Geek Answers Handbook

PGP / GPG Signed Python Code

I would like (PGP / GPG) to sign python code. Yes, I read this and many other sites that talk about protecting and obfuscating python code - this is all not what I want. I do NOT want to obfuscate the code. I want clients and users to see the code, they can change the code, copy it and do derivative work, I would like to have software for GPLv3. But I want the plugins to be โ€œsignedโ€, so at runtime they can be trusted .

Is this possible in Python? Is it possible to import a library after checking its signature? Which would be easy: check the signing of the gpg file, and then load it using the import, otherwise throw an exception. But this is only possible for files with a single import file, not a python directory.

It is clear that if the client changes the GPG key in the program or deletes some lines on its own in the verification algorithm, everything has passed - but this is not a problem. He could do whatever he wanted, but that would be stupid. He wants credulity. I want him to add a plug-in for third-party developers by copying it to the "plugins" directory and asking the program to check the plug-in "reliability", and then import it. (This way, he can run plugins that are not signed, but at his own risk.)

+8
python import gnupg pgp
source share
2 answers

The Python import mechanism already provides all the tools necessary to achieve what you want. You can set various types of import hooks to support what you want.

In particular, you will probably find it convenient to set the path to the meta path that searches for โ€œsigned modulesโ€ and returns a Loader that can import from this signed format.

A very simple and convenient format for your signed plugins is a zip archive containing:

  • Plugin code in the form of modules / packages
  • PGP signature of above code

Thus:

  • Your bootloader should unzip the zip code and verify the signature. If this matches, then you can safely load the plug-in, if it does not match, you should ask the user to trust the plug-in (or not and abort)
  • If the user wants to change the plug-in, he can simply unzip the zip archive and change it as he wishes.
  • Import from zip archives is already implemented in the zipimport module. This means that you do not need to rewrite the bootloader from scratch.

In fact, if you want to reduce the code for hooks to a minimum, you just need to verify the signature, and then add the path to the zip archive in sys.path , since python already handles import from zip even without using zipimport explicitly.

Using this design, you just need to install these hooks, and then you can import plug-in as if they were normal modules, and check, etc. will be done automatically.

+4
source share

I know this is an old post, but we have developed a new solution. We faced the same task - distributing the python source code, but not allowing hackers to manipulate the code. We developed a solution to create a custom bootloader for our application using signet http://jamercee.imtqy.com/signet/ .

What this file does is scan your script and its dependencies that create sha1 hashes. It injects these hashes into a custom loader that you deliver to your client using a script. Your clients launch a bootloader that re-checks the hashes before it transfers control to your script for normal execution. If a falsifier occurs, it issues an error message and refuses to run the modified code.

Signet is multi-platform and works on windows, unix, linux, freebsd, etc. If you deploy to windows, the bootloader build process can even apply your corporate code certificate to 100% validate your code. It also performs a PE check.

The code is completely open, including the C ++ source code for the default bootloader template. You can expand the bootloader to perform additional checks and even take action if it detects code tampering (for example, cancels tampering ...).

+2
source share

More articles:


All Articles