0

On the UsingPickle article on Python Wiki it suggests using TrustedPickle in order to give more protection to Pickle files through looking for authorised signatures and keys.

I downloaded TrustedPickle 0.01 and installed it as instructed by putting the TrustedPickle.py script iin C:\Python33\Lib\site-packages.

However, following the steps in order to use TrustedPickle, the module doesn't work.

I've opened the script and tried running it and it comes up with invalid syntax and it pointing to Line 142 and Column 22. Can someone look at the script and see what's wrong? This script is too far out of my depth to solve myself.

You can download the script here: http://sourceforge.net/projects/trustedpickle/files/trustedpickle/0.01/

I've tried 0.02 and that doesn't work either.

Konrad Rudolph
  • 530,221
  • 131
  • 937
  • 1,214
RoyalSwish
  • 1,503
  • 10
  • 31
  • 57

1 Answers1

0

The line in question is:

x1, Key, y1, y2 = 0L, 1L, 1L, 0L

The trailing L (for "long") is invalid syntax in Python 3; it is unnecessary, as Python 3's int now covers both int and long from Python 2.x.

In short, it appears that the library does not support Python 3.x. The following modifications to trusted_pickle.py:

  • remove all trailing Ls from numbers;
  • remove import sets and replace all sets.Set( with set(;
  • replace all long( with int(;
  • replace import md5 with import hashlib and replace md5.md5(String) with hashlib.md5(String.encode()); and
  • replace raw_input( with input(;

allow the library to import in Python 3.x. However, I have not tested that it actually works with these changes.

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
  • So do I just remove the `L`? Or will that break the script even more? – RoyalSwish Jan 09 '14 at 15:54
  • You could remove those `L`s (and any others in the code) but there are other incompatibilities between Python 2.x and 3.x that may affect this. You should contact the library team and see if they plan to support Py3k. – jonrsharpe Jan 09 '14 at 15:57
  • I don't think they are any time soon, considering 0.02 was released in 2004... I'm guessing I should just avoid this script then. Is there another way to protect an ordinary Pickle like TrustedPickle attempts to do? – RoyalSwish Jan 09 '14 at 16:01
  • I have added comments to my answer on conversion for Py3k – jonrsharpe Jan 09 '14 at 16:14
  • I added one more change which is just changing `raw_input` with `input`. I have attempted to follow this [page](http://trustedpickle.sourceforge.net/keygen.html) and got as far down to "Key pair filename base..." but then encounter an `AttributeError: 'NoneType' object has no attribute 'write'`. Any idea? – RoyalSwish Jan 09 '14 at 16:38
  • Well, in some attempt to call `obj.write()`, `obj is None` instead of whatever object is expected. Look at where it comes from (e.g. argument values) and find out why! – jonrsharpe Jan 09 '14 at 16:51
  • There seems to be a problem with the `getpass.getpass()` code. If I created a new .py file with the coding `import get pass` `passwd = getpass.getpass()` and run that it will come with the error `Traceback (most recent call last): File "\\scms-fsv002a\home drives\n.morar\My Documents\test.py", line 3, in passwd = getpass.getpass('blah')` – RoyalSwish Jan 10 '14 at 12:00
  • `File "C:\Python33\lib\getpass.py", line 92, in win_getpass return fallback_getpass(prompt, stream) File "C:\Python33\lib\getpass.py", line 114, in fallback_getpass stacklevel=2) File "C:\Python33\lib\idlelib\PyShell.py", line 60, in idle_showwarning file.write(warnings.formatwarning(message, category, filename, AttributeError: 'NoneType' object has no attribute 'write'` – RoyalSwish Jan 10 '14 at 12:00
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/44947/discussion-between-jonrsharpe-and-royalswish) – jonrsharpe Jan 10 '14 at 12:16