| Project | Python | SourceForge |
| Introduction |
| Legal Notes |
| Suitability |
| Setup |
| Download |
| Installation |
| How to |
| Key Generation |
| Signing a Document |
| Testing a Document |
| Trust Relationships |
| Documentation |
| TrustedPickle |
| ModuleObject |
| PrivateKey |
| PublicKey |
| PublicKeyFile |
| Signature |
| TPickle |
| TrustRelationship |
Is TrustedPickle a good fit for my application?
Although useful, TrustedPickle is no Swiss army knife. Read through the following list of questions to get a better idea of when and when not to use TrustedPickle.
Do you need to transfer data between applications written in different languages?
- If you answered "yes", then XML is probably a better choice for your structured data format needs. Check out PyRXP from ReportLab.
Will you need to protect your users from data files purported to be from you, but actually created by a malicious user?
- If you answered "yes", then TrustedPickle is a good choice. Without access to your private key, malicious users are unable to sign documents they create such that they appear to be from you.
Are the data files you are considering signing ever transferred between computers?
- If you answered "no", then the standard pickle module would probably be a better fit for your application. The standard pickle module is sufficient for saving an application's state between sessions and it is far simpler to use.
Do you require your data to be encrypted?
- If you answered "yes", then CryptKit from eEvolved is probably a better choice for you. TrustedPickle does binary encode and optionally compress pickle files, making them more difficult to decypher by viewing the file's ASCII content, but it does not encrypt.
Will your users be able to accept data files from a relatively small community of programmers?
- If you answered "yes", then TrustedPickle is a good choice. TrustedPickle allows you to create trust relationships. These trust relationships show that you trust a given programmer. The trusted programmer can then roll that proof into their data files so they will work with your application.
Would you like to alert your users when a file's origin is not recognized, and then give them the option of using the file anyhow?
- If you answered "yes", then TrustedPickle is a good choice. TrustedPickle returns more than just a simple pass/fail answer. You can maintain a list of public keys the user trusts, beyond those shipped with the application.
Are you looking for a way to transfer data from an application you create to applications created by other users (or vice-versa)?
- If you answered "yes", then XML would probably be a better choice. Using pickle files to transfer data between applications is not ideal since it forces both ends of the link to be written in Python.