signedshot 0.1.4__cp312-cp312-win_amd64.whl → 0.1.5__cp312-cp312-win_amd64.whl

signedshot-0.1.5.dist-info/METADATA

@@ -0,0 +1,133 @@
+Metadata-Version: 2.4
+Name: signedshot
+Version: 0.1.5
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.8
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Rust
+Classifier: Topic :: Security :: Cryptography
+License-File: LICENSE
+Summary: Validator for SignedShot media authenticity proofs
+Keywords: signedshot,media,authenticity,validation,cryptography
+License: MIT
+Requires-Python: >=3.8
+Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
+Project-URL: Homepage, https://signedshot.io
+Project-URL: Repository, https://github.com/SignedShot/signedshot-validator
+
+# SignedShot
+
+Verify SignedShot media authenticity proofs in Python.
+
+[![PyPI](https://img.shields.io/pypi/v/signedshot)](https://pypi.org/project/signedshot/)
+
+## Installation
+
+```bash
+pip install signedshot
+```
+
+## Quick Start
+
+```python
+import signedshot
+
+# Validate from files
+result = signedshot.validate_files("photo.sidecar.json", "photo.jpg")
+
+print(result.valid)   # True if all checks pass
+print(result.error)   # Error message if validation failed
+```
+
+## Usage
+
+### Validate from Files
+
+```python
+result = signedshot.validate_files("photo.sidecar.json", "photo.jpg")
+```
+
+### Validate from Bytes
+
+```python
+with open("photo.sidecar.json") as f:
+    sidecar_json = f.read()
+with open("photo.jpg", "rb") as f:
+    media_bytes = f.read()
+
+result = signedshot.validate(sidecar_json, media_bytes)
+```
+
+### Validate with Pre-loaded JWKS
+
+Avoid HTTP calls by providing JWKS directly:
+
+```python
+import requests
+
+jwks = requests.get("https://api.signedshot.io/.well-known/jwks.json").text
+result = signedshot.validate_with_jwks(sidecar_json, media_bytes, jwks)
+```
+
+## Validation Result
+
+```python
+result = signedshot.validate_files("photo.sidecar.json", "photo.jpg")
+
+# Overall result
+result.valid      # True/False
+result.version    # Sidecar format version
+result.error      # Error message (if any)
+
+# Capture trust (JWT verification)
+trust = result.capture_trust
+trust["signature_valid"]   # JWT signature verified
+trust["issuer"]            # API that issued the token
+trust["publisher_id"]      # Publisher ID
+trust["device_id"]         # Device ID
+trust["capture_id"]        # Capture session ID
+trust["method"]            # "sandbox", "app_check", or "app_attest"
+trust["app_id"]            # App bundle ID (if attested)
+trust["issued_at"]         # Unix timestamp
+
+# Media integrity (content verification)
+integrity = result.media_integrity
+integrity["content_hash_valid"]   # SHA-256 hash matches
+integrity["signature_valid"]      # ECDSA signature verified
+integrity["capture_id_match"]     # Capture IDs match
+integrity["content_hash"]         # SHA-256 of media
+integrity["captured_at"]          # ISO8601 timestamp
+
+# Export
+result.to_dict()   # Convert to dictionary
+result.to_json()   # Convert to JSON string
+```
+
+## What It Validates
+
+1. **Capture Trust (JWT)**
+   - Fetches JWKS from issuer
+   - Verifies ES256 signature
+   - Extracts attestation claims
+
+2. **Media Integrity**
+   - Computes SHA-256 of media
+   - Verifies ECDSA signature
+   - Confirms capture_id matches
+
+## Links
+
+- [Documentation](https://signedshot.io/docs)
+- [GitHub](https://github.com/SignedShot/signedshot-validator)
+- [Website](https://signedshot.io)
+
+## License
+
+MIT
+

