This documentation is for an old version of IPython. You can find docs for newer versions here.

Module: nbformat.sign

Functions for signing notebooks

2 Classes

class IPython.nbformat.sign.NotebookNotary(**kwargs)

Bases: IPython.config.configurable.LoggingConfigurable

A class for computing and verifying notebook signatures.


Return whether all code cells are trusted

If there are no code cells, return True.

This function is the inverse of mark_cells.


Check a notebook’s stored signature

If a signature is stored in the notebook’s metadata, a new signature is computed and compared with the stored value.

Returns True if the signature is found and matches, False otherwise.

The following conditions must all be met for a notebook to be trusted: - a signature is stored in the form ‘scheme:hexdigest’ - the stored scheme matches the requested scheme - the requested scheme is available from hashlib - the computed hash from notebook_signature matches the stored hash


Compute a notebook’s signature

by hashing the entire contents of the notebook via HMAC digest.

mark_cells(nb, trusted)

Mark cells as trusted if the notebook’s signature can be verified

Sets cell.trusted = True | False on all code cells, depending on whether the stored signature can be verified.

This function is the inverse of check_cells


Sign a notebook, indicating that its output is trusted

stores ‘algo:hmac-hexdigest’ in notebook.metadata.signature

e.g. ‘sha256:deadbeef123...’

class IPython.nbformat.sign.TrustNotebookApp(**kwargs)

Bases: IPython.core.application.BaseIPythonApplication


Generate a new notebook signature key

2 Functions


Yield every item in a container as bytes

Allows any JSONable object to be passed to an HMAC digester without having to serialize the whole thing.

IPython.nbformat.sign.signature_removed(*args, **kwds)

Context manager for operating on a notebook with its signature removed

Used for excluding the previous signature when computing a notebook’s signature.