This documentation is for an old version of IPython. You can find docs for newer versions here.

Module: nbformat.sign

Utilities for signing notebooks

2 Classes

class IPython.nbformat.sign.NotebookNotary(**kwargs)

Bases: IPython.config.configurable.LoggingConfigurable

A class for computing and verifying notebook signatures.


Return whether all code cells are trusted

If there are no code cells, return True.

This function is the inverse of mark_cells.


Check a notebook’s stored signature

If a signature is stored in the notebook’s metadata, a new signature is computed and compared with the stored value.

Returns True if the signature is found and matches, False otherwise.

The following conditions must all be met for a notebook to be trusted: - a signature is stored in the form ‘scheme:hexdigest’ - the stored scheme matches the requested scheme - the requested scheme is available from hashlib - the computed hash from notebook_signature matches the stored hash


Compute a notebook’s signature

by hashing the entire contents of the notebook via HMAC digest.


Cull oldest 25% of the trusted signatures when the size limit is reached

mark_cells(nb, trusted)

Mark cells as trusted if the notebook’s signature can be verified

Sets cell.metadata.trusted = True | False on all code cells, depending on whether the stored signature can be verified.

This function is the inverse of check_cells


Sign a notebook, indicating that its output is trusted on this machine

Stores hash algorithm and hmac digest in a local database of trusted notebooks.


Ensure that a notebook is untrusted

by removing its signature from the trusted database, if present.

class IPython.nbformat.sign.TrustNotebookApp(**kwargs)

Bases: IPython.core.application.BaseIPythonApplication


Generate a new notebook signature key

3 Functions


Yield every item in a container as bytes

Allows any JSONable object to be passed to an HMAC digester without having to serialize the whole thing.


Iterator that yields all cells in a notebook

nbformat version independent


Context manager for operating on a notebook with its signature removed

Used for excluding the previous signature when computing a notebook’s signature.