swarmauri_crypto_jwe 0.2.0.dev4__tar.gz → 0.2.0.dev32__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {swarmauri_crypto_jwe-0.2.0.dev4 → swarmauri_crypto_jwe-0.2.0.dev32}/PKG-INFO +53 -17
- {swarmauri_crypto_jwe-0.2.0.dev4 → swarmauri_crypto_jwe-0.2.0.dev32}/README.md +44 -12
- {swarmauri_crypto_jwe-0.2.0.dev4 → swarmauri_crypto_jwe-0.2.0.dev32}/pyproject.toml +13 -2
- {swarmauri_crypto_jwe-0.2.0.dev4 → swarmauri_crypto_jwe-0.2.0.dev32}/swarmauri_crypto_jwe/JweCrypto.py +44 -1
- {swarmauri_crypto_jwe-0.2.0.dev4 → swarmauri_crypto_jwe-0.2.0.dev32}/LICENSE +0 -0
- {swarmauri_crypto_jwe-0.2.0.dev4 → swarmauri_crypto_jwe-0.2.0.dev32}/swarmauri_crypto_jwe/__init__.py +0 -0
|
@@ -1,10 +1,12 @@
|
|
|
1
|
-
Metadata-Version: 2.
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
2
|
Name: swarmauri_crypto_jwe
|
|
3
|
-
Version: 0.2.0.
|
|
3
|
+
Version: 0.2.0.dev32
|
|
4
4
|
Summary: RFC 7516/7518 compliant JWE crypto provider for Swarmauri
|
|
5
|
-
License: Apache-2.0
|
|
6
|
-
|
|
7
|
-
|
|
5
|
+
License-Expression: Apache-2.0
|
|
6
|
+
License-File: LICENSE
|
|
7
|
+
Keywords: swarmauri,sdk,standards,crypto,jwe,cryptography
|
|
8
|
+
Author: Jacob Stewart
|
|
9
|
+
Author-email: jacob@swarmauri.com
|
|
8
10
|
Requires-Python: >=3.10,<3.13
|
|
9
11
|
Classifier: License :: OSI Approved :: Apache Software License
|
|
10
12
|
Classifier: Natural Language :: English
|
|
@@ -15,6 +17,9 @@ Classifier: Programming Language :: Python :: 3.13
|
|
|
15
17
|
Classifier: Development Status :: 3 - Alpha
|
|
16
18
|
Classifier: Topic :: Security :: Cryptography
|
|
17
19
|
Classifier: Intended Audience :: Developers
|
|
20
|
+
Classifier: Programming Language :: Python
|
|
21
|
+
Classifier: Programming Language :: Python :: 3
|
|
22
|
+
Classifier: Programming Language :: Python :: 3 :: Only
|
|
18
23
|
Provides-Extra: cbor
|
|
19
24
|
Provides-Extra: json
|
|
20
25
|
Requires-Dist: cbor2 ; extra == "cbor"
|
|
@@ -23,7 +28,7 @@ Requires-Dist: swarmauri_base
|
|
|
23
28
|
Requires-Dist: swarmauri_core
|
|
24
29
|
Description-Content-Type: text/markdown
|
|
25
30
|
|
|
26
|
-

|
|
27
32
|
|
|
28
33
|
<p align="center">
|
|
29
34
|
<a href="https://pypi.org/project/swarmauri_crypto_jwe/"><img src="https://img.shields.io/pypi/dm/swarmauri_crypto_jwe" alt="PyPI - Downloads"/></a>
|
|
@@ -39,16 +44,29 @@ Description-Content-Type: text/markdown
|
|
|
39
44
|
|
|
40
45
|
JSON Web Encryption (JWE) provider implementing RFC 7516 and RFC 7518 compliant encryption and decryption helpers.
|
|
41
46
|
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
-
|
|
47
|
+
### Features
|
|
48
|
+
|
|
49
|
+
- Asynchronous API for compact JWE serialization returning strings.
|
|
50
|
+
- Accepts `JWAAlg` enums from [`swarmauri_core.crypto.types`](https://github.com/swarmauri/swarmauri-sdk/tree/master/pkgs/core/swarmauri_core/crypto/types.py) for algorithms.
|
|
51
|
+
- Supports `dir`, `RSA-OAEP`, `RSA-OAEP-256`, and `ECDH-ES` key management algorithms.
|
|
52
|
+
- Supports `A128GCM`, `A192GCM`, and `A256GCM` content encryption.
