Name | simple-sign JSON |
Version |
0.0.1
JSON |
| download |
home_page | None |
Summary | helper functions signing simple data using Cardano primitives |
upload_time | 2024-10-21 18:33:46 |
maintainer | None |
docs_url | None |
author | None |
requires_python | >=3.10 |
license | None |
keywords |
cardano
signing
cip-8
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
# Orcfax Simple Sign
Provides simple signing and verification of data following the approach
outlined in [CIP-8][CIP-8].
[CIP-8]: https://cips.cardano.org/cip/CIP-0008
The command-line application and library is intended to provide helper functions
for consistent signing and verification functions across distributed dapps and
other applications utilizing Cardano off-chain.
## Creating a signing key
You need a signing key and address that can then be used to verify the source
of the signed data.
> If you hold the key, you hold the address that can be used to verify data.
The `cardano-cli` can be used to generate a signing key. E.g. on
preview/preprod.
```sh
cardano-cli address key-gen \
--verification-key-file payment.vkey \
--signing-key-file payment.skey
```
```sh
cardano-cli address build \
--payment-verification-key-file payment.vkey \
--out-file payment.addr \
--mainnet
```
The key can then be given to the app with arbitrary data to be signed.
## Basic signing and verification
### Signing
Example signing with `payment.skey` with addr
`addr1v90vykgaft6lylq79u7uvxqc3hxmnf8tz7uyxael6gpz3lsfnggam`:
```sh
python sign.py sign -d "arbitrary data" -s "$(cat payment.skey)"
```
Outputs:
<!--markdownlint-disable -->
```text
84584da301276761646472657373581d615ec2591d4af5f27c1e2f3dc618188dcdb9a4eb17b843773fd20228fe045820d88b447a19aa5ffcabc4270dd38017bda068c9f84b6fb05cb0fee73261fbb777a166686173686564f44e6172626974726172792064617461584025b3ef85838d62f40eb3fe5b1ac7cf802ca4d076a07575572bc88601968bafa2b4aa106c8636cc93bd4337385527cb31194e65925062c59857d69fbccd4f3f01
```
<!--markdownlint-enable -->
### Verification
Example verification, looking for addr
`addr1v90vykgaft6lylq79u7uvxqc3hxmnf8tz7uyxael6gpz3lsfnggam`:
```sh
python sign.py verify \
-d "84584da301276761646472657373581d615ec2591d4af5f27c1e2f3dc618188dcdb9a4eb17b843773fd20228fe045820d88b447a19aa5ffcabc4270dd38017bda068c9f84b6fb05cb0fee73261fbb777a166686173686564f44e6172626974726172792064617461584025b3ef85838d62f40eb3fe5b1ac7cf802ca4d076a07575572bc88601968bafa2b4aa106c8636cc93bd4337385527cb31194e65925062c59857d69fbccd4f3f01"
```
Outputs:
```python
{
'verified': True,
'message': 'arbitrary data',
'signing_address': 'addr1v90vykgaft6lylq79u7uvxqc3hxmnf8tz7uyxael6gpz3lsfnggam'
}
```
### Verification against a known set
Simple Sign provides enough for most use cases to receive a CIP-8 message,
check that it was signed, and then compare the signer's address against their
own known list of notaries.
To standardise the process Simple Sign will offer a number of helper functions.
#### Notaries in an environment variable
For a small number of notaries an environment variable may be sufficient. Use
`CIP8_NOTARIES=` with comma separated list of Cardano addresses before
invoking `signature_in_dapp_environment(pkey: str)` in your script.
```env
CIP8_NOTARIES=addr1...,addr2...,addr3...
```
Use `--list-env` or `-l` to display the contents of this variable locally:
```sh
python sign.py verify -
```
#### Other methods of checking signers
A number of stubs have been left in the code that might provide methods such
as checking against a UTxO or set of NFT holders in the future. These are yet
to be implemented.
