{"id":24527,"library":"rh-model-signing","title":"rh-model-signing","description":"A tool for signing and verifying machine learning models, currently a Red Hat Tech Preview. Version 1.0.1 supports Python >=3.10 and provides CLI and Python APIs for cryptographic signing of ML assets to ensure supply chain integrity.","status":"active","version":"1.0.1","language":"python","source_language":"en","source_url":"https://github.com/securesign/model-transparency","tags":["model-signing","ML","supply-chain","Red-Hat","tech-preview"],"install":[{"cmd":"pip install rh-model-signing","lang":"bash","label":"PyPI"}],"dependencies":[],"imports":[{"note":"Top-level import changed after initial release; submodule imports may break.","wrong":"from rh_model_signing.sign import Signer","symbol":"Signer","correct":"from rh_model_signing import Signer"},{"note":"Same as Signer: use top-level import.","wrong":"from rh_model_signing.verify import Verifier","symbol":"Verifier","correct":"from rh_model_signing import Verifier"},{"note":"KeyPair is exported at the package level.","wrong":"import rh_model_signing.keypair as kp","symbol":"KeyPair","correct":"from rh_model_signing import KeyPair"}],"quickstart":{"code":"from rh_model_signing import Signer, Verifier, KeyPair\nimport os\n\n# Generate a key pair\nkey_pair = KeyPair.generate()\n\n# Sign a model file (e.g., model.onnx)\nsigner = Signer(key_pair.private_key)\nsigned_model_path = signer.sign(\"model.onnx\", output_path=\"model.signed.onnx\")\nprint(f\"Signed model saved to {signed_model_path}\")\n\n# Verify the signed model\nverifier = Verifier(key_pair.public_key)\nresult = verifier.verify(\"model.signed.onnx\")\nprint(f\"Verification result: {result}\")\n","lang":"python","description":"Generate a key pair, sign an ML model file, and verify the signature."},"warnings":[{"fix":"Use `from rh_model_signing import Signer, Verifier, KeyPair` instead.","message":"In version 1.0.0, the public API was restructured. The old submodule imports (e.g., `rh_model_signing.sign`) are no longer valid.","severity":"breaking","affected_versions":"<1.0.0"},{"fix":"Call `key_pair.private_key.to_pem()` and save to a file. Load with `KeyPair.from_pem(...)`.","message":"The key pairs generated are not persisted automatically; you must save them manually. Loss of the private key means signed models cannot be re-verified.","severity":"gotcha","affected_versions":"all"},{"fix":"Migrate to the top-level API. If you used `from rh_model_signing.utils import ...`, switch to equivalent functions from `Signer` or `Verifier`.","message":"The `rh_model_signing.utils` module is deprecated in 1.0.1 and will be removed in a future release.","severity":"deprecated","affected_versions":"1.0.1+"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Run `pip install rh-model-signing` and verify with `pip show rh-model-signing`.","cause":"Package not installed or installation failed.","error":"ModuleNotFoundError: No module named 'rh_model_signing'"},{"fix":"Use `from rh_model_signing import Signer` directly.","cause":"Using the old submodule import path that was broken in 1.0.0.","error":"ImportError: cannot import name 'Signer' from 'rh_model_signing.sign' (unknown location)"},{"fix":"Call `signer.sign('model.onnx', output_path='signed.onnx')`.","cause":"The `sign` method requires the path as first positional argument; accidental keyword usage without path.","error":"TypeError: sign() missing 1 required positional argument: 'model_path'"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}