Google Git
Sign in
android / platform / external / python / pyhsslms / 4c574cc3277de96612e629723f01954bf2c91537
commit4c574cc3277de96612e629723f01954bf2c91537[log] [tgz]
authorJesse Pai <[email protected]>Tue Jul 30 14:27:51 2024 -0700
committerJesse Pai <[email protected]>Tue Jul 30 14:28:40 2024 -0700
tree6a8f00d8a91886a2cf3109beed36ebe000dcc8b9
parentc798728deed6d3f681c9e6bfd7fe8a6705f5638b [diff]
Third-Party Import of: https://github.com/russhousley/pyhsslms
Request Document: go/android3p
For CL Reviewers: go/android3p#reviewing-a-cl
For Build Team: go/ab-third-party-imports
Bug: http://b/332773405
Original import of the code can be found at: https://googleplex-android.googlesource.com/platform/external/python/pyhsslms/+/refs/heads/third-party-review.
Security Questionnaire: http://b/332773405#comment1

Test: None
Change-Id: I954fe908f2dca470fa14a4f1377fbfd5b69dc98c
4 files changed
tree: 6a8f00d8a91886a2cf3109beed36ebe000dcc8b9
  1. pyhsslms/
  2. tests/
  3. LICENSELICENSE.txt
  4. CHANGES.txt
  5. LICENSE.txt
  6. METADATA
  7. MODULE_LICENSE_BSD
  8. OWNERS
  9. pyproject.toml
  10. README.md
  11. requirements.txt
  12. setup.cfg
  13. setup.py
README.md

pyhsslms

HSS/LMS Digital Signature library for Python

PyPI

Python Versions

GitHub license

This Python package contains a free and open source implementation of HSS/LMS Hash-based Digital Signatures as defined in RFC 8554.

Features

  • Generate HSS/LMS private keys and then sign with them
  • Validate signatures with HSS/LMS public keys
  • 100% Python, works with Python 2.7 and 3.5+

How to use pyhsslms

Generate a HSS/LMS private key:

priv_key = pyhsslms.HssLmsPrivateKey.genkey('mykey', levels=2)

The private key is stored in mykey.prv, and the public key is stored in mykey.pub. Of course, the mykey.prv must be protected from disclosure, and it gets updated every time a signature is created. Restoring mykey.prv from backup can cause a node in the tree to be used more that once, forfeiting all security.

Sign a file with a HSS/LMS private key:

priv_key.signFile('myfile.txt')

The private key was generated above is used to sign the content of myfile.txt, and the signature is stored in myfile.txt.sig.

Sign a buffer with a HSS/LMS private key:

sigbuf = prv_key.sign(buffer)

The private key was generated above is used to sign the content of buffer, and the signature is returned in sigbuf.

Verify a signature on a file with a HSS/LMS public key:

pub_key = pyhsslms.HssLmsPublicKey('mykey')
if pub_key.verifyFile('myfile.txt'):
    print('Signature is valid')
else:
    print('Signature is NOT valid!')

Verify a signature on a buffer with a HSS/LMS public key:

pub_key = pyhsslms.HssLmsPublicKey('mykey')
validity = pub_key.verify(buffer, sigbuf)
if validity:
    print('Signature is valid')
else:
    print('Signature is NOT valid!')

How to get pyhsslms

The pyhsslms package is distributed under terms and conditions of license.

Source code is freely available as a GitHub repo.

You could pip install pyhsslms or download it from PyPI.

Copyright (c) 2020-2023, Vigil Security, LLC All rights reserved.