[openstack-dev] [all][dev][python] constructing a deterministic representation of a python data structure

Amrith Kumar amrith at tesora.com
Fri Nov 4 12:02:48 UTC 2016 


> -----Original Message-----
> From: Clint Byrum [mailto:clint at fewbar.com]
> Sent: Thursday, November 3, 2016 6:04 PM
> To: openstack-dev <openstack-dev at lists.openstack.org>
> Subject: Re: [openstack-dev] [all][dev][python] constructing a
deterministic
> representation of a python data structure
> 
> Excerpts from Amrith Kumar's message of 2016-11-03 20:50:01 +0000:
> > Josh,
> >
> > I have the key management part figured out and in actuality I will be
> > signing the messages.
> >
> > But step 1 is getting a deterministic representation and step 2 is
hashing.
> > Step 3 would be signing.
> >
> > So, steps 2 and 3 are all set; just need step 1 :) And I'm marveling
> > at the link that Morgan provided, it may have what I need.
> >
> 
> Please please please do not invent your own home rolled cryptographic
> envelope!!

[Amrith Kumar] Of course, did it once, have the badge and don't need another
:)

> 
> sender.py:
> 
> 
> to_send = {
>   'fact': 'red is the best color'
> }
> payload = json.dumps(to_send)
> message = gpg_sign(payload, key)
> send_message(message)
> 
> 
> receiver.py:
> 
> message = recv_message()
> (payload, key) = gpg_verify_message(message) if key not in trusted_keys:
>   raise Exception('Untrusted sender!')
> operate_on_payload(payload)
> 
> With all due respect, any of us are almost guaranteed to screw it up
> otherwise. Just use a thing known to work. There are plenty already.

[Amrith Kumar] I wasn't sure I'd be able to do this before (the only place
where this model will work is in oslo.messaging) but thanks to the links
that Dims forwarded, there may be a chance to make this part of oslo!


> 
> __________________________________________________________
> ________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-
> request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4805 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161104/678a740c/attachment.bin>

More information about the OpenStack-dev mailing list