ASGI Signing Middleware¶
The goal of this project is to provide a simple and straightforward way to securely sign data by providing ready-to-use middlewares, using blake2signer as signing backend.
Looking for another documentation version?
Why would I need to use it?¶
If you need to store some data (state, generally), and want to avoid using a trusted DB for performance reasons, it is usually advisable to sign said data. This package will help you achieve that with ease, ready-to-use middlewares, without you needing to think on the details: just provide a signing secret and let this package handle the rest.
Why would I want to use it?¶
Because it is a relatively small (around 100 logical lines of code), simple (usage is very straight-forward) yet very customizable and fast middleware data signer. My idea is to keep it as uncomplicated as possible without much room to become a footgun. All defaults are very sane (secure) and everything just works out of the box.
- Be safe and secure.
- Be simple and straightforward.
- Follow semver.
- Be always typed.
- 100% coverage.
- If possible, maintain active Python versions (3.8+).
This package is hosted on PyPi so just:
python3 -m pip install asgi-signing-middleware
poetry add asgi-signing-middleware
pipenv install asgi-signing-middleware
You can check the releases' page for package hashes and signatures.
Versions currently tested (check the pipelines):
I'm not a cryptoexpert, so this project needs a security review. If you are one and can do it, please contact me.
ASGI Signing Middleware is made by HacKan under MPL v2.0. You are free to use, share, modify and share modifications under the terms of that license. Derived works may link back to the canonical repository:
Copyright (C) 2022 HacKan (https://hackan.net)
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, You can obtain one at https://mozilla.org/MPL/2.0/.