[Product-Developers] Signing pickle data in Plone, seeking input

Richard Mitchell richard.j.mitchell at gmail.com
Thu Dec 27 23:12:23 UTC 2012


If all you want is a simple dictionary, I would recommend using the marshal
module rather than pickle. Marshal only allows basic Python types, rather
than arbitrary data and is generally considered to be safer.


On 4 December 2012 03:59, Mikko Ohtamaa <mikko+plone at redinnovation.com>wrote:

>
>
> On Tue, Dec 4, 2012 at 1:26 AM, Sean Upton <sdupton at gmail.com> wrote:
>
>> For one of my add-ons, I need to sign trusted pickle data, and want:
>>
>
> In a related news, I had similar use case for encrypted in Archetypes
> field:
>
> https://github.com/miohtama/archetypes.encryptedfield
>
>
>>
>> (1) to use HMAC-SHA256 to sign a message.
>>
>> (2) want an easy -- as in "I do not want to think about managing my
>> own secret" easy -- way to use a per-site secret key.
>>
>> Is using the system secret from plone.keyring suitable here?  Something
>> like:
>>
>> ## assume from this example that the local component site is set via
>> ## zope.component.hooks.setSite to a Plone site:
>>
>> # sign a pickle:
>>
>> >>> import hashlib
>> >>> import hmac
>> >>> import base64
>> >>> import pickle
>> >>> from plone.keyring.interfaces import IKeyManager
>> >>> from zope.component import queryUtility
>> >>> from zope.component.hooks import setSite
>> >>> rawdata = {'this:'Arbitrary data woohoo!'}
>> >>> data = pickle.dumps(rawdata)
>> >>> secret = queryUtility(IKeyManager).secret()
>> >>> signature = hmac.new(secret, data,
>> digestmod=hashlib.sha256).hexdigest()
>> >>> payload = base64.b64encode(signature + data)
>>
>>
>> # read a pickle, assume identifier 'payload' has been read as a base64
>> encoded
>> # string containing signature plus pickle data stream:
>>
>>
>> >>> input = base64.b64decode(payload)
>> >>> signature, msg = input[:64], input[64:]
>> >>> result = None
>> >>> if signature == hmac.new(secret, msg,
>> digestmod=hashlib.sha256).hexdigest():
>> ...     result = pickle.loads(msg)  # signed, ergo trusted
>> ...
>> >>>
>>
>> My use case is something like session data (for lightweight form
>> wizard), but with a tiny dict of values that can easily fit after
>> serialization and signing into a <4KB cookie set by a browser view.
>> Given the small size of the dataset, I want to avoid using sessions
>> for unnecessary deployment complexity.
>>
>> Are there any drawbacks to using the system keyring secret for signing
>> (and trusting) data like this that I should be aware of?
>>
>> Sean
>> _______________________________________________
>> Product-Developers mailing list
>> Product-Developers at lists.plone.org
>> https://lists.plone.org/mailman/listinfo/plone-product-developers
>>
>> --
>> Mikko Ohtamaa
>> <https://lists.plone.org/mailman/listinfo/plone-product-developers>
>> http://opensourcehacker.com
>> http://twitter.com/moo9000
>>
>>
>>
>>
> _______________________________________________
> Product-Developers mailing list
> Product-Developers at lists.plone.org
> https://lists.plone.org/mailman/listinfo/plone-product-developers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plone.org/pipermail/plone-product-developers/attachments/20121227/77c8e521/attachment.html>


More information about the Product-Developers mailing list