Metadata-Version: 2.0
Name: aletheia
Version: 0.0.3
Summary: A Python implementation of Aletheia
Home-page: https://github.com/danielquinn/pyletheia
Author: Daniel Quinn
Author-email: code@danielquinn.org
License: AGPLv3
Download-URL: https://github.com/danielquinn/pyletheia
Description-Content-Type: UNKNOWN
Keywords: Command Line,verification,fake news
Platform: UNKNOWN
Classifier: Operating System :: POSIX
Classifier: Operating System :: Unix
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Internet :: WWW/HTTP
Requires-Dist: Pillow (>=5.0.0)
Requires-Dist: cryptography (>=2.1.3)
Requires-Dist: requests (>=2.18.4)
Requires-Dist: py3exiv2 (>=0.2.1)
Requires-Dist: python-magic (>=0.4.15)
Requires-Dist: mutagen (>=1.40.0)
Provides-Extra: doc
Requires-Dist: sphinx; extra == 'doc'
Requires-Dist: sphinx-rtd-theme; extra == 'doc'

pyletheia
=========

A Python implementation of `Aletheia`_.

.. _Aletheia: https://github.com/danielquinn/aletheia


Process
-------

The process is pretty simple:

1. Generate a public/private key pair
2. Sign an image with the private key
3. Publish your public key
4. Verify the image with your public key


Installation
------------

As this is a Python package, use ``pip``:

.. code:: bash

    $ pip install aletheia

Configuration
-------------

Aletheia puts all of the required key files and cached public keys into
``${ALETHEIA_HOME}`` which by default is ``${HOME}/.config/aletheia``.  You
can override this by setting it in the environment.


Command Line
------------

This package comes with a simple command-line program that does everything you
need to support the Aletheia process.


Generate your public/private key pair
.....................................

.. code:: bash

    $ aletheia generate
    Generating private/public key pair...

    All finished!

    You now have two files: aletheia.pem (your private key) and
    aletheia.pub (your public key).  Keep the former private, and share
    the latter far-and-wide.  Importantly, place your public key at a
    publicly accessible URL so that when you sign a file with your
    private key, it can be verified by reading the public key at that
    URL.

Your public & private key will be stored in ``${ALETHEIA_HOME}``. For Aletheia
to work, you need to publish your public key on a website somewhere so it can
be used to verify files later.


Sign an image with your private key
...................................

.. code:: bash

    $ aletheia sign file.jpg https://example.com/my-public-key.pub

Aletheia will modify the EXIF data on your image to include a signature and a
link to where your public key can be found so when it comes time to verify it,
everything that's necessary is available.


Verify the image with your public key
.....................................

.. code:: bash

    $ aletheia verify file.jpg

Now, anyone who receives your image can verify its origin with this command so
long as your public key remains available at the URL you used above.


Python API
----------

There's no reason that you would have to do all this on the command line of
course.  All of the above can be done programmatically as well.


Generate your public/private key pair
.....................................

.. code:: python

    from aletheia.utils import generate

    generate()

Just like the command line utility, ``generate()`` will create your
public/private key pair in ``${ALETHEIA_HOME}``.


Sign an image with your private key
...................................

.. code:: python

    from aletheia.utils import sign

    sign("/path/to/file.jpg", "https://example.com/my-public-key.pub")

So long as you've got your public/private key pair in ``${ALETHEIA_HOME}``,
``sign()`` will modify the metadata on your file to include a signature and URL
for your public key.

There is also a ``sign_bulk()`` utility for multiple files:

.. code:: python

    from aletheia.utils import sign

    sign(
        ("/path/to/file1.jpg", "/path/to/file2.jpg"),
        "https://example.com/my-public-key.pub"
    )


Verify the image with your public key
.....................................

.. code:: python

    from aletheia.utils import verify

    verify("/path/to/file.jpg")

Aletheia will import the public key from the URL in the file's metadata and
attempt to verify the image data by comparing the key to the embedded
signature.  If the file is verified, it returns ``True``, otherwise it returns
``False``.

There's also a ``verify_bulk()`` utility for multiple files:

.. code:: python

    from aletheia.utils import verify

    verify_bulk(("/path/to/file1.jpg", "/path/to/file2.jpg"))


