rh-model-signing

1.0.1 verified Fri May 01 auth: no python

A tool for signing and verifying machine learning models, currently a Red Hat Tech Preview. Version 1.0.1 supports Python >=3.10 and provides CLI and Python APIs for cryptographic signing of ML assets to ensure supply chain integrity.

pip install rh-model-signing

Common errors

error ModuleNotFoundError: No module named 'rh_model_signing' ↓

cause Package not installed or installation failed.

fix

Run pip install rh-model-signing and verify with pip show rh-model-signing.

error ImportError: cannot import name 'Signer' from 'rh_model_signing.sign' (unknown location) ↓

cause Using the old submodule import path that was broken in 1.0.0.

fix

Use from rh_model_signing import Signer directly.

error TypeError: sign() missing 1 required positional argument: 'model_path' ↓

cause The `sign` method requires the path as first positional argument; accidental keyword usage without path.

fix

Call signer.sign('model.onnx', output_path='signed.onnx').

Warnings

breaking In version 1.0.0, the public API was restructured. The old submodule imports (e.g., `rh_model_signing.sign`) are no longer valid. ↓

fix Use `from rh_model_signing import Signer, Verifier, KeyPair` instead.

gotcha The key pairs generated are not persisted automatically; you must save them manually. Loss of the private key means signed models cannot be re-verified. ↓

fix Call `key_pair.private_key.to_pem()` and save to a file. Load with `KeyPair.from_pem(...)`.

deprecated The `rh_model_signing.utils` module is deprecated in 1.0.1 and will be removed in a future release. ↓

fix Migrate to the top-level API. If you used `from rh_model_signing.utils import ...`, switch to equivalent functions from `Signer` or `Verifier`.

Imports

Signer
wrong
```
from rh_model_signing.sign import Signer
```
correct
```
from rh_model_signing import Signer
```
Top-level import changed after initial release; submodule imports may break.

Verifier

wrong

from rh_model_signing.verify import Verifier

correct

from rh_model_signing import Verifier

Same as Signer: use top-level import.

KeyPair

wrong

import rh_model_signing.keypair as kp

correct

from rh_model_signing import KeyPair

KeyPair is exported at the package level.

Quickstart

Generate a key pair, sign an ML model file, and verify the signature.

from rh_model_signing import Signer, Verifier, KeyPair
import os

# Generate a key pair
key_pair = KeyPair.generate()

# Sign a model file (e.g., model.onnx)
signer = Signer(key_pair.private_key)
signed_model_path = signer.sign("model.onnx", output_path="model.signed.onnx")
print(f"Signed model saved to {signed_model_path}")

# Verify the signed model
verifier = Verifier(key_pair.public_key)
result = verifier.verify("model.signed.onnx")
print(f"Verification result: {result}")