Google Git
Sign in
android / platform / external / python / pyhsslms / 95c5209ba4f7da737740bf1333ef33584576ec4e
commit95c5209ba4f7da737740bf1333ef33584576ec4e[log] [tgz]
authorRuss Housley <[email protected]>Wed Sep 13 09:29:17 2023 -0400
committerGitHub <[email protected]>Wed Sep 13 09:29:17 2023 -0400
treea4410c7197e4e7df7d3765ec23551aca72710069
parent23f15e8a12b228ac487c66f82870a5f3d35b0081 [diff]
parent9b388b5c93b7a39efa289b5894ea97db62373e5c [diff]
Merge pull request #9 from joshuayuen99/fix_lmots_public_key_deserialization

Correctly calculate the LMOTS public key buffer length during deserialization
tree: a4410c7197e4e7df7d3765ec23551aca72710069
  1. pyhsslms/
  2. tests/
  3. CHANGES.txt
  4. LICENSE.txt
  5. pyproject.toml
  6. README.md
  7. requirements.txt
  8. setup.cfg
  9. setup.py
README.md

pyhsslms

HSS/LMS Digital Signature library for Python

PyPI

Python Versions

GitHub license

This Python package contains a free and open source implementation of HSS/LMS Hash-based Digital Signatures as defined in RFC 8554.

Features

  • Generate HSS/LMS private keys and then sign with them
  • Validate signatures with HSS/LMS public keys
  • 100% Python, works with Python 2.7 and 3.5+

How to use pyhsslms

Generate a HSS/LMS private key:

priv_key = pyhsslms.HssLmsPrivateKey.genkey('mykey', levels=2)

The private key is stored in mykey.prv, and the public key is stored in mykey.pub. Of course, the mykey.prv must be protected from disclosure, and it gets updated every time a signature is created. Restoring mykey.prv from backup can cause a node in the tree to be used more that once, forfeiting all security.

Sign a file with a HSS/LMS private key:

priv_key.signFile('myfile.txt')

The private key was generated above is used to sign the content of myfile.txt, and the signature is stored in myfile.txt.sig.

Sign a buffer with a HSS/LMS private key:

sigbuf = prv_key.sign(buffer)

The private key was generated above is used to sign the content of buffer, and the signature is returned in sigbuf.

Verify a signature on a file with a HSS/LMS public key:

pub_key = pyhsslms.HssLmsPublicKey('mykey')
if pub_key.verifyFile('myfile.txt'):
    print('Signature is valid')
else:
    print('Signature is NOT valid!')

Verify a signature on a buffer with a HSS/LMS public key:

pub_key = pyhsslms.HssLmsPublicKey('mykey')
validity = pub_key.verify(buffer, sigbuf)
if validity:
    print('Signature is valid')
else:
    print('Signature is NOT valid!')

How to get pyhsslms

The pyhsslms package is distributed under terms and conditions of license.

Source code is freely available as a GitHub repo.

You could pip install pyhsslms or download it from PyPI.

Copyright (c) 2020, Vigil Security, LLC All rights reserved.