|
|
53
|
+
- Optional compression (`zip` = `DEF`) and Additional Authenticated Data (AAD).
|
|
54
|
+
- Returns structured decrypt results that include both the protected header and plaintext.
|
|
55
|
+
- Registers with the Swarmauri PluginManager via the `swarmauri.cryptos` entry point.
|
|
45
56
|
|
|
46
57
|
### Installation
|
|
47
58
|
|
|
48
59
|
```bash
|
|
49
60
|
pip install swarmauri_crypto_jwe
|
|
61
|
+
# or
|
|
62
|
+
poetry add swarmauri_crypto_jwe
|
|
63
|
+
# or, with uv
|
|
64
|
+
uv add swarmauri_crypto_jwe
|
|
50
65
|
```
|
|
51
66
|
|
|
67
|
+
> [!TIP]
|
|
68
|
+
> `uv` can be installed with `pip install uv` or by following the instructions at [astral.sh/uv](https://docs.astral.sh/uv/). Once installed, run `uv add swarmauri_crypto_jwe` from your project directory to add the dependency.
|
|
69
|
+
|
|
52
70
|
### Usage
|
|
53
71
|
|
|
54
72
|
The helpers are asynchronous and return compact JWE strings that can be
|
|
@@ -64,6 +82,7 @@ decrypted back into their original plaintext. A typical flow is:
|
|
|
64
82
|
import asyncio
|
|
65
83
|
from cryptography.hazmat.primitives import serialization
|
|
66
84
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
|
85
|
+
from swarmauri_core.crypto.types import JWAAlg
|
|
67
86
|
from swarmauri_crypto_jwe import JweCrypto
|
|
68
87
|
|
|
69
88
|
|
|
@@ -78,8 +97,8 @@ async def main() -> None:
|
|
|
78
97
|
|
|
79
98
|
jwe = await crypto.encrypt_compact(
|
|
80
99
|
payload=b"secret",
|
|
81
|
-
alg=
|
|
82
|
-
enc=
|
|
100
|
+
alg=JWAAlg.RSA_OAEP_256,
|
|
101
|
+
enc=JWAAlg.A256GCM,
|
|
83
102
|
key={"pub": pk_pem},
|
|
84
103
|
)
|
|
85
104
|
|
|
@@ -97,16 +116,33 @@ async def main() -> None:
|
|
|
97
116
|
asyncio.run(main())
|
|
98
117
|
```
|
|
99
118
|
|
|
119
|
+
### Loading via PluginManager
|
|
120
|
+
|
|
121
|
+
```python
|
|
122
|
+
from swarmauri.plugin import PluginManager
|
|
123
|
+
|
|
124
|
+
pm = PluginManager()
|
|
125
|
+
crypto = pm.load("swarmauri.cryptos", "JweCrypto")
|
|
126
|
+
```
|
|
127
|
+
|
|
100
128
|
**Parameters**
|
|
101
129
|
|
|
102
|
-
- `alg` – key management algorithm
|
|
103
|
-
- `enc` – content encryption algorithm
|
|
104
|
-
- `key` – mapping containing the
|
|
105
|
-
|
|
106
|
-
-
|
|
107
|
-
`
|
|
130
|
+
- `alg` – `JWAAlg` member describing the key management algorithm (`JWAAlg.RSA_OAEP_256`, `JWAAlg.DIR`, etc.).
|
|
131
|
+
- `enc` – `JWAAlg` member describing the content encryption algorithm (`JWAAlg.A256GCM`, `JWAAlg.A128GCM`, etc.).
|
|
132
|
+
- `key` – mapping containing the key material used for encryption:
|
|
133
|
+
- `{"k": bytes}` for direct symmetric keys (`dir`).
|
|
134
|
+
- `{"pub": rsa_public_key}` for RSA OAEP, where the public key may be PEM bytes or an `RSAPublicKey` instance.
|
|
135
|
+
- `{"pub": ec_public_key}` for ECDH-ES with PEM, JWK, or key objects.
|
|
136
|
+
- Optional `header_extra` values are merged into the protected header (use `zip="DEF"` to enable compression).
|
|
137
|
+
- Decryption requires the matching private key via `dir_key`, `rsa_private_pem`/`rsa_private_password`, or `ecdh_private_key`.
|
|
138
|
+
- `expected_algs` and `expected_encs` constrain acceptable algorithms during decryption, and `aad` must match the authenticated data provided at encryption time.
|
|
108
139
|
|
|
109
140
|
## Entry point
|
|
110
141
|
|
|
111
142
|
The provider is registered under the `swarmauri.cryptos` entry point as `JweCrypto`.
|
|
112
143
|
|
|
144
|
+
## Want to help?
|
|
145
|
+
|
|
146
|
+
If you want to contribute to swarmauri-sdk, read up on our
|
|
147
|
+
[guidelines for contributing](https://github.com/swarmauri/swarmauri-sdk/blob/master/CONTRIBUTING.md)
|
|
148
|
+
that will help you get started.
