[openstack-dev] [all][dev][python] constructing a deterministic representation of a python data structure

Clint Byrum clint at fewbar.com
Thu Nov 3 22:04:27 UTC 2016


Excerpts from Amrith Kumar's message of 2016-11-03 20:50:01 +0000:
> Josh,
> 
> I have the key management part figured out and in actuality I will be
> signing the messages. 
> 
> But step 1 is getting a deterministic representation and step 2 is hashing.
> Step 3 would be signing.
> 
> So, steps 2 and 3 are all set; just need step 1 :) And I'm marveling at the
> link that Morgan provided, it may have what I need.
> 

Please please please do not invent your own home rolled cryptographic
envelope!!

sender.py:


to_send = {
  'fact': 'red is the best color'
}
payload = json.dumps(to_send)
message = gpg_sign(payload, key)
send_message(message)


receiver.py:

message = recv_message()
(payload, key) = gpg_verify_message(message)
if key not in trusted_keys:
  raise Exception('Untrusted sender!')
operate_on_payload(payload)

With all due respect, any of us are almost guaranteed to screw it up
otherwise. Just use a thing known to work. There are plenty already.



More information about the OpenStack-dev mailing list