1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
This is a simple demonstration of adding an import hook that verifies
a digital signature on a Python code object before allowing it to be
imported. There are three files:
* sign.py, which signs all the *.pyc files in the directories
listed on the command line. The contents of the .pyc file is stored
along with the signature in a file whose name ends with .pys .
* secimp.py, which implements a secimport() function which
will use *.pys files.
* testkey.py is the key used to sign and verify *.pys files.
To try it out:
1. Run "sign.py ." to compile and sign all the *.py files in
the current directory.
2. Run secimp.py from the command-line; it will try to
securely import testkey.pys, which should succeed.
3. Fire up your favorite editor, and change a single byte in a
string somewhere in testkey.pys. Run secimp.py again; it should raise
an exception when the signature can't be verified.
|
