iscc-crypto is the cryptographic signing and verification module for the ISCC
(International Standard Content Code) Framework.
Caution
This is a proof of concept. All releases with version numbers below v1.0.0 may break backward compatibility. The algorithms and code of this repository are experimental and not part of the official ISO 24138:2024 standard. This library has not undergone a formal security audit by independent third parties. While we strive to follow best practices and have implemented various security measures, the absence of an audit means there may be undiscovered vulnerabilities. Therefore, this library should not be used in production environments where strong security guarantees are critical.
- Ed25519 key generation and management
- JSON canonicalization and signing
- W3C Verifiable Credentials Data Integrity proofs
- Multibase and multikey support
- Cryptographic nonce generation with embedded node identifier
- Command-line interface for key generation and identity management
- Minimal external dependencies for core cryptographic operations
Use the package manager pip to install iscc-crypto:
pip install iscc-crypto>>> import json
>>> import iscc_crypto as icr
>>> keypair = icr.key_from_secret("z3u2So9EAtuYVuxGog4F2ksFGws8YT7pBPs4xyRbv3NJgrNA")
>>> # Sign a JSON document
>>> doc = {"title": "My Document", "content": "Important data"}
>>> signed_doc = icr.sign_json(doc, keypair)
>>> # Show the signed document structure
>>> print(json.dumps(signed_doc, indent=2))
{
"title": "My Document",
"content": "Important data",
"signature": {
"version": "ISCC-SIG v1.0",
"pubkey": "z6MkpFpVngrAUTSY6PagXa1x27qZqgdmmy3ZNWSBgyFSvBSx",
"proof": "z5xCgXk6tGJTVcvrcvVok5XgLn5Mefo49ztwwW8QCmjoySH4ZEkri4XoY2JjiyaD7yD4Na7eoGPqmhPoeM2uvBmF8"
}
}
>>> # Verify the signed document
>>> icr.verify_json(signed_doc)
VerificationResult(signature_valid=True, identity_verified=None, message=None)Documentation is published at https://crypto.iscc.codes
Requirements
- Python 3.10 or higher
- UV for dependency management
Development Setup
git clone https://github.com/iscc/iscc-crypto.git
cd iscc-crypto
uv syncTesting
Run the test suite:
uv run pytestPull requests are welcome. For significant changes, please open an issue first to discuss your plans. Please make sure to update tests as appropriate.
You may also want to join our developer chat on Telegram at https://t.me/iscc_dev.
This work was supported through the Open Science Clusters’ Action for Research and Society (OSCARS) European project under grant agreement Nº101129751.
See: BIO-CODES project (Enhancing AI-Readiness of Bioimaging Data with Content-Based Identifiers).
iscc-crypto is licensed under the Apache License, Version 2.0
ISCC-CRYPTO implements self-sovereign cryptographic operations for content identification and provenance using Ed25519 signatures. It operates independently of regulated trust services, certificate authorities, or statutory trust frameworks.
Signatures produced by this library provide cryptographic authenticity and integrity but carry no inherent legal presumptions. The legal effect of electronic signatures depends on jurisdiction, context, and applicable law (including, where relevant, the UNCITRAL Model Law on Electronic Signatures, EU eIDAS, U.S. ESIGN/UETA, and corresponding national regulations).
Where legal enforceability is required, ISCC declarations may be combined with jurisdiction-appropriate qualified electronic signatures, timestamps, or attestation services without altering the underlying protocol.
This notice is provided for informational purposes only and does not constitute legal advice.