{"id":22366,"library":"signedjson","title":"signedjson","description":"Library for signing JSON objects with Ed25519 signatures and verifying them. Version 1.1.4, stable but developed sporadically.","status":"active","version":"1.1.4","language":"python","source_language":"en","source_url":"https://github.com/matrix-org/signedjson","tags":["signing","JSON","Ed25519","authentication"],"install":[{"cmd":"pip install signedjson","lang":"bash","label":"Default install"}],"dependencies":[{"reason":"Ed25519 signing uses libsodium via PyNaCl","package":"PyNaCl","optional":false},{"reason":"Ensures canonical JSON encoding for consistent signatures","package":"canonicaljson","optional":false}],"imports":[{"note":"sign_json is not exposed at package level; import from submodule","wrong":"from signedjson import sign_json","symbol":"sign_json","correct":"from signedjson.sign import sign_json"},{"note":"Same as above: must import from submodule","wrong":"from signedjson import verify_signed_json","symbol":"verify_signed_json","correct":"from signedjson.sign import verify_signed_json"},{"note":"Canonical encoding is in its own submodule","wrong":"from signedjson import encode_canonical_json","symbol":"encode_canonical_json","correct":"from signedjson.canonical import encode_canonical_json"},{"note":"Key constants are in the key submodule","wrong":"from signedjson import KEY_LEN","symbol":"KEY_LEN","correct":"from signedjson.key import KEY_LEN"}],"quickstart":{"code":"import os\nfrom signedjson.key import generate_signing_key, write_signing_keys\nfrom signedjson.sign import sign_json, verify_signed_json\n\n# Generate a key pair (Ed25519)\nkey = generate_signing_key('mykey')\n\n# Sign a JSON object\njson_obj = {\"hello\": \"world\"}\nsigned = sign_json(json_obj, key)\nprint(\"Signed:\", signed)\n\n# Verify with the same key\nverified = verify_signed_json(signed, key.alg, key.version)\nassert verified == json_obj\n\n# Write keys to a file (optional)\nwrite_signing_keys([key], 'keys.txt')\n# Read back: read_signing_keys opens the file","lang":"python","description":"Basic signing and verification with Ed25519."},"warnings":[{"fix":"Use generate_signing_key() to create Ed25519 keys.","message":"Signing keys are Ed25519, not RSA or ECDSA. Do not attempt to use other key types.","severity":"gotcha","affected_versions":"all"},{"fix":"Call verify_signed_json(signed_json, key.alg, key.version) where key is a SigningKey or VerifyKey.","message":"verify_signed_json() expects the key's algorithm (e.g., 'ed25519') and version, not the full key object. Passing the key object directly will fail.","severity":"gotcha","affected_versions":"all"},{"fix":"Always pass a Python dict (or JSON-serializable object) to sign_json; it will canonicalize automatically.","message":"The library encodes JSON in a canonical form (sorted keys, no whitespace). Signatures are over the canonical bytes, not the original object.","severity":"gotcha","affected_versions":"all"},{"fix":"Upgrade to Python 3. Use json.loads() if you need the decoded JSON.","message":"Version 1.0 dropped Python 2 support and removed deprecated decode_canonical_json.","severity":"breaking","affected_versions":">=1.0"}],"env_vars":null,"last_verified":"2026-04-27T00:00:00.000Z","next_check":"2026-07-26T00:00:00.000Z","problems":[{"fix":"Use: from signedjson.sign import sign_json","cause":"Importing from top-level package instead of submodule.","error":"AttributeError: module 'signedjson' has no attribute 'sign_json'"},{"fix":"Call: verify_signed_json(signed_json, key.alg, key.version)","cause":"Passing only the signed JSON and key object; missing key.alg and key.version.","error":"TypeError: verify_signed_json() missing 2 required positional arguments: 'algorithm' and 'key_version'"},{"fix":"Only Ed25519 keys are supported. Use generate_signing_key() to create a valid key.","cause":"Attempting to sign with an RSA key or incorrect algorithm string.","error":"signedjson.key.InvalidSigningKeyError: Algorithm not supported: rsa"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}