## Developer install
### pip
Setup a virtual environment `venv` and install the local development
requirements as follows:
```bash
python3 -m venv venv
source venv/bin/activate
python -m pip install -r requirements/local.txt
```
#### Upgrade dependencies
A `make` recipe is included, simply call `make upgrade`. Alternatively run
`pip-upgrader` once the local requirements have been installed and follow the
prompts. `requirements.txt` and `local.txt` can be updated as desired.
### tox
#### Run tests (all)
```bash
python -m tox
```
#### Run tests-only
```bash
python -m tox -e py3
```
#### Run linting-only
```bash
python -m tox -e linting
```
### pre-commit
Pre-commit can be used to provide more feedback before committing code. This
reduces reduces the number of commits you might want to make when working on
code, it's also an alternative to running tox manually.
To set up pre-commit, providing `pip install` has been run above:
* `pre-commit install`
This repository contains a default number of pre-commit hooks, but there may
be others suited to different projects. A list of other pre-commit hooks can be
found [here][pre-commit-1].
[pre-commit-1]: https://pre-commit.com/hooks.html
## Packaging
The `Makefile` contains helper functions for packaging and release.
Makefile functions can be reviewed by calling `make` from the root of this
repository:
```make
clean Clean the package directory
docs Generate documentation
help Print this help message
package-check Check the distribution is valid
package-deps Upgrade dependencies for packaging
package-source Package the source code
package-upload Upload package to pypi
package-upload-test Upload package to test.pypi
pre-commit-checks Run pre-commit-checks.
serve-docs Serve the documentation
tar-source Package repository as tar for easy distribution
upgrade Upgrade project dependencies
```
### pyproject.toml
Packaging consumes the metadata in `pyproject.toml` which helps to describe
the project on the official [pypi.org][pypi-2] repository. Have a look at the
documentation and comments there to help you create a suitably descriptive
metadata file.
### Local packaging
To create a python wheel for testing locally, or distributing to colleagues
run:
* `make package-source`
A `tar` and `whl` file will be stored in a `dist/` directory. The `whl` file
can be installed as follows:
* `pip install <your-package>.whl`
### Publishing
Publishing for public use can be achieved with:
* `make package-upload-test` or `make package-upload`
`make-package-upload-test` will upload the package to [test.pypi.org][pypi-1]
which provides a way to look at package metadata and documentation and ensure
that it is correct before uploading to the official [pypi.org][pypi-2]
repository using `make package-upload`.
[pypi-1]: https://test.pypi.org
[pypi-2]: https://pypi.org
Raw data
{
"_id": null,
"home_page": null,
"name": "simple-sign",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "cardano, signing, cip-8",
"author": null,
"author_email": "\"R. Spencer\" <ross@orcfax.io>, George Orcfax <george@orcfax.io>",
"download_url": "https://files.pythonhosted.org/packages/b1/aa/de585e23b941d25bf54327cdff2f79633af9d3234650a8cd5e05cd5bdc8e/simple_sign-0.0.1.tar.gz",
"platform": null,
"description": "# Orcfax Simple Sign\n\nProvides simple signing and verification of data following the approach\noutlined in [CIP-8][CIP-8].\n\n[CIP-8]: https://cips.cardano.org/cip/CIP-0008\n\nThe command-line application and library is intended to provide helper functions\nfor consistent signing and verification functions across distributed dapps and\nother applications utilizing Cardano off-chain.\n\n## Creating a signing key\n\nYou need a signing key and address that can then be used to verify the source\nof the signed data.\n\n> If you hold the key, you hold the address that can be used to verify data.