Signing a Document
Pickling a Module
Before you sign a document, you need something to sign. Almost any data
object may be pickled. See the pickle manual page
for details of what can and can not be saved in a pickle.
For the following examples, we'll use a datetime object.
||>>> import datetime|
>>> Now = datetime.datetime.now()
>>> Doc = TrustedPickle.TPickle("datetime.tpk")
As you can see above, TrustedPickles can be saved before they are signed.
TrustedPickles may have zero or more signatures. Each signature is that
programmer's vouchure that the data is valid and safe. This flexibility gives
you a convenient way to develop program add-ons:
A programmer develops an add-in module for an existing application.
While in alpha testing, s/he leaves the TrustedPickle document unsigned for
expediency. The application will warn about the dangers of using an unsigned
document throughout the alpha-testing process.
When the module is ready for beta testing, the programmer signs the
document with his/er own private key. Assuming the programmer does not yet
have a trust relationship with the application's developer, the extension's
beta testers are warned about the potential dangers of using the
We can assume these testers know the programmer, so they will okay the
document's use and choose to ignore further warnings about documents signed
by this particular programmer (i.e. the application will add the
programmer's public key to their list of trusted programmers).
When the document has passed beta testing, it can then be handed off to
another programmer, higher up the application's food chain. That programmer
can then try out the code and sign it with their private key to show that
they have confidence in the module's coding.
If this programmer is the application's coder (or is on the application's
trusted list) then any user can use the newly-signed file without receiving
For projects with many developers, the document may need to be tested
by other programmers, still higher up the food chain. These programmers can
test the signatures of other programmers lower on the food chain before
signing the document themselves. That way they can feel confident that the
document has been tested by others as well.
Now let's sign this simple datetime object with our previously
generated private key.
||>>> Doc.Sign(PubKeyFile, PrivKey)|
Pickling a Module
In addition to pickling data objects, TrustedPickle may also pickle most
modules. However, it is important to note that when TrustedPickle pickles a
module, it captures the disk image, not the memory image. In other words, when
you unpickle the module, it will be as if you just imported it. The module's
namespace is not saved in the pickling process.
||>>> ModPickle = TrustedPickle.TPickle("module.tpk")|
>>> ModGlob = ModPickle.Unpickle()
Note: TrustedPickle will only pickle a
module if the module is passed directly to the Pickle() function. It
will not pickle a tuple of modules. If you pickle a class instance that has a
module as a member, for instance, Pickle() will only save a reference
to the module's name, just like the standard pickle module does.