swarmauri_mre_crypto_pgp 0.3.0.dev3__py3-none-any.whl

swarmauri_mre_crypto_pgp/pgp_sealed_cek_mre.py

@@ -0,0 +1,347 @@
+"""PGPSealedCekMreCrypto
+
+Multi-recipient encryption provider using a shared AEAD payload and OpenPGP
+sealing of the content-encryption key (CEK).
+"""
+
+from __future__ import annotations
+
+from typing import Any, Dict, Iterable, List, Mapping, Optional, Sequence, Tuple
+
+import os
+
+from swarmauri_core.mre_crypto.IMreCrypto import IMreCrypto
+from swarmauri_core.crypto.types import Alg, KeyRef
+
+try:  # type-checking only
+    from swarmauri_core.mre_crypto.types import MultiRecipientEnvelope, RecipientId
+except Exception:  # pragma: no cover - typing fallback
+    MultiRecipientEnvelope = Dict[str, Any]  # type: ignore
+    RecipientId = str  # type: ignore
+
+try:  # pragma: no cover - optional runtime dep
+    from cryptography.hazmat.primitives.ciphers.aead import AESGCM
+
+    _CRYPTOGRAPHY_OK = True
+except Exception:  # pragma: no cover
+    _CRYPTOGRAPHY_OK = False
+
+try:  # pragma: no cover - optional runtime dep
+    import pgpy
+
+    _PGP_OK = True
+except Exception:  # pragma: no cover
+    _PGP_OK = False
+
+
+def _ensure_crypto() -> None:
+    if not _CRYPTOGRAPHY_OK:
+        raise RuntimeError(
+            "PGPSealedCekMreCrypto requires 'cryptography'. Install with: pip install cryptography"
+        )
+
+
+def _ensure_pgpy() -> None:
+    if not _PGP_OK:
+        raise RuntimeError(
+            "PGPSealedCekMreCrypto requires 'PGPy'. Install with: pip install pgpy"
+        )
+
+
+# ---------------------------------------------------------------------------
+# PGP helpers
+# ---------------------------------------------------------------------------
+
+
+def _load_pgpy_pubkey(rec: KeyRef) -> Tuple[str, "pgpy.PGPKey"]:
+    _ensure_pgpy()
+    if isinstance(rec, dict):
+        kind = rec.get("kind")
+        if kind == "pgpy_pub" and isinstance(rec.get("pub"), pgpy.PGPKey):
+            pk = rec["pub"]
+        elif kind == "pgpy_key" and isinstance(rec.get("key"), pgpy.PGPKey):
+            k = rec["key"]
+            pk = k.pubkey if hasattr(k, "pubkey") else k
+        elif kind == "pgpy_pub_armored" and isinstance(rec.get("pub"), str):
+            pk, _ = pgpy.PGPKey.from_blob(rec["pub"])
+        else:
+            raise TypeError("Unsupported KeyRef for PGP public key encryption.")
+    else:
+        raise TypeError("Unsupported KeyRef type for PGP public key encryption.")
+
+    if getattr(pk, "is_public", True) is False and hasattr(pk, "pubkey"):
+        pk = pk.pubkey  # type: ignore[arg-type]
+
+    rid = str(pk.fingerprint)
+    return rid, pk
+
+
+def _load_pgpy_privkey(
+    my: KeyRef, *, passphrase: Optional[bytes | str]
+) -> "pgpy.PGPKey":
+    _ensure_pgpy()
+    if isinstance(my, dict):
+        kind = my.get("kind")
+        if kind == "pgpy_key" and isinstance(my.get("key"), pgpy.PGPKey):
+            k = my["key"]
+        elif kind == "pgpy_key_armored" and isinstance(my.get("key"), str):
+            k, _ = pgpy.PGPKey.from_blob(my["key"])
+        else:
+            raise TypeError("Unsupported KeyRef for PGP private key.")
+    else:
+        raise TypeError("Unsupported KeyRef for PGP private key.")
+
+    if getattr(k, "is_unlocked", True) is False:
+        if passphrase is None:
+            raise RuntimeError("PGP private key is locked. Provide opts['passphrase'].")
+        k.unlock(passphrase)
+    return k
+
+
+# ---------------------------------------------------------------------------
+# AEAD helpers
+# ---------------------------------------------------------------------------
+
+
+def _aead_encrypt(
+    cek: bytes, pt: bytes, *, aad: Optional[bytes]
+) -> Tuple[bytes, bytes, bytes]:
+    _ensure_crypto()
+    if len(cek) not in (16, 24, 32):
+        raise ValueError("AES-GCM key must be 16/24/32 bytes.")
+    nonce = os.urandom(12)
+    aead = AESGCM(cek)
+    ct_plus_tag = aead.encrypt(nonce, pt, aad)
+    tag = ct_plus_tag[-16:]
+    ct = ct_plus_tag[:-16]
+    return nonce, ct, tag
+
+
+def _aead_decrypt(
+    cek: bytes, nonce: bytes, ct: bytes, tag: bytes, *, aad: Optional[bytes]
+) -> bytes:
+    _ensure_crypto()
+    aead = AESGCM(cek)
+    return aead.decrypt(nonce, ct + tag, aad)
+
+
+class PGPSealedCekMreCrypto(IMreCrypto):