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-

|
|
2
2
|
|
|
3
3
|
<p align="center">
|
|
4
4
|
<a href="https://pypi.org/project/swarmauri_crypto_jwe/"><img src="https://img.shields.io/pypi/dm/swarmauri_crypto_jwe" alt="PyPI - Downloads"/></a>
|
|
@@ -14,16 +14,29 @@
|
|
|
14
14
|
|
|
15
15
|
JSON Web Encryption (JWE) provider implementing RFC 7516 and RFC 7518 compliant encryption and decryption helpers.
|
|
16
16
|
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
-
|
|
17
|
+
### Features
|
|
18
|
+
|
|
19
|
+
- Asynchronous API for compact JWE serialization returning strings.
|
|
20
|
+
- Accepts `JWAAlg` enums from [`swarmauri_core.crypto.types`](https://github.com/swarmauri/swarmauri-sdk/tree/master/pkgs/core/swarmauri_core/crypto/types.py) for algorithms.
|
|
21
|
+
- Supports `dir`, `RSA-OAEP`, `RSA-OAEP-256`, and `ECDH-ES` key management algorithms.
|
|
22
|
+
- Supports `A128GCM`, `A192GCM`, and `A256GCM` content encryption.
|
|
23
|
+
- Optional compression (`zip` = `DEF`) and Additional Authenticated Data (AAD).
|
|
24
|
+
- Returns structured decrypt results that include both the protected header and plaintext.
|
|
25
|
+
- Registers with the Swarmauri PluginManager via the `swarmauri.cryptos` entry point.
|
|
20
26
|
|
|
21
27
|
### Installation
|
|
22
28
|
|
|
23
29
|
```bash
|
|
24
30
|
pip install swarmauri_crypto_jwe
|
|
31
|
+
# or
|
|
32
|
+
poetry add swarmauri_crypto_jwe
|
|
33
|
+
# or, with uv
|
|
34
|
+
uv add swarmauri_crypto_jwe
|
|
25
35
|
```
|
|
26
36
|
|
|
37
|
+
> [!TIP]
|
|
38
|
+
> `uv` can be installed with `pip install uv` or by following the instructions at [astral.sh/uv](https://docs.astral.sh/uv/). Once installed, run `uv add swarmauri_crypto_jwe` from your project directory to add the dependency.
|
|
39
|
+
|
|
27
40
|
### Usage
|
|
28
41
|
|
|
29
42
|
The helpers are asynchronous and return compact JWE strings that can be
|
|
@@ -39,6 +52,7 @@ decrypted back into their original plaintext. A typical flow is:
|
|
|
39
52
|
import asyncio
|
|
40
53
|
from cryptography.hazmat.primitives import serialization
|
|
41
54
|
from cryptography.hazmat.primitives.asymmetric import rsa
|
|
55
|
+
from swarmauri_core.crypto.types import JWAAlg
|
|
42
56
|
from swarmauri_crypto_jwe import JweCrypto
|
|
43
57
|
|
|
44
58
|
|
|
@@ -53,8 +67,8 @@ async def main() -> None:
|
|
|
53
67
|
|
|
54
68
|
jwe = await crypto.encrypt_compact(
|
|
55
69
|
payload=b"secret",
|
|
56
|
-
alg=
|
|
57
|
-
enc=
|
|
70
|
+
alg=JWAAlg.RSA_OAEP_256,
|
|
71
|
+
enc=JWAAlg.A256GCM,
|
|
58
72
|
key={"pub": pk_pem},
|
|
59
73
|
)
|
|
60
74
|
|
|
@@ -72,15 +86,33 @@ async def main() -> None:
|
|
|
72
86
|
asyncio.run(main())
|
|
73
87
|
```
|
|
74
88
|
|
|
89
|
+
### Loading via PluginManager
|
|
90
|
+
|
|
91
|
+
```python
|
|
92
|
+
from swarmauri.plugin import PluginManager
|
|
93
|
+
|
|
94
|
+
pm = PluginManager()
|
|
95
|
+
crypto = pm.load("swarmauri.cryptos", "JweCrypto")
|
|
96
|
+
```
|
|
97
|
+
|
|
75
98
|
**Parameters**
|
|
76
99
|
|
|
77
|
-
- `alg` – key management algorithm
|
|
78
|
-
- `enc` – content encryption algorithm
|
|
79
|
-
- `key` – mapping containing the
|
|
80
|
-
|
|
81
|
-
-
|
|
82
|
-
`
|
|
100
|
+
- `alg` – `JWAAlg` member describing the key management algorithm (`JWAAlg.RSA_OAEP_256`, `JWAAlg.DIR`, etc.).
