A Python utility for secure, one-way hashing of attendee emails, using SHA-512 and a salt for access control in partner apps. 🔒 It verifies users against a hash list (no raw emails shared), protecting valuable resources like exclusive training links from public sharing. Attendees must use their registration email.
This Python utility provides a straightforward, secure method for hashing a list of conference attendee emails. The primary goal is to generate a file containing only the secure, one-way hashes of those emails, enabling the list to be shared with a partner application without exposing the raw email addresses.
The partner application can then use this list of hashes to verify user identity during registration. This ensures that only pre-registered conference attendees (whose emails match a known hash) are successfully onboarded to the app. The hashes can be provided to the partner in advance, allowing them to set up pre-event access for attendees using QR codes or direct links.
Built for volunteer-run conferences: Set up once in ~10 minutes, then partners verify attendees automatically 24/7—no ongoing admin work required.
- Secure Hashing: Uses the SHA-512 algorithm to anonymize attendee email data.
- Data Minimization: Outputs a file containing only the hashes, completely separate from the source email list.
- Partner Integration Ready: The output file is designed to be easily consumed and embedded by a third-party application for user verification.
It's critical to understand how this security model works. The process uses a one-way cryptographic hash.
Hashes cannot be "decrypted": It is computationally impossible to reverse a SHA-512 hash to reveal the original email address. Your raw data is safe.
The partner can verify, not uncover: You are providing the partner with a list of "locked doors" (the hashes) and the "key" (the salt). They can use this key to check if an email a user provides matches a lock. They cannot use the key to see what's behind all the other locked doors.
This model relies on a trusted partnership. The partner is entrusted with the ability to verify attendees, not to discover your entire attendee list.
For more technical details, see Wikipedia's article on Cryptographic Hash Functions.
- Cryptographically Secure: Industry standard, robust.
- Performant: Often faster than SHA-256 on most systems (64-bit).
- Available: Directly accessible in all versions of Python 3's standard
hashliblibrary.
To maintain cryptographic security, this utility uses salting during the hashing process. This requires the partner to:
- Agree to the Exchange Model: The receiving party must understand and agree to this security model.
- Build in Facilities: The partner application must include ability to securely store, and use the following two components before taking user input:
- The complete list of SHA-512 hashed email results.
- The secret salt value used in the hashing.
- Secure Transmission: The list of hashed email results and the essential salt value will be provided to the receiver via separate, secure channels.
(Conference Admin) PARTNER (App Provider)
-----------------------------------------------------------------------------------------
[Pre-Event Setup]
1. attendees.csv -------> [ hash_contacts.py ] --+--> output_attendee_hashes.txt (The "Locks")
|
+--> output_salt_value.txt (The "Key")
(Transferred Securely & Separately)
|
|
+----------------------------------+
| |
V V
(App Database) (App's Secure Storage)
Stores list of hashes. Stores the single salt.
-----------------------------------------------------------------------------------------
[User Verification]
3. User provides their email
("[email protected]")
|
V
2. Attendee arrives at app ----------> [ Partner's App strips() and lowercase() user email input ]
[ Partner's App Hashes Input ]
(Uses salt + user's email)
|
V
Is the resulting hash
in the list of hashes provided?
|
V
[ YES ] or [ NO ]
/ \
Access Granted Access Denied
- Users Register: Attendees register through the current ticketing system.
- Input & Preparation (Admin): The PyBay Admin downloads the list of registered attendee emails (e.g., single column of emails, with a header, in CSV format) and prepares the script environment.
- Process (Script): The Python script applies the SHA-512 hash function to each email address after appending the secret salt.
- Output: The script generates two distinct secure outputs: 1) a text file containing only one hash per line, and 2) the separate, secret salt value.
- Securely Share Hashed Output (Admin): The Admin securely shares only the hashed output file via a private link (e.g., PyBay Google Drive). Emailing the hash file is acceptable since the content is non-reversible. IMPORTANT: Do not share the salt in the same communication channel.
- Securely Share Salt Value (Admin): Separately from the hashed output, the Admin transfers the salt. The salt must be transferred digitally to prevent human transcription errors. Use one of the following secure, end-to-end (E2E) channels:
- Encrypted Messenger: Send the salt via a trusted, E2E encrypted application like Signal.
- One-Time Secret Link: Use a service that ensures the secret is displayed once and then deleted:
- https://privatebin.net/ (Open Source)
- https://1ty.me/
- Critical: Ensure the receiver can copy/paste the salt string exactly.
This tool is an effective solution for securely controlling access to a partner service based on conference attendance status.
Prohibited channels for sharing the salt are Standard Email, SMS/MMS, and regular Telegram chats - these are not E2E encrypted by default.
The content below could be added to links / QR code provided by a partner
To successfully redeem your exclusive access (via QR code, link, or app registration), please follow these simple steps:
- Use Your Registered Email: When prompted for your email, you must use the exact same email address you used to register for the conference. This is the only way the system can verify your status.
- Simple Redemption: The verification is instant! Enter your registered email, and the system will confirm you as an attendee for immediate access to your valuable resource.
- Pre-Access Available: This process allows you to gain access to content or training before the event even starts. Enjoy! Of course. Here is the content of the README.md file as pure Markdown:
This utility was developed and tested with Python 3.14. It uses only standard libraries, no third-party packages are required.
git clone [https://github.com/your-username/contact-hash-util.git](https://github.com/your-username/contact-hash-util.git)
cd contact-hash-util
Of course, you do this automatically!
python3 -m venv venv
source venv/bin/activate
Assumes you are using pretix for ticketing, and export the data via: Orders\Export\Email Addresses menu, in pretix filtered by pending and paid. This exports Email addresses as a text file without a header.
Ensure you have a *.txt file (e.g., Attendees.txt, pybay-2025_pretixemails.txt) without a header row - which is standard output from pretix. The script looks for an email column named Email by default.
Run the script from your terminal, providing the path to your input CSV file as an argument.
python hash_contact_emails.py
The script will generate an output_attendee_hashes.txtand output_salt_value.txt files to project root and also print to your terminal. These files are already .gitignored. Follow instructions above to transmit the info in separate secure messages, then delete these files.