+    """IMreCrypto provider for the ``sealed_cek+aead`` mode using OpenPGP."""
+
+    def supports(self) -> Dict[str, Iterable[str]]:  # pragma: no cover - trivial
+        return {
+            "payload": ("AES-256-GCM",),
+            "recipient": ("OpenPGP-SEAL",),
+            "modes": ("sealed_cek+aead",),
+            "features": ("aad", "rewrap_without_reencrypt"),
+        }
+
+    async def encrypt_for_many(
+        self,
+        recipients: Sequence[KeyRef],
+        pt: bytes,
+        *,
+        payload_alg: Optional[Alg] = None,
+        recipient_alg: Optional[Alg] = None,
+        mode: Optional[str] = None,
+        aad: Optional[bytes] = None,
+        shared: Optional[Mapping[str, bytes]] = None,
+        opts: Optional[Mapping[str, object]] = None,
+    ) -> MultiRecipientEnvelope:
+        mode = mode or "sealed_cek+aead"
+        if mode != "sealed_cek+aead":
+            raise ValueError(
+                "PGPSealedCekMreCrypto only supports mode='sealed_cek+aead'."
+            )
+        payload_alg = payload_alg or "AES-256-GCM"
+        if payload_alg != "AES-256-GCM":
+            raise ValueError("Unsupported payload_alg for PGPSealedCekMreCrypto.")
+        recipient_alg = recipient_alg or "OpenPGP-SEAL"
+        if recipient_alg != "OpenPGP-SEAL":
+            raise ValueError(
+                "Unsupported recipient_alg for PGPSealedCekMreCrypto (expected 'OpenPGP-SEAL')."
+            )
+        if not recipients:
+            raise ValueError("At least one recipient is required.")
+
+        cek = os.urandom(32)
+        nonce, ct, tag = _aead_encrypt(cek, pt, aad=aad)
+
+        _ensure_pgpy()
+        rec_headers: List[Dict[str, Any]] = []
+        for rec in recipients:
+            rid, pub = _load_pgpy_pubkey(rec)
+            literal = pgpy.PGPMessage.new(cek, file=False)
+            enc = pub.encrypt(literal)
+            header_bytes = bytes(enc.__bytes__())
+            rec_headers.append({"id": rid, "header": header_bytes})
+
+        env: MultiRecipientEnvelope = {
+            "mode": "sealed_cek+aead",
+            "payload": {
+                "kind": "aead",
+                "alg": payload_alg,
+                "nonce": nonce,
+                "ct": ct,
+                "tag": tag,
+                "aad": aad,
+            },
+            "recipient_alg": recipient_alg,
+            "recipients": rec_headers,
+            "shared": dict(shared) if shared else None,
+            "version": 1,
+        }
+        return env
+
+    async def open_for(
+        self,
+        my_identity: KeyRef,
+        env: MultiRecipientEnvelope,
+        *,
+        aad: Optional[bytes] = None,
+        opts: Optional[Mapping[str, object]] = None,
+    ) -> bytes:
+        if env.get("mode") != "sealed_cek+aead":
+            raise ValueError("Unsupported envelope mode.")
+        payload = env.get("payload") or {}
+        if not isinstance(payload, dict) or payload.get("kind") != "aead":
+            raise ValueError("Malformed envelope payload for sealed_cek+aead.")
+        nonce: bytes = payload["nonce"]
+        ct: bytes = payload["ct"]
+        tag: bytes = payload["tag"]
+        bound_aad = payload.get("aad", None)
+        if (
+            (aad is not None)
+            and (bound_aad is not None)
+            and (bytes(aad) != bytes(bound_aad))
+        ):
+            raise ValueError("AAD mismatch.")
+
+        passphrase = None
+        if opts and "passphrase" in opts:
+            passphrase = opts["passphrase"]
+        priv = _load_pgpy_privkey(my_identity, passphrase=passphrase)
+        my_rid = str((priv.pubkey if hasattr(priv, "pubkey") else priv).fingerprint)
+
+        header = None
+        for ent in env.get("recipients") or []:
+            if ent.get("id") == my_rid:
+                header = ent.get("header")
+                break
+        if not isinstance(header, (bytes, bytearray)):
+            raise ValueError("Recipient not found in envelope.")
+
+        sealed = pgpy.PGPMessage.from_blob(bytes(header))
+        lit = priv.decrypt(sealed)
+        cek = bytes(lit.message)
+        return _aead_decrypt(cek, nonce, ct, tag, aad=bound_aad)
+
+    async def open_for_many(
+        self,
+        my_identities: Sequence[KeyRef],