|
|
101
|
+
- `enc` – `JWAAlg` member describing the content encryption algorithm (`JWAAlg.A256GCM`, `JWAAlg.A128GCM`, etc.).
|
|
102
|
+
- `key` – mapping containing the key material used for encryption:
|
|
103
|
+
- `{"k": bytes}` for direct symmetric keys (`dir`).
|
|
104
|
+
- `{"pub": rsa_public_key}` for RSA OAEP, where the public key may be PEM bytes or an `RSAPublicKey` instance.
|
|
105
|
+
- `{"pub": ec_public_key}` for ECDH-ES with PEM, JWK, or key objects.
|
|
106
|
+
- Optional `header_extra` values are merged into the protected header (use `zip="DEF"` to enable compression).
|
|
107
|
+
- Decryption requires the matching private key via `dir_key`, `rsa_private_pem`/`rsa_private_password`, or `ecdh_private_key`.
|
|
108
|
+
- `expected_algs` and `expected_encs` constrain acceptable algorithms during decryption, and `aad` must match the authenticated data provided at encryption time.
|
|
83
109
|
|
|
84
110
|
## Entry point
|
|
85
111
|
|
|
86
112
|
The provider is registered under the `swarmauri.cryptos` entry point as `JweCrypto`.
|
|
113
|
+
|
|
114
|
+
## Want to help?
|
|
115
|
+
|
|
116
|
+
If you want to contribute to swarmauri-sdk, read up on our
|
|
117
|
+
[guidelines for contributing](https://github.com/swarmauri/swarmauri-sdk/blob/master/CONTRIBUTING.md)
|
|
118
|
+
that will help you get started.
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
[project]
|
|
2
2
|
name = "swarmauri_crypto_jwe"
|
|
3
|
-
version = "0.2.0.
|
|
3
|
+
version = "0.2.0.dev32"
|
|
4
4
|
description = "RFC 7516/7518 compliant JWE crypto provider for Swarmauri"
|
|
5
5
|
license = "Apache-2.0"
|
|
6
6
|
readme = "README.md"
|
|
7
7
|
requires-python = ">=3.10,<3.13"
|
|
8
|
-
authors = [{ name = "
|
|
8
|
+
authors = [{ name = "Jacob Stewart", email = "jacob@swarmauri.com" }]
|
|
9
9
|
classifiers = [
|
|
10
10
|
"License :: OSI Approved :: Apache Software License",
|
|
11
11
|
"Natural Language :: English",
|
|
@@ -16,12 +16,23 @@ classifiers = [
|
|
|
16
16
|
"Development Status :: 3 - Alpha",
|
|
17
17
|
"Topic :: Security :: Cryptography",
|
|
18
18
|
"Intended Audience :: Developers",
|
|
19
|
+
"Programming Language :: Python",
|
|
20
|
+
"Programming Language :: Python :: 3",
|
|
21
|
+
"Programming Language :: Python :: 3 :: Only",
|
|
19
22
|
]
|
|
20
23
|
dependencies = [
|
|
21
24
|
"swarmauri_core",
|
|
22
25
|
"swarmauri_base",
|
|
23
26
|
"cryptography>=41",
|
|
24
27
|
]
|
|
28
|
+
keywords = [
|
|
29
|
+
'swarmauri',
|
|
30
|
+
'sdk',
|
|
31
|
+
'standards',
|
|
32
|
+
'crypto',
|
|
33
|
+
'jwe',
|
|
34
|
+
'cryptography',
|
|
35
|
+
]
|
|
25
36
|
|
|
26
37
|
[project.optional-dependencies]
|
|
27
38
|
json = []
|
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
"""High level helpers for JSON Web Encryption.
|
|
2
|
+
|
|
3
|
+
This module provides compact serialization routines for JWE messages as
|
|
4
|
+
specified by RFC 7516 and RFC 7518.