\n\nThe `cardano-cli` can be used to generate a signing key. E.g. on\npreview/preprod.\n\n```sh\ncardano-cli address key-gen \\\n --verification-key-file payment.vkey \\\n --signing-key-file payment.skey\n```\n\n```sh\ncardano-cli address build \\\n --payment-verification-key-file payment.vkey \\\n --out-file payment.addr \\\n --mainnet\n```\n\nThe key can then be given to the app with arbitrary data to be signed.\n\n## Basic signing and verification\n\n### Signing\n\nExample signing with `payment.skey` with addr\n`addr1v90vykgaft6lylq79u7uvxqc3hxmnf8tz7uyxael6gpz3lsfnggam`:\n\n```sh\npython sign.py sign -d \"arbitrary data\" -s \"$(cat payment.skey)\"\n```\n\nOutputs:\n\n<!--markdownlint-disable -->\n```text\n84584da301276761646472657373581d615ec2591d4af5f27c1e2f3dc618188dcdb9a4eb17b843773fd20228fe045820d88b447a19aa5ffcabc4270dd38017bda068c9f84b6fb05cb0fee73261fbb777a166686173686564f44e6172626974726172792064617461584025b3ef85838d62f40eb3fe5b1ac7cf802ca4d076a07575572bc88601968bafa2b4aa106c8636cc93bd4337385527cb31194e65925062c59857d69fbccd4f3f01\n```\n<!--markdownlint-enable -->\n\n### Verification\n\nExample verification, looking for addr\n`addr1v90vykgaft6lylq79u7uvxqc3hxmnf8tz7uyxael6gpz3lsfnggam`:\n\n```sh\npython sign.py verify \\\n -d \"84584da301276761646472657373581d615ec2591d4af5f27c1e2f3dc618188dcdb9a4eb17b843773fd20228fe045820d88b447a19aa5ffcabc4270dd38017bda068c9f84b6fb05cb0fee73261fbb777a166686173686564f44e6172626974726172792064617461584025b3ef85838d62f40eb3fe5b1ac7cf802ca4d076a07575572bc88601968bafa2b4aa106c8636cc93bd4337385527cb31194e65925062c59857d69fbccd4f3f01\"\n\n```\n\nOutputs:\n\n```python\n{\n 'verified': True,\n 'message': 'arbitrary data',\n 'signing_address': 'addr1v90vykgaft6lylq79u7uvxqc3hxmnf8tz7uyxael6gpz3lsfnggam'\n}\n```\n\n### Verification against a known set\n\nSimple Sign provides enough for most use cases to receive a CIP-8 message,\ncheck that it was signed, and then compare the signer's address against their\nown known list of notaries.\n\nTo standardise the process Simple Sign will offer a number of helper functions.\n\n#### Notaries in an environment variable\n\nFor a small number of notaries an environment variable may be sufficient. Use\n`CIP8_NOTARIES=` with comma separated list of Cardano addresses before\ninvoking `signature_in_dapp_environment(pkey: str)` in your script.\n\n```env\nCIP8_NOTARIES=addr1...,addr2...,addr3...\n```\n\nUse `--list-env` or `-l` to display the contents of this variable locally:\n\n```sh\npython sign.py verify -\n```\n\n#### Other methods of checking signers\n\nA number of stubs have been left in the code that might provide methods such\nas checking against a UTxO or set of NFT holders in the future. These are yet\nto be implemented.\n\n## Developer install\n\n### pip\n\nSetup a virtual environment `venv` and install the local development\nrequirements as follows:\n\n```bash\npython3 -m venv venv\nsource venv/bin/activate\npython -m pip install -r requirements/local.txt\n```\n\n#### Upgrade dependencies\n\nA `make` recipe is included, simply call `make upgrade`. Alternatively run\n`pip-upgrader` once the local requirements have been installed and follow the\nprompts. `requirements.txt` and `local.txt` can be updated as desired.\n\n### tox\n\n#### Run tests (all)\n\n```bash\npython -m tox\n```\n\n#### Run tests-only\n\n```bash\npython -m tox -e py3\n```\n\n#### Run linting-only\n\n```bash\npython -m tox -e linting\n```\n\n### pre-commit\n\nPre-commit can be used to provide more feedback before committing code. This\nreduces reduces the number of commits you might want to make when working on\ncode, it's also an alternative to running tox manually.