25 lines
734 B
Python
25 lines
734 B
Python
"""Simple HMAC-based signer for PlanDelta and AuditLog proofs."""
|
|
import os
|
|
import hmac
|
|
import hashlib
|
|
from typing import Optional
|
|
|
|
|
|
def _key() -> bytes:
|
|
# Use environment-provided key for reproducibility in tests; fall back to a default (not secure!) key.
|
|
key = os.environ.get("MARKETCOMPILER_SIGNING_KEY", "default-secret-key").encode("utf-8")
|
|
return key
|
|
|
|
|
|
class Signer:
|
|
@staticmethod
|
|
def sign(message: str) -> str:
|
|
key = _key()
|
|
digest = hmac.new(key, message.encode("utf-8"), hashlib.sha256).hexdigest()
|
|
return digest
|
|
|
|
@staticmethod
|
|
def verify(message: str, signature: str) -> bool:
|
|
expected = Signer.sign(message)
|
|
return hmac.compare_digest(expected, signature)
|