Sometimes you just want to send some data to untrusted environments. But how to do this safely? The trick involves signing. Given a key only you know, you can cryptographically sign your data and hand it over to someone else. When you get the data back you can easily ensure that nobody tampered with it.

Granted, the receiver can decode the contents and look into the package, but they can not modify the contents unless they also have your secret key. So if you keep the key secret and complex, you will be fine.

Internally ItsDangerous uses HMAC and SHA-512 for signing by default. The initial implementation was inspired by Django’s signing module. It also supports JSON Web Signatures (JWS). The library is BSD licensed.

Installing¶ Install and update using pip: pip install -U itsdangerous