[Product-Developers] Signing pickle data in Plone, seeking input

Sean Upton sdupton at gmail.com
Mon Dec 3 23:26:42 UTC 2012

For one of my add-ons, I need to sign trusted pickle data, and want:

(1) to use HMAC-SHA256 to sign a message.

(2) want an easy -- as in "I do not want to think about managing my
own secret" easy -- way to use a per-site secret key.

Is using the system secret from plone.keyring suitable here?  Something like:

## assume from this example that the local component site is set via
## zope.component.hooks.setSite to a Plone site:

# sign a pickle:

>>> import hashlib
>>> import hmac
>>> import base64
>>> import pickle
>>> from plone.keyring.interfaces import IKeyManager
>>> from zope.component import queryUtility
>>> from zope.component.hooks import setSite
>>> rawdata = {'this:'Arbitrary data woohoo!'}
>>> data = pickle.dumps(rawdata)
>>> secret = queryUtility(IKeyManager).secret()
>>> signature = hmac.new(secret, data, digestmod=hashlib.sha256).hexdigest()
>>> payload = base64.b64encode(signature + data)

# read a pickle, assume identifier 'payload' has been read as a base64 encoded
# string containing signature plus pickle data stream:

>>> input = base64.b64decode(payload)
>>> signature, msg = input[:64], input[64:]
>>> result = None
>>> if signature == hmac.new(secret, msg, digestmod=hashlib.sha256).hexdigest():
...     result = pickle.loads(msg)  # signed, ergo trusted

My use case is something like session data (for lightweight form
wizard), but with a tiny dict of values that can easily fit after
serialization and signing into a <4KB cookie set by a browser view.
Given the small size of the dataset, I want to avoid using sessions
for unnecessary deployment complexity.

Are there any drawbacks to using the system keyring secret for signing
(and trusting) data like this that I should be aware of?


More information about the Product-Developers mailing list