Project Python SourceForge
Legal Notes
How to
Key Generation
Signing a Document
Testing a Document
Trust Relationships

TrustedPickle Module

TrustedPickle is a Python module that can save most any arbitrary Python object in a signed pickle file. There are two big differences between this module and the standard pickle module. First, TrustedPickle can pickle a module, but the standard pickle module cannot. Second, TrustedPickle includes a signature that can verify the data's origin before the data is unpickled.

TrustedPickles are ideal for creating field-extendable programs. The same would have been true of standard pickles, but there is a possibility that a malicious user could craft a pickle file to make it execute arbitrary code. Previous versions of the pickle class (Python versions 2.1.3 and earlier) certainly did have such a vulnerability. The Python maintainers have since patched the pickle module, but they continue to stress that programmers use caution with pickle files. More vulnerabilities could remain still in the code.

TrustedPickles are safer than standard pickles because the application can check the file's signature before unpickling the data it contains. If the application cannot validate the file's origin, it can either refuse to unpickle the data or warn the user and let them decide whether to proceed. Applications can even maintain a list of signatures for which the user has overridden TrustedPickle's security precautions so the user does not have reconfirm every time the file is loaded.

TrustedPickles are signed using a technology similar to public/private key encryption. However, since the keys are used to sign data instead of encrypt it, TrustedPickle code may be freely exported to any country.

A few other features of the TrustedPickle module:

  • Key pairs may be freely generated.

  • The module does not require a network connection.

  • Trust relationships are supported.