From 4613083df4efed348417de2913e0cc19ea9e8369 Mon Sep 17 00:00:00 2001 From: fulder Date: Tue, 25 Aug 2020 10:41:13 +0200 Subject: [PATCH] Update README with newest algorithm --- README.rst | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/README.rst b/README.rst index bcc9c96..13d72d9 100644 --- a/README.rst +++ b/README.rst @@ -49,7 +49,7 @@ For simple raw signing: secret = open('rsa_private.pem', 'rb').read() - sig_maker = httpsig.Signer(secret=secret, algorithm='rsa-sha256') + sig_maker = httpsig.Signer(secret=secret, algorithm='hs2019', sign_algorithm=httpsig.PSS()) sig_maker.sign('hello world!') For general use with web frameworks: @@ -59,9 +59,9 @@ For general use with web frameworks: import httpsig key_id = "Some Key ID" - secret = b'some big secret' + secret = open('rsa_private.pem', 'rb').read() - hs = httpsig.HeaderSigner(key_id, secret, algorithm="hmac-sha256", headers=['(request-target)', 'host', 'date']) + hs = httpsig.HeaderSigner(key_id, secret, algorithm="hs2019", sign_algorithm=httpsig.PSS(), headers=['(request-target)', 'host', 'date']) signed_headers_dict = hs.sign({"Date": "Tue, 01 Jan 2014 01:01:01 GMT", "Host": "example.com"}, method="GET", path="/api/1/object/1") For use with requests: @@ -74,9 +74,9 @@ For use with requests: secret = open('rsa_private.pem', 'rb').read() - auth = HTTPSignatureAuth(key_id='Test', secret=secret) + auth = HTTPSignatureAuth(key_id='Test', secret=secret, sign_algorithm=httpsig.PSS()) z = requests.get('https://api.example.com/path/to/endpoint', - auth=auth, headers={'X-Api-Version': '~6.5'}) + auth=auth, headers={'X-Api-Version': '~6.5', 'Date': 'Tue, 01 Jan 2014 01:01:01 GMT') Class initialization parameters ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -85,20 +85,22 @@ Note that keys and secrets should be bytes objects. At attempt will be made to .. code:: python - httpsig.Signer(secret, algorithm='rsa-sha256') + httpsig.Signer(secret, algorithm='hs2019', sign_algorithm=httpsig.PSS()) ``secret``, in the case of an RSA signature, is a string containing private RSA pem. In the case of HMAC, it is a secret password. -``algorithm`` is one of the six allowed signatures: ``rsa-sha1``, ``rsa-sha256``, ``rsa-sha512``, ``hmac-sha1``, ``hmac-sha256``, +``algorithm`` should be set to 'hs2019' the other six signatures are now deprecated: ``rsa-sha1``, ``rsa-sha256``, ``rsa-sha512``, ``hmac-sha1``, ``hmac-sha256``, ``hmac-sha512``. +``sign_algorithm`` The digital signature algorithm derived from ``keyId``. Currently supported algorithms: ``httpsig.PSS`` .. code:: python - httpsig.requests_auth.HTTPSignatureAuth(key_id, secret, algorithm='rsa-sha256', headers=None) + httpsig.requests_auth.HTTPSignatureAuth(key_id, secret, algorithm='hs2019', sign_algorithm=httpsig.PSS(), headers=None) -``key_id`` is the label by which the server system knows your RSA signature or password. +``key_id`` is the label by which the server system knows your secret. ``headers`` is the list of HTTP headers that are concatenated and used as signing objects. By default it is the specification's minimum, the ``Date`` HTTP header. ``secret`` and ``algorithm`` are as above. +``sign_algorithm`` The digital signature algorithm derived from ``keyId``. Currently supported algorithms: ``httpsig.PSS`` Tests -----