\n\nTo set up pre-commit, providing `pip install` has been run above:\n\n* `pre-commit install`\n\nThis repository contains a default number of pre-commit hooks, but there may\nbe others suited to different projects. A list of other pre-commit hooks can be\nfound [here][pre-commit-1].\n\n[pre-commit-1]: https://pre-commit.com/hooks.html\n\n## Packaging\n\nThe `Makefile` contains helper functions for packaging and release.\n\nMakefile functions can be reviewed by calling `make` from the root of this\nrepository:\n\n```make\nclean Clean the package directory\ndocs Generate documentation\nhelp Print this help message\npackage-check Check the distribution is valid\npackage-deps Upgrade dependencies for packaging\npackage-source Package the source code\npackage-upload Upload package to pypi\npackage-upload-test Upload package to test.pypi\npre-commit-checks Run pre-commit-checks.\nserve-docs Serve the documentation\ntar-source Package repository as tar for easy distribution\nupgrade Upgrade project dependencies\n```\n\n### pyproject.toml\n\nPackaging consumes the metadata in `pyproject.toml` which helps to describe\nthe project on the official [pypi.org][pypi-2] repository. Have a look at the\ndocumentation and comments there to help you create a suitably descriptive\nmetadata file.\n\n### Local packaging\n\nTo create a python wheel for testing locally, or distributing to colleagues\nrun:\n\n* `make package-source`\n\nA `tar` and `whl` file will be stored in a `dist/` directory. The `whl` file\ncan be installed as follows:\n\n* `pip install <your-package>.whl`\n\n### Publishing\n\nPublishing for public use can be achieved with:\n\n* `make package-upload-test` or `make package-upload`\n\n`make-package-upload-test` will upload the package to [test.pypi.org][pypi-1]\nwhich provides a way to look at package metadata and documentation and ensure\nthat it is correct before uploading to the official [pypi.org][pypi-2]\nrepository using `make package-upload`.\n\n[pypi-1]: https://test.pypi.org\n[pypi-2]: https://pypi.org\n",
"bugtrack_url": null,
"license": null,
"summary": "helper functions signing simple data using Cardano primitives",
"version": "0.0.1",
"project_urls": {
"Bug Reports": "https://github.com/orcfax/simple-sign/issues/",
"Homepage": "https://orcfax.io/",
"Source": "https://github.com/orcfax/simple-sign/"
},
"split_keywords": [
"cardano",
" signing",
" cip-8"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a725cad29d946a39257609496128d784f611737c6e9a61de43cfbb65db765ac9",
"md5": "fb7540cd24502bc0bc543a2627d60558",
"sha256": "f1cc019edefbde42fcf755f4d81a602c1f9616639beba91f6977b12c5cdada2f"
},
"downloads": -1,
"filename": "simple_sign-0.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "fb7540cd24502bc0bc543a2627d60558",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 10955,
"upload_time": "2024-10-21T18:33:44",
"upload_time_iso_8601": "2024-10-21T18:33:44.426101Z",
"url": "https://files.pythonhosted.org/packages/a7/25/cad29d946a39257609496128d784f611737c6e9a61de43cfbb65db765ac9/simple_sign-0.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "b1aade585e23b941d25bf54327cdff2f79633af9d3234650a8cd5e05cd5bdc8e",
"md5": "abee2c9849208b15e80cab9204d11d66",
"sha256": "ed2a1a92dd959e0cfc5fff857a6c1339b2ee5e0638558cee43f094c51afbf181"
},
"downloads": -1,
"filename": "simple_sign-0.0.1.tar.gz",
"has_sig": false,
"md5_digest": "abee2c9849208b15e80cab9204d11d66",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 27629,
"upload_time": "2024-10-21T18:33:46",
"upload_time_iso_8601": "2024-10-21T18:33:46.374071Z",
"url": "https://files.pythonhosted.org/packages/b1/aa/de585e23b941d25bf54327cdff2f79633af9d3234650a8cd5e05cd5bdc8e/simple_sign-0.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-10-21 18:33:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "orcfax",
"github_project": "simple-sign",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"tox": true,
"lcname": "simple-sign"
}