A Python implementation of CWT/COSE.

Overview

Python CWT - A Python implementation of CWT/COSE

PyPI version PyPI - Python Version Documentation Status Github CI codecov

Python CWT is a CBOR Web Token (CWT) and CBOR Object Signing and Encryption (COSE) implementation compliant with:

It is designed to make users who already know about JWS/JWE/JWT be able to use it in ease. Little knowledge of CBOR/COSE/CWT is required to use it.

You can install Python CWT with pip:

$ pip install cwt

And then, you can use it as follows:

>>> import cwt
>>> from cwt import COSEKey
>>> key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
>>> token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
>>> token.hex()
'd18443a10105a05835a60172636f6170733a2f2f61732e657861'...
>>> cwt.decode(token, key)
{1: 'coaps://as.example', 2: 'dajiaji', 7: b'123', 4: 1620088759, 5: 1620085159, 6: 1620085159}

See Documentation for details.

Index

Installation

Install with pip:

pip install cwt

CWT Usage Examples

Followings are typical and basic examples which create various types of CWTs, verify and decode them.

CWT API in the examples are built on top of COSE API.

See API Reference and CWT Usage Examples on document for more details.

MACed CWT

Create a MACed CWT with HS256, verify and decode it as follows:

import cwt
from cwt import Claims, COSEKey

try:
    key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
    token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
    decoded = cwt.decode(token, key)

    # If you want to treat the result like a JWT;
    readable = Claims.new(decoded)
    assert readable.iss == 'coaps://as.example'
    assert readable.sub == 'dajiaji'
    assert readable.cti == '123'
    # readable.exp == 1620088759
    # readable.nbf == 1620085159
    # readable.iat == 1620085159

except Exception as err:
    # All the other examples in this document omit error handling but this CWT library
    # can throw following errors:
    #   ValueError: Invalid arguments.
    #   EncodeError: Failed to encode.
    #   VerifyError: Failed to verify.
    #   DecodeError: Failed to decode.
    print(err)

A raw CWT structure (Dict[int, Any]) can also be used as follows:

import cwt
from cwt import COSEKey

key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
token = cwt.encode({1: "coaps://as.example", 2: "dajiaji", 7: b"123"}, key)
decoded = cwt.decode(token, key)

MAC algorithms other than HS256 are listed in Supported COSE Algorithms.

Signed CWT

Create an Ed25519 key pair:

$ openssl genpkey -algorithm ed25519 -out private_key.pem
$ openssl pkey -in private_key.pem -pubout -out public_key.pem

Create a Signed CWT with Ed25519, verify and decode it with the key pair as follows:

import cwt
from cwt import COSEKey

# The sender side:
with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="01")
token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# The recipient side:
with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="01")
decoded = cwt.decode(token, public_key)

JWKs can also be used instead of the PEM-formatted keys as follows:

import cwt
from cwt import COSEKey

# The sender side:
private_key = COSEKey.from_jwk({
    "kid": "01",
    "kty": "OKP",
    "key_ops": ["sign"],
    "alg": "EdDSA",
    "crv": "Ed25519",
    "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
    "d": "L8JS08VsFZoZxGa9JvzYmCWOwg7zaKcei3KZmYsj7dc",
})
token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# The recipient side:
public_key = COSEKey.from_jwk({
    "kid": "01",
    "kty": "OKP",
    "key_ops": ["verify"],
    "crv": "Ed25519",
    "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
})
decoded = cwt.decode(token, public_key)

Signing algorithms other than Ed25519 are listed in Supported COSE Algorithms.

Encrypted CWT

Create an encrypted CWT with ChaCha20/Poly1305 and decrypt it as follows:

import cwt
from cwt import COSEKey

enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, enc_key)
decoded = cwt.decode(token, enc_key)

Encryption algorithms other than ChaCha20/Poly1305 are listed in Supported COSE Algorithms.

Nested CWT

Create a signed CWT and encrypt it, and then decrypt and verify the nested CWT as follows.

import cwt
from cwt import COSEKey

# A shared encryption key.
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="enc-01")

# Creates a CWT with ES256 signing.
with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="sig-01")
token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# Encrypts the signed CWT.
nested = cwt.encode(token, enc_key)

# Decrypts and verifies the nested CWT.
with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="sig-01")
decoded = cwt.decode(nested, [enc_key, public_key])

CWT with User Settings

The cwt in cwt.encode() and cwt.decode() above is a global CWT class instance created with default settings in advance. The default settings are as follows:

  • expires_in: 3600 seconds. This is the default lifetime in seconds of CWTs.
  • leeway: 60 seconds. This is the default leeway in seconds for validating exp and nbf.

If you want to change the settings, you can create your own CWT class instance as follows:

from cwt import COSEKey, CWT

key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
mycwt = CWT.new(expires_in=3600*24, leeway=10)
token = mycwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
decoded = mycwt.decode(token, key)

CWT with User-Defined Claims

You can use your own claims as follows:

Note that such user-defined claim's key should be less than -65536.

import cwt
from cwt import COSEKey

# The sender side:
with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="01")
token = cwt.encode(
    {
        1: "coaps://as.example",  # iss
        2: "dajiaji",  # sub
        7: b"123",  # cti
        -70001: "foo",
        -70002: ["bar"],
        -70003: {"baz": "qux"},
        -70004: 123,
    },
    private_key,
)

# The recipient side:
with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="01")
raw = cwt.decode(token, public_key)
assert raw[-70001] == "foo"
assert raw[-70002][0] == "bar"
assert raw[-70003]["baz"] == "qux"
assert raw[-70004] == 123

readable = Claims.new(raw)
assert readable.get(-70001) == "foo"
assert readable.get(-70002)[0] == "bar"
assert readable.get(-70003)["baz"] == "qux"
assert readable.get(-70004) == 123

User-defined claims can also be used with JSON-based claims as follows:

import cwt
from cwt import Claims, COSEKey

with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="01")

my_claim_names = {
    "ext_1": -70001,
    "ext_2": -70002,
    "ext_3": -70003,
    "ext_4": -70004,
}

cwt.set_private_claim_names(my_claim_names)
token = cwt.encode(
    {
        "iss": "coaps://as.example",
        "sub": "dajiaji",
        "cti": b"123",
        "ext_1": "foo",
        "ext_2": ["bar"],
        "ext_3": {"baz": "qux"},
        "ext_4": 123,
    },
    private_key,
)

with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="01")

raw = cwt.decode(token, public_key)
readable = Claims.new(
    raw,
    private_claims_names=my_claim_names,
)
assert readable.get("ext_1") == "foo"
assert readable.get("ext_2")[0] == "bar"
assert readable.get("ext_3")["baz"] == "qux"
assert readable.get("ext_4") == 123

CWT with PoP Key

Python CWT supports Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs). A CWT can include a PoP key as follows:

On the issuer side:

import cwt
from cwt import COSEKey

# Prepares a signing key for CWT in advance.
with open("./private_key_of_issuer.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")

# Sets the PoP key to a CWT for the presenter.
token = cwt.encode(
    {
        "iss": "coaps://as.example",
        "sub": "dajiaji",
        "cti": "123",
        "cnf": {
            "jwk": {  # Provided by the CWT presenter.
                "kty": "OKP",
                "use": "sig",
                "crv": "Ed25519",
                "kid": "presenter-01",
                "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
                "alg": "EdDSA",
            },
        },
    },
    private_key,
)

# Issues the token to the presenter.

On the CWT presenter side:

import cwt
from cwt import COSEKey

# Prepares a private PoP key in advance.
with open("./private_pop_key.pem") as key_file:
    pop_key_private = COSEKey.from_pem(key_file.read(), kid="presenter-01")

# Receives a message (e.g., nonce)  from the recipient.
msg = b"could-you-sign-this-message?"  # Provided by recipient.

# Signs the message with the private PoP key.
sig = pop_key_private.sign(msg)

# Sends the msg and the sig with the CWT to the recipient.

On the CWT recipient side:

import cwt
from cwt import Claims, COSEKey

# Prepares the public key of the issuer in advance.
with open("./public_key_of_issuer.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")

# Verifies and decodes the CWT received from the presenter.
raw = cwt.decode(token, public_key)
decoded = Claims.new(raw)

# Extracts the PoP key from the CWT.
extracted_pop_key = COSEKey.new(decoded.cnf)  # = raw[8][1]

# Then, verifies the message sent by the presenter
# with the signature which is also sent by the presenter as follows:
extracted_pop_key.verify(msg, sig)

Usage Examples shows other examples which use other confirmation methods for PoP keys.

CWT with Private CA

Python CWT supports the case of using an arbitrary private CA as a root of trust. In this case, a COSE message sender needs to specify the trust relationship chaining up to the root CA by using x5chain header parameter. On the other hand, a COSE message receiver needs to specify trusted root CAs by using ca_certs parameter of CWT/COSE constructor (CWT.new() or COSE.new()).

import cwt
from cwt import Claims, COSEKey

# The sernder side:
with open("./private_key_of_cert.pem")) as f:
    private_key = COSEKey.from_pem(f.read(), kid="01")

token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# The recipient side:
public_key = COSEKey.from_jwk(
    {
        "kty": "EC",
        "use": "sig",
        "crv": "P-256",
        "kid": "P-256-01",
        "x": "oONCv1QoiajIbcW21Dqy6EnGvBTuF26GU7dy6JzOfXk",
        "y": "sl6k77K0TS36FW-TyEGLHY14ovZfdZ9DZWsbA8BTHGc",
        "x5c": [
          # The DER formatted X509 certificate which pairs with the private_key_of_cert.pem above.
          "MIIClDCCAXygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAoMB2RhamlhamkxEzARBgNVBAMMCnB5dGhvbi1jd3QxIDAeBgkqhkiG9w0BCQEWEWRhamlhamlAZ21haWwuY29tMB4XDTIxMTAwMzEzMDE1MFoXDTMxMTAwMTEzMDE1MFowZDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQ0wCwYDVQQKDAR0ZXN0MRUwEwYDVQQDDAx0ZXN0LmV4YW1wbGUxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASg40K_VCiJqMhtxbbUOrLoSca8FO4XboZTt3LonM59ebJepO-ytE0t-hVvk8hBix2NeKL2X3WfQ2VrGwPAUxxnoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAZFfvFbaDk_DmG2cPGTwqwnFok1QnH2Tzkjk7p4vs1ycWzEDltkhyzcJxTSHoQGdykf7fG8NCrEqfi1G3hOyAtGxVIVcqsI-KIJCESp43zrNz5HsbwEY8l5rvcwohKGlE_idIFt5IuDTv7vsg_FaCIDeruw0NrXAACnLTwksawsxaCvtY12U0wsI2aC2Sb6V3HL-OLgcN6ZWzZ054L88JllckYnqJB8wCVBzzX2K2sZH3yeS39oRWZOVG6fwXsX4k0fHFx-Fn6KlrBU15pbjMLMn0ow0X3Y8e7FOgfkkph-N7e2SxceXNjrLiumOdclPm9yGSWoGsOJdId53dPvqAsQ",
          # The root certificate which is used for signing the above certificate (optional).
          "MIIDrzCCApegAwIBAgIUIK_CYzdq4BLLVXqSclNBgXy6mgswDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQKDAdkYWppYWppMRMwEQYDVQQDDApweXRob24tY3d0MSAwHgYJKoZIhvcNAQkBFhFkYWppYWppQGdtYWlsLmNvbTAgFw0yMTEwMDIyMzU0NTZaGA8yMDcxMDkyMDIzNTQ1NlowZjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQKDAdkYWppYWppMRMwEQYDVQQDDApweXRob24tY3d0MSAwHgYJKoZIhvcNAQkBFhFkYWppYWppQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFg4sw-uPWbPBbkJuohXc89O0gaqG1H2i1wzxxka32XNKIdwrxOJvsB2eALo3q7dTqLKCgzrjdd5N07gi0KzqjoIXIXqKpV5tm0fP5gCzEOWgxySCfBJOJyyvO6WvYXdvukEBnL-48D8RSjQH9fQEju5RG0taFZE-0nQ7n3P0J-Q-OfBUEoRiHvCd8oUx0s-fBpKdfhMAbD1sGAQ9CokUFeWc49em8inNqia5xljBtSYo6_2Zx9eb7B53wvBC0EmtS4SRyksR2emlr6GxMj_EZW7hcTfZCM4V2JYXliuAEdxA0sB7q-WqLg4OvltBQxCBgTTEXRCzxj3XXZy7QyUacCAwEAAaNTMFEwHQYDVR0OBBYEFA9id2cL_Chjv6liRN3HD849TARsMB8GA1UdIwQYMBaAFA9id2cL_Chjv6liRN3HD849TARsMA8GA1UdEwEB_wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAArIej5eJN1OmD3l3ef9QzosCxKThNwqNY55CoSSC3IRl-IAXy9Lvx7cgiliwBgCv99RbXZ1ZnptTHC_1kzMzPhPg9pGKDowFP-rywaB9-NTuHTWQ4hkKDsru5dpf75ILNI5PTUi1iiBM7TdgSerpEVroUWZiOpGAdlKkmE1h4gkR6eQY9Q0IvVXwagy_PPoQ1XO1i5Hyg3aXeDZBgkE7AuW9uxtYQHzg8JG2TNko_yp497yf_Ew4t6KzGDhSa8L1euMPtclALDWFhgl6WmYsHOqAOsyZOLwpsifWa533wI9mtTvLEg8TFKMOdU0sbAoQSbrrI9m4QS7mzDLchngj3E"
        ],
        "alg": "ES256"
    })

# The recipient can specify trusted CAs as follows:
decoder = CWT.new(ca_certs="/path/to/cacerts.pem")
decoded = decoder.decode(token, public_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"

CWT for EUDCC (EU Digital COVID Certificate)

Python CWT supports Electronic Health Certificate Specification and EUDCC (EU Digital COVID Certificate) compliant with Technical Specifications for Digital Green Certificates Volume 1

A following example shows how to verify an EUDCC:

import cwt
from cwt import load_pem_hcert_dsc

# A DSC(Document Signing Certificate) issued by a CSCA
# (Certificate Signing Certificate Authority) quoted from:
# https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/AT/2DCode/raw/1.json
dsc = "-----BEGIN CERTIFICATE-----\nMIIBvTCCAWOgAwIBAgIKAXk8i88OleLsuTAKBggqhkjOPQQDAjA2MRYwFAYDVQQDDA1BVCBER0MgQ1NDQSAxMQswCQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMB4XDTIxMDUwNTEyNDEwNloXDTIzMDUwNTEyNDEwNlowPTERMA8GA