As is says in the documentation. django.core.signing signs, and does not encyrpt.
Even though signing.dumps
creates obscure-looking tokens, they are
not encrypted, and here's a proof:
>>> from django.core import signing
>>> a = signing.dumps({"action":"set-password", "username": "enrico", "password": "SECRET"})
>>> from django.utils.encoding import force_bytes
>>> print(signing.b64_decode(force_bytes(a.split(":",1)[0])))
I'm writing it down so one day I won't be tempted to think otherwise.