|
|
5
|
+
"""
|
|
6
|
+
|
|
1
7
|
from __future__ import annotations
|
|
2
8
|
|
|
3
9
|
import base64
|
|
@@ -189,12 +195,22 @@ JWECompact = str
|
|
|
189
195
|
|
|
190
196
|
@dataclass
|
|
191
197
|
class JweDecryptResult:
|
|
198
|
+
"""Return value for :meth:`JweCrypto.decrypt_compact`.
|
|
199
|
+
|
|
200
|
+
header (Dict[str, Any]): Parsed JWE header.
|
|
201
|
+
plaintext (bytes): Decrypted payload bytes.
|
|
202
|
+
"""
|
|
203
|
+
|
|
192
204
|
header: Dict[str, Any]
|
|
193
205
|
plaintext: bytes
|
|
194
206
|
|
|
195
207
|
|
|
196
208
|
class JweCrypto:
|
|
197
|
-
"""Utility class for JSON Web Encryption
|
|
209
|
+
"""Utility class for working with JSON Web Encryption.
|
|
210
|
+
|
|
211
|
+
The helpers create and parse compact JWE strings. All operations are
|
|
212
|
+
asynchronous to integrate with async workflows.
|
|
213
|
+
"""
|
|
198
214
|
|
|
199
215
|
async def encrypt_compact(
|
|
200
216
|
self,
|
|
@@ -207,6 +223,19 @@ class JweCrypto:
|
|
|
207
223
|
header_extra: Optional[Mapping[str, Any]] = None,
|
|
208
224
|
aad: Optional[Union[bytes, str]] = None,
|
|
209
225
|
) -> JWECompact:
|
|
226
|
+
"""Encrypt a payload into a compact JWE string.
|
|
227
|
+
|
|
228
|
+
payload (Union[bytes, str, Mapping[str, Any]]): Data to encrypt. Strings and
|
|
229
|
+
mappings are encoded as UTF-8 JSON.
|
|
230
|
+
alg (JWAAlg): Key management algorithm.
|
|
231
|
+
enc (JWAAlg): Content encryption algorithm.
|
|
232
|
+
key (Mapping[str, Any]): Key material used for encryption.
|
|
233
|
+
kid (str): Optional key identifier placed in the protected header.
|
|
234
|
+
header_extra (Mapping[str, Any]): Additional protected header fields.
|
|
235
|
+
aad (Union[bytes, str]): Additional authenticated data.
|
|
236
|
+
RETURNS (JWECompact): Compact JWE representation.
|
|
237
|
+
"""
|
|
238
|
+
|
|
210
239
|
if isinstance(payload, str):
|
|
211
240
|
pt = payload.encode("utf-8")
|
|
212
241
|
elif isinstance(payload, (bytes, bytearray)):
|
|
@@ -318,6 +347,20 @@ class JweCrypto:
|
|
|
318
347
|
expected_encs: Optional[Iterable[JWAAlg]] = None,
|
|
319
348
|
aad: Optional[Union[bytes, str]] = None,
|
|
320
349
|
) -> JweDecryptResult:
|
|
350
|
+
"""Decrypt a compact JWE string.
|
|
351
|
+
|
|
352
|
+
jwe (JWECompact): Serialized JWE to decode.
|
|
353
|
+
dir_key (Union[bytes, str]): Symmetric key when ``alg='dir'`` is used.
|
|
354
|
+
rsa_private_pem (Union[str, bytes]): RSA private key in PEM encoding for
|
|
355
|
+
RSA-OAEP algorithms.
|
|
356
|
+
rsa_private_password (Union[str, bytes]): Password for the RSA key.
|
|
357
|
+
ecdh_private_key (Any): Private key for ECDH-ES.
|
|
358
|
+
expected_algs (Iterable[JWAAlg]): Allowed algorithm values.
|
|
359
|
+
expected_encs (Iterable[JWAAlg]): Allowed encryption values.
|
|
360
|
+
aad (Union[bytes, str]): Additional authenticated data.
|
|
361
|
+
RETURNS (JweDecryptResult): Header and plaintext of the decrypted token.
|
|
362
|
+
"""
|
|
363
|
+
|
|
321
364
|
parts = jwe.split(".")
|
|
322
365
|
if len(parts) != 5:
|
|
323
366
|
raise ValueError("Invalid JWE compact: expected 5 dot-separated parts.")
|
|
File without changes
|
|
File without changes
|