer_backend	The python dotted location to the signer to use. By default, a local ECDSA signer will be used. Choices are either kinto_signer.signer.local_ecdsa or kinto_signer.signer.autograph Have a look at the sections below for more information.

Configuration for the (default) ECDSA local signer

Setting name	What does it do?
kinto.signer.ecdsa.private_key	Absolute path to the ECDSA private key to use to apply the signatures
kinto.signer.ecdsa.public_key	Absolute path to the ECDSA private key to use to verify the signature (useful if you just want to use the signer as a verifier)

Configuration for the Autograph signer

Kinto signer can integrate with the Autograph server. To do so, use the following settings:

Setting name	What does it do?
kinto.signer.autograph.server_url	The autograph server URL
kinto.signer.autograph.hawk_id	The hawk identifier used to issue the requests.
kinto.signer.autograph.hawk_secret	The hawk secret used to issue the requests.

Generating a keypair

To generate a new keypair, you can use the following command:

$ python -m kinto_signer.generate_keypair private.pem public.pem

Running the tests

To run the unit tests:

$ make tests

For the functional tests:

$ make run-signer
$ make functional

Project details

These details have been verified by PyPI

Maintainers

alexis.metaireau glasserc leplatrem magopian mythmon Natim tarek

These details have not been verified by PyPI

Release history Release notifications | RSS feed

8.1.1

Jan 25, 2022

8.0.1

Feb 23, 2021

8.0.0

Nov 19, 2020

7.0.0

Sep 11, 2020

6.1.0

Mar 27, 2020

6.0.2

Jan 7, 2020

6.0.1

Dec 5, 2019

6.0.0

Nov 15, 2019

5.2.1

Oct 3, 2019

5.2.0

Sep 26, 2019

5.1.0

Aug 27, 2019

5.0.1

Jul 26, 2019

5.0.0

Apr 4, 2019

4.0.1

Jan 30, 2019

4.0.0

Jan 22, 2019

3.3.9

Dec 10, 2018

3.3.8

Nov 27, 2018

3.3.7

Nov 20, 2018

3.3.6

Nov 8, 2018

3.3.5

Nov 6, 2018

3.3.4

Oct 25, 2018

3.3.3

Oct 10, 2018

3.3.2

Aug 20, 2018

3.3.0

Jul 24, 2018

3.2.5

Jul 5, 2018

3.2.4

May 30, 2018

3.2.3

May 7, 2018

3.2.2

May 2, 2018

3.2.1

Apr 25, 2018

3.2.0

Apr 11, 2018

3.1.0

Mar 16, 2018

3.0.0

Mar 8, 2018

2.2.0

Dec 6, 2017

2.1.1

Oct 30, 2017

2.1.0

Aug 7, 2017

2.0.0

Jul 5, 2017

1.5.4

Jul 20, 2017

1.5.3

Jul 20, 2017

1.5.2

Jun 28, 2017

1.5.1

Jun 28, 2017

1.5.0

Jun 19, 2017

1.4.0

Jun 7, 2017

1.3.3

Apr 18, 2017

1.3.2

Mar 21, 2017

1.3.1

Mar 17, 2017

1.3.0

Mar 3, 2017

1.2.0

Jan 20, 2017

1.1.1

Jan 17, 2017

1.0.0

Oct 26, 2016

0.9.2

Oct 6, 2016

0.9.1

Oct 3, 2016

0.9.0

Sep 30, 2016

0.8.1

Aug 26, 2016

0.8.0

Aug 23, 2016

0.7.3

Jul 27, 2016

0.7.2

Jul 25, 2016

0.7.1

Jul 21, 2016

0.7.0

Jun 28, 2016

0.6.0

May 23, 2016

0.5.0

May 17, 2016

0.4.0

May 10, 2016

0.3.0

Apr 26, 2016

0.2.0

Mar 22, 2016

This version

0.1.0

Mar 7, 2016

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kinto-signer-0.1.0.tar.gz (12.2 kB view hashes)

Uploaded Mar 7, 2016 Source

Hashes for kinto-signer-0.1.0.tar.gz

Hashes for kinto-signer-0.1.0.tar.gz
Algorithm	Hash digest
SHA256	`dd148d526c6bfb7556ea2e3f552693e471fcb71522c8066def44e48f5872a230`
MD5	`4aaee75ef23722a4bf422ad8060db593`
BLAKE2b-256	`08a4b8c08694fc055363605adff37d93be90bd28be61aeb7124ce59c635c23a5`