signedjson

1.1.4 verified Mon Apr 27 auth: no python

Library for signing JSON objects with Ed25519 signatures and verifying them. Version 1.1.4, stable but developed sporadically.

pip install signedjson

Common errors

error AttributeError: module 'signedjson' has no attribute 'sign_json' ↓

cause Importing from top-level package instead of submodule.

fix

Use: from signedjson.sign import sign_json

error TypeError: verify_signed_json() missing 2 required positional arguments: 'algorithm' and 'key_version' ↓

cause Passing only the signed JSON and key object; missing key.alg and key.version.

fix

Call: verify_signed_json(signed_json, key.alg, key.version)

error signedjson.key.InvalidSigningKeyError: Algorithm not supported: rsa ↓

cause Attempting to sign with an RSA key or incorrect algorithm string.

fix

Only Ed25519 keys are supported. Use generate_signing_key() to create a valid key.

Warnings

gotcha Signing keys are Ed25519, not RSA or ECDSA. Do not attempt to use other key types. ↓

fix Use generate_signing_key() to create Ed25519 keys.

gotcha verify_signed_json() expects the key's algorithm (e.g., 'ed25519') and version, not the full key object. Passing the key object directly will fail. ↓

fix Call verify_signed_json(signed_json, key.alg, key.version) where key is a SigningKey or VerifyKey.

gotcha The library encodes JSON in a canonical form (sorted keys, no whitespace). Signatures are over the canonical bytes, not the original object. ↓

fix Always pass a Python dict (or JSON-serializable object) to sign_json; it will canonicalize automatically.

breaking Version 1.0 dropped Python 2 support and removed deprecated decode_canonical_json. ↓

fix Upgrade to Python 3. Use json.loads() if you need the decoded JSON.

Imports

sign_json
wrong
```
from signedjson import sign_json
```
correct
```
from signedjson.sign import sign_json
```
sign_json is not exposed at package level; import from submodule

verify_signed_json

wrong

from signedjson import verify_signed_json

correct

from signedjson.sign import verify_signed_json

Same as above: must import from submodule

encode_canonical_json

wrong

from signedjson import encode_canonical_json

correct

from signedjson.canonical import encode_canonical_json

Canonical encoding is in its own submodule

KEY_LEN

wrong

from signedjson import KEY_LEN

correct

from signedjson.key import KEY_LEN

Key constants are in the key submodule

Quickstart

Basic signing and verification with Ed25519.

import os
from signedjson.key import generate_signing_key, write_signing_keys
from signedjson.sign import sign_json, verify_signed_json

# Generate a key pair (Ed25519)
key = generate_signing_key('mykey')

# Sign a JSON object
json_obj = {"hello": "world"}
signed = sign_json(json_obj, key)
print("Signed:", signed)

# Verify with the same key
verified = verify_signed_json(signed, key.alg, key.version)
assert verified == json_obj

# Write keys to a file (optional)
write_signing_keys([key], 'keys.txt')
# Read back: read_signing_keys opens the file