[ANN] signedimp 0.1.3

Ryan Kelly ryan at rfk.id.au
Fri Jul 16 16:28:41 CEST 2010 

Hi Everyone,


  I'm pleased to announce the latest release of "signedimp", an import
wrapper and related machinery for verified loading of python modules.

  Details and downloads at the cheeseshop, or read on for more:

    http://pypi.python.org/pypi/signedimp/
    http://github.com/cloudmatrix/signedimp/


  Cheers,

    Ryan



Description:
------------

The "signedimp" module implements an import hook for verifying Python
modules before they are loaded, by means of cryptographically-signed
hashes.  It is compatible with PEP 302 and designed to complement the
code-signing functionality of your host OS (e.g. Microsoft Authenticode,
Apple OSX Code Signing) which may be able to verify the Python
executable itself but not the code that is dynamically loaded at
runtime.

It will mostly be useful for frozen Python applications, or other
situations where code is not expected to change.  It will be almost
useless with a standard Python interpreter.


Example:
--------

As a quick example, suppose you've got a private signing key stored in
the file "mykey".  You build a new frozen app with py2exe, then do:


    from signedimp.crypto.rsa import RSAKeyWithPSS
    key = RSAKeyWithPSS.load_from_file(open("mykey"),"password")

    import signedimp.tools
    signedimp.tools.sign_py2exe_app("/path/to/app/dir",key)


This generates a signed manifest of hashes for all the modules included
in the frozen app directory, and embeds the public key into the frozen
executable.  Your frozen application will now verify each module before
it is loaded, and any tampering (malicious or otherwise) will cause the
application to fail with an "IntegrityCheckError".

Of course, you'll also need to sign the executable itself with something
like Microsoft Authenticode or the whole scheme is worthless.

Currently there is support for signing apps frozen with py2exe, py2app
and cxfreeze.


Why?
----

This is *not* a DRM-type solution.  It's not designed to protect your
code from your users.  It would be trivial for a knowledgeable user to
remove the signature checking from your frozen application.

Rather, it's designed to protect your users from malicious tampering by
a third party.  You might find it especially useful if your app has a
plugin system that means it may be running code from untrusted sources
(and yes, it's possible to embed a signed manifest inside an egg).


Are you a crypto expert?
------------------------

No.  No no no.  You have been warned.




-- 
Ryan Kelly
http://www.rfk.id.au  |  This message is digitally signed. Please visit
ryan at rfk.id.au        |  http://www.rfk.id.au/ramblings/gpg/ for details


-------------- next part --------------
-- 
http://mail.python.org/mailman/listinfo/python-announce-list

        Support the Python Software Foundation:
        http://www.python.org/psf/donations.html

More information about the Python-announce-list mailing list