signedshot-0.1.5.dist-info/RECORD

@@ -0,0 +1,7 @@
+signedshot\__init__.py,sha256=ww6iw6i1gj2f3bQRml7ic45xkfgo-DHCnWCXbiDU0II,269
+signedshot\__init__.pyi,sha256=X4_tPFq7p75rvVXGvlWE7rah2TzX3fdMWPZuGJy9_kY,3988
+signedshot\signedshot.cp312-win_amd64.pyd,sha256=TB2leWrEFmJQ6fSNIqCNRVbcnvl3UQu-cqgBIBe9a_E,4018176
+signedshot-0.1.5.dist-info\METADATA,sha256=gHL5iNX0pMcwRLz2Z3MGYIlWeL4YX0Pm5Bo5ZWMNUZw,3730
+signedshot-0.1.5.dist-info\WHEEL,sha256=xGRyMfC2nQGcuDMHm_QfSkv2HVaAAAo1DvjuUmalQqw,97
+signedshot-0.1.5.dist-info\licenses\LICENSE,sha256=qf58wn5uBsNIROEw25KXIoi6nVHFwAppSVKVds1hXEo,1088
+signedshot-0.1.5.dist-info\RECORD,,

signedshot-0.1.5.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 SignedShot
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

signedshot-0.1.4.dist-info/METADATA

@@ -1,63 +0,0 @@
-Metadata-Version: 2.4
-Name: signedshot
-Version: 0.1.4
-Classifier: Development Status :: 4 - Beta
-Classifier: Intended Audience :: Developers
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.8
-Classifier: Programming Language :: Python :: 3.9
-Classifier: Programming Language :: Python :: 3.10
-Classifier: Programming Language :: Python :: 3.11
-Classifier: Programming Language :: Python :: 3.12
-Classifier: Programming Language :: Rust
-Classifier: Topic :: Security :: Cryptography
-Summary: Validator for SignedShot media authenticity proofs
-Keywords: signedshot,media,authenticity,validation,cryptography
-License: MIT
-Requires-Python: >=3.8
-Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
-Project-URL: Homepage, https://signedshot.io
-Project-URL: Repository, https://github.com/SignedShot/signedshot-validator
-
-# SignedShot Validator
-
-Validator for SignedShot media authenticity proofs.
-
-## Overview
-
-SignedShot is a media authenticity verification system. This validator checks cryptographic proofs (sidecars) that verify media was captured on a legitimate device.
-
-## Installation
-
-```bash
-cargo install signedshot-validator
-```
-
-## Usage
-
-```bash
-signedshot validate photo.sidecar.json
-```
-
-## Development
-
-Run these checks locally before pushing (same as CI):
-
-```bash
-cargo fmt --check   # Check formatting
-cargo clippy -- -D warnings   # Lint
-cargo test   # Run tests
-cargo build --release   # Build
-```
-
-To fix formatting automatically:
-
-```bash
-cargo fmt
-```
-
-## License
-
-MIT
-

signedshot-0.1.4.dist-info/RECORD

@@ -1,6 +0,0 @@
-signedshot\__init__.py,sha256=ww6iw6i1gj2f3bQRml7ic45xkfgo-DHCnWCXbiDU0II,269
-signedshot\__init__.pyi,sha256=X4_tPFq7p75rvVXGvlWE7rah2TzX3fdMWPZuGJy9_kY,3988
-signedshot\signedshot.cp312-win_amd64.pyd,sha256=82SP6v_G3yksMAaUAzjD-E6maS3wtsWL3De-mxlb9qQ,4018176
-signedshot-0.1.4.dist-info\METADATA,sha256=EhuRDUAwFXK-QgEqTVPckI87AWlk1a6bsbcNBM1XpGA,1644
-signedshot-0.1.4.dist-info\WHEEL,sha256=xGRyMfC2nQGcuDMHm_QfSkv2HVaAAAo1DvjuUmalQqw,97
-signedshot-0.1.4.dist-info\RECORD,,