+        env: MultiRecipientEnvelope,
+        *,
+        aad: Optional[bytes] = None,
+        opts: Optional[Mapping[str, object]] = None,
+    ) -> bytes:
+        last_err: Optional[Exception] = None
+        for kid in my_identities:
+            try:
+                return await self.open_for(kid, env, aad=aad, opts=opts)
+            except Exception as e:  # pragma: no cover - best effort
+                last_err = e
+                continue
+        raise (
+            last_err
+            if last_err
+            else RuntimeError("Failed to open envelope with provided identities.")
+        )
+
+    async def rewrap(
+        self,
+        env: MultiRecipientEnvelope,
+        *,
+        add: Optional[Sequence[KeyRef]] = None,
+        remove: Optional[Sequence[RecipientId]] = None,
+        recipient_alg: Optional[Alg] = None,
+        opts: Optional[Mapping[str, object]] = None,
+    ) -> MultiRecipientEnvelope:
+        if env.get("mode") != "sealed_cek+aead":
+            raise ValueError("Unsupported envelope mode for rewrap.")
+        if recipient_alg and recipient_alg != "OpenPGP-SEAL":
+            raise ValueError(
+                "PGPSealedCekMreCrypto only supports recipient_alg='OpenPGP-SEAL' in rewrap."
+            )
+
+        add = add or []
+        remove_ids = set(remove or [])
+        recipients = list(env.get("recipients") or [])
+        payload = env.get("payload") or {}
+        rotate_flag = bool((opts or {}).get("rotate_payload_on_revoke")) and bool(
+            remove_ids
+        )
+
+        cek: Optional[bytes] = None
+        need_cek = add or rotate_flag
+        if need_cek:
+            if opts and isinstance(opts.get("cek"), (bytes, bytearray)):
+                cek = bytes(opts["cek"])
+            else:
+                opener_list = (opts or {}).get("opener_identities")
+                if not opener_list:
+                    raise RuntimeError(
+                        "Rewrap(add=... or rotate) requires opts['cek'] or opts['opener_identities']."
+                    )
+                if not isinstance(opener_list, (list, tuple)):
+                    opener_list = [opener_list]
+                passphrase = (opts or {}).get("passphrase")
+                for ident in opener_list:
+                    try:
+                        priv = _load_pgpy_privkey(ident, passphrase=passphrase)
+                        for ent in recipients:
+                            try:
+                                sealed = pgpy.PGPMessage.from_blob(bytes(ent["header"]))
+                                with priv:
+                                    lit = priv.decrypt(sealed)
+                                cek = bytes(lit.message)
+                                break
+                            except Exception:
+                                continue
+                        if cek:
+                            break
+                    except Exception:
+                        continue
+            if cek is None:
+                raise RuntimeError("Unable to recover CEK for rewrap.")
+
+        if remove_ids:
+            recipients = [r for r in recipients if r.get("id") not in remove_ids]
+
+        if rotate_flag and cek is not None:
+            new_cek = os.urandom(32)
+            bound_aad = payload.get("aad")
+            pt = _aead_decrypt(
+                cek, payload["nonce"], payload["ct"], payload["tag"], aad=bound_aad
+            )
+            nonce, ct, tag = _aead_encrypt(new_cek, pt, aad=bound_aad)
+            env["payload"] = {
+                "kind": "aead",
+                "alg": payload.get("alg", "AES-256-GCM"),
+                "nonce": nonce,
+                "ct": ct,
+                "tag": tag,
+                "aad": bound_aad,
+            }
+            cek = new_cek
+            recipients = []
+
+        for rec in add:
+            rid, pub = _load_pgpy_pubkey(rec)
+            literal = pgpy.PGPMessage.new(cek, file=False)
+            enc = pub.encrypt(literal)
+            header_bytes = bytes(enc.__bytes__())
+            recipients = [r for r in recipients if r.get("id") != rid]
+            recipients.append({"id": rid, "header": header_bytes})
+
+        env["recipients"] = recipients
+        return env

swarmauri_mre_crypto_pgp-0.3.0.dev3.dist-info/LICENSE

@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [2025] [Jacob Stewart @ Swarmauri]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

swarmauri_mre_crypto_pgp-0.3.0.dev3.dist-info/METADATA

@@ -0,0 +1,114 @@
+Metadata-Version: 2.3
+Name: swarmauri_mre_crypto_pgp
+Version: 0.3.0.dev3
+Summary: OpenPGP sealed-per-recipient MRE provider for Swarmauri
+License: Apache-2.0
+Author: Swarmauri
+Author-email: opensource@swarmauri.com
+Requires-Python: >=3.10,<3.13
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Natural Language :: English
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Development Status :: 3 - Alpha
+Classifier: Topic :: Security :: Cryptography
+Classifier: Intended Audience :: Developers
+Provides-Extra: cbor
+Provides-Extra: cryptography
+Provides-Extra: pgpy
+Requires-Dist: cbor2 (>=5.4.6) ; extra == "cbor"
+Requires-Dist: cryptography (>=41.0.0) ; extra == "cryptography"
+Requires-Dist: pgpy (>=0.6.0)
+Requires-Dist: pgpy (>=0.6.0) ; extra == "pgpy"
+Requires-Dist: swarmauri_base
+Requires-Dist: swarmauri_core
+Description-Content-Type: text/markdown
+
+![Swamauri Logo](https://res.cloudinary.com/dbjmpekvl/image/upload/v1730099724/Swarmauri-logo-lockup-2048x757_hww01w.png)
+
+<p align="center">
+    <a href="https://pypi.org/project/swarmauri_mre_crypto_pgp/">
+        <img src="https://img.shields.io/pypi/dm/swarmauri_mre_crypto_pgp" alt="PyPI - Downloads"/></a>
+    <a href="https://hits.sh/github.com/swarmauri/swarmauri-sdk/tree/master/pkgs/standards/swarmauri_mre_crypto_pgp/">
+        <img alt="Hits" src="https://hits.sh/github.com/swarmauri/swarmauri-sdk/tree/master/pkgs/standards/swarmauri_mre_crypto_pgp.svg"/></a>
+    <a href="https://pypi.org/project/swarmauri_mre_crypto_pgp/">
+        <img src="https://img.shields.io/pypi/pyversions/swarmauri_mre_crypto_pgp" alt="PyPI - Python Version"/></a>
+    <a href="https://pypi.org/project/swarmauri_mre_crypto_pgp/">
+        <img src="https://img.shields.io/pypi/l/swarmauri_mre_crypto_pgp" alt="PyPI - License"/></a>
+    <a href="https://pypi.org/project/swarmauri_mre_crypto_pgp/">
+        <img src="https://img.shields.io/pypi/v/swarmauri_mre_crypto_pgp?label=swarmauri_mre_crypto_pgp&color=green" alt="PyPI - swarmauri_mre_crypto_pgp"/></a>
+</p>
+
+---
+
+## Swarmauri MRE Crypto PGP
+
+OpenPGP-based multi-recipient encryption providers implementing the
+`IMreCrypto` contract. This package exposes three providers:
+
+* **PGPSealMreCrypto** – per-recipient sealed payloads
+  (`sealed_per_recipient` mode).
+* **PGPSealedCekMreCrypto** – shared AEAD payload with per-recipient sealed
+  CEK (`sealed_cek+aead` mode).
+* **PGPMreCrypto** – composite provider supporting both the
+  `enc_once+per_recipient_header` and `sealed_per_recipient` modes.
+
+All providers use OpenPGP public key encryption via PGPy.
+
+### Installation
+
+```bash
+pip install swarmauri_mre_crypto_pgp
+```
+
+### Usage
+
+```python
+import asyncio
+from pgpy import PGPKey, PGPUID
+from pgpy.constants import (
+    CompressionAlgorithm,
+    HashAlgorithm,
+    KeyFlags,
+    PubKeyAlgorithm,
+    SymmetricKeyAlgorithm,
+)
+from swarmauri_mre_crypto_pgp import PGPMreCrypto
+
+
+async def main():
+    # Generate an OpenPGP key pair with pgpy
+    key = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 2048)
+    uid = PGPUID.new("Test User", email="test@example.com")
+    key.add_uid(
+        uid,
+        usage={KeyFlags.EncryptCommunications},
+        hashes=[HashAlgorithm.SHA256],
+        ciphers=[SymmetricKeyAlgorithm.AES256],
+        compression=[CompressionAlgorithm.ZLIB],
+    )
+
+    # Create references understood by the provider
+    pub_ref = {"kind": "pgpy_pub", "pub": key.pubkey}
+    priv_ref = {"kind": "pgpy_priv", "priv": key}
+
+    # Encrypt for many and open with the private key
+    mre = PGPMreCrypto()
+    pt = b"hello"
+    env = await mre.encrypt_for_many([pub_ref], pt)
+    rt = await mre.open_for(priv_ref, env)
+    print(rt)
+
+
+if __name__ == "__main__":
+    asyncio.run(main())
+```
+
+## Entry point
+
+Providers are registered under the `swarmauri.mre_cryptos` entry-point as
+`PGPSealMreCrypto`, `PGPSealedCekMreCrypto` and `PGPMreCrypto`.
+
+

swarmauri_mre_crypto_pgp-0.3.0.dev3.dist-info/RECORD

@@ -0,0 +1,9 @@
+swarmauri_mre_crypto_pgp/PGPSealMreCrypto.py,sha256=m-hU3q--YjujDrvdgkF29ElXWgtlxLYCjfB5ZmM8_cY,8187
+swarmauri_mre_crypto_pgp/__init__.py,sha256=8jIWcVUOYwLAHjWx7NLd3WT-owus9Qb0nZjYJvqR64o,280
+swarmauri_mre_crypto_pgp/pgp_mre.py,sha256=RTlq_kK7iyMMarmkR17x4G5fbQ-w2oQX8IKv2u1rX6U,16709
+swarmauri_mre_crypto_pgp/pgp_sealed_cek_mre.py,sha256=tRrUrNdD1rCkFiY8aWBEgtTrV7g7YHHcTSSZThxQ97s,12408
+swarmauri_mre_crypto_pgp-0.3.0.dev3.dist-info/LICENSE,sha256=djUXOlCxLVszShEpZXshZ7v33G-2qIC_j9KXpWKZSzQ,11359
+swarmauri_mre_crypto_pgp-0.3.0.dev3.dist-info/METADATA,sha256=ofKOhFxFEI0s57tMk7b6uexTUrh9KB7M7qQd_HMHtfU,4067
+swarmauri_mre_crypto_pgp-0.3.0.dev3.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
+swarmauri_mre_crypto_pgp-0.3.0.dev3.dist-info/entry_points.txt,sha256=EYmzBKJYsYA7sUATQPlDs47BASiy5YOulGEoZOACRZQ,447
+swarmauri_mre_crypto_pgp-0.3.0.dev3.dist-info/RECORD,,

swarmauri_mre_crypto_pgp-0.3.0.dev3.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: poetry-core 2.1.3
+Root-Is-Purelib: true
+Tag: py3-none-any