{"id":22757524,"url":"https://github.com/gitanat/securepickle","last_synced_at":"2025-06-26T12:31:34.512Z","repository":{"id":57465201,"uuid":"251642694","full_name":"gitanat/securepickle","owner":"gitanat","description":"Secure pickling. Arbitrary code execution be gone","archived":false,"fork":false,"pushed_at":"2020-03-31T15:40:35.000Z","size":4,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-06T10:38:19.384Z","etag":null,"topics":["authentication","encryption","pickle","pickled-data","python","security","unpickle"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gitanat.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-31T15:16:11.000Z","updated_at":"2023-07-15T02:56:09.000Z","dependencies_parsed_at":"2022-09-17T18:00:46.629Z","dependency_job_id":null,"html_url":"https://github.com/gitanat/securepickle","commit_stats":null,"previous_names":["gitanat/securepickle"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/gitanat/securepickle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitanat%2Fsecurepickle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitanat%2Fsecurepickle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitanat%2Fsecurepickle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitanat%2Fsecurepickle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gitanat","download_url":"https://codeload.github.com/gitanat/securepickle/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gitanat%2Fsecurepickle/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262067803,"owners_count":23253673,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","encryption","pickle","pickled-data","python","security","unpickle"],"created_at":"2024-12-11T07:18:44.447Z","updated_at":"2025-06-26T12:31:34.455Z","avatar_url":"https://github.com/gitanat.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# securepickle\n\n## Why should I use `securepickle` instead of `pickle?`\n\nAs the documentation for `pickle` [explains](https://docs.python.org/3/library/pickle.html), **pickle is insecure**. If you store pickled data in a database or filesystem that could be compromised or accessed by someone with malicious intentions, you should use `securepickle`. \n\nIf you're not sure if you need it, it might be better to be safe than sorry.`securepickle` is a drop-in replacement for `pickle`, so you don't need to change any of your loading code.\n\n## Why should I use `securepickle` instead of another secure pickling solution?\n`securepickle` has 0 dependencies. It only uses the python standard library, and supports python 2 and 3.\n`securepickle` has a documented file format and promises to be backward compatible. You will be able to unpickle your data even if the `securepickle` library or the used cryptographic primitives change.\n\n## How do I use it?\n```\nimport securepickle as pickle\n# DON'T USE THIS KEY! Make sure to generate your own key randomly\nsecurepickle.set_key(\"BO4cHKNaJE0GmiShTQ8mL8oSvqBDCx2q5Xdq7iNeCaU\")\n\n...\n\npickle.loads(...)\npickle.load(...)\npickle.dump(...)\npickle.dumps(...)\n```\n\n## Where should I store my key\nMake sure you don't store the key in the same location of the pickled data. It's also recommended to not store the key on the source code.\n\n## What kind of attacks does `securepickle` prevent\n\n`securepickle` prevents [arbitrary code execution](https://en.wikipedia.org/wiki/Arbitrary_code_execution) from attackers that can modify (or directly influence) the pickled data.\nThis can happen, for example, if your database is compromised, or you store pickled files in a filesystem without regard to file access permissions.\n\n`securepickle` does **NOT** prevent random people from unpickling the pickled data, even without the key. If this is a scenario you're concerned about, you should use standard database or disk encryption mechanisms. \n\n## What's the file format\n```securepickle|\u003cversion\u003e|\u003ccrypto primitive\u003e|\u003csignature\u003e|\u003cpickled data\u003e```\nList of crypto primitive strings supported:\n\n  - `HMAC(SHA512)`\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgitanat%2Fsecurepickle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgitanat%2Fsecurepickle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgitanat%2Fsecurepickle/lists"}