{"id":26870,"library":"cursive","title":"cursive","description":"cursive is an OpenStack library for validating digital signatures, primarily used in Glance and other OpenStack services to verify image signatures. Version 0.2.3 implements OpenStack-specific signature validation. It has a low release cadence, with no recent major updates.","status":"active","version":"0.2.3","language":"python","source_language":"en","source_url":"https://opendev.org/openstack/cursive","tags":["openstack","signature","validation","cryptography"],"install":[{"cmd":"pip install cursive","lang":"bash","label":"default"}],"dependencies":[{"reason":"Key management interface for signature verification.","package":"castellan","optional":true},{"reason":"Core cryptographic operations for signature validation.","package":"cryptography","optional":false}],"imports":[{"note":"Function exposed as top-level import.","wrong":"import cursive; cursive.validate_signature","symbol":"validate_signature","correct":"from cursive import validate_signature"},{"note":"Class is directly under cursive module, not submodule.","wrong":"from cursive.signature import CursiveSignatureVerifier","symbol":"CursiveSignatureVerifier","correct":"from cursive import CursiveSignatureVerifier"}],"quickstart":{"code":"from cursive import validate_signature\n\n# OpenStack image signature validation\nimage_data = b'...'  # binary image content\nsignature = b'...'   # base64 decoded signature\ncertificate = b'...' # PEM encoded certificate\n# Example using a mock key_manager (castellan required for real usage)\n# result = validate_signature(image_data, signature, certificate)\n# print(result)\nprint('Signature validation requires OpenStack key management setup.')","lang":"python","description":"Basic signature validation using cursive. Requires a key manager for production."},"warnings":[{"fix":"Install castellan: pip install castellan","message":"cursive depends on castellan for key management, which is often not installed by default. Without castellan, most validation functions will fail with an import error.","severity":"gotcha","affected_versions":"all"},{"fix":"Use CursiveSignatureVerifier class for forward compatibility.","message":"The function `validate_signature` may be deprecated in favor of `CursiveSignatureVerifier` in future releases. Check documentation for current usage.","severity":"deprecated","affected_versions":">=0.2.0"},{"fix":"Ensure the certificate argument includes the complete chain (leaf and intermediates) if needed.","message":"Signature validation requires a specific chain of trust: certificate -> intermediate CAs. Cursive does not handle certificate chain building; you must provide the full chain.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Install castellan: pip install castellan","cause":"castellan is an optional dependency but required for signature verification with key manager.","error":"ModuleNotFoundError: No module named 'castellan'"},{"fix":"Provide all three positional arguments: validate_signature(image_data, signature, certificate)","cause":"The function signature requires three arguments: data, signature, certificate.","error":"TypeError: validate_signature() missing 1 required positional argument: 'certificate'"},{"fix":"Verify that the signature was generated with the private key corresponding to the certificate, and that the data hasn't been modified.","cause":"The provided signature does not match the data or the certificate is incorrect/expired.","error":"cursive.exceptions.SignatureVerificationError: The signature is not valid"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}