This Python package contains a free and open source implementation of HSS/LMS Hash-based Digital Signatures as defined in RFC 8554.
Generate a HSS/LMS private key:
priv_key = pyhsslms.HssLmsPrivateKey.genkey('mykey', levels=2)
The private key is stored in mykey.prv, and the public key is stored in mykey.pub. Of course, the mykey.prv must be protected from disclosure, and it gets updated every time a signature is created. Restoring mykey.prv from backup can cause a node in the tree to be used more that once, forfeiting all security.
Sign a file with a HSS/LMS private key:
priv_key.signFile('myfile.txt')
The private key was generated above is used to sign the content of myfile.txt, and the signature is stored in myfile.txt.sig.
Sign a buffer with a HSS/LMS private key:
sigbuf = prv_key.sign(buffer)
The private key was generated above is used to sign the content of buffer, and the signature is returned in sigbuf.
Verify a signature on a file with a HSS/LMS public key:
pub_key = pyhsslms.HssLmsPublicKey('mykey') if pub_key.verifyFile('myfile.txt'): print('Signature is valid') else: print('Signature is NOT valid!')
Verify a signature on a buffer with a HSS/LMS public key:
pub_key = pyhsslms.HssLmsPublicKey('mykey') validity = pub_key.verify(buffer, sigbuf) if validity: print('Signature is valid') else: print('Signature is NOT valid!')
The pyhsslms package is distributed under terms and conditions of license.
Source code is freely available as a GitHub repo.
You could pip install pyhsslms
or download it from PyPI.
Copyright (c) 2020-2023, Vigil Security, LLC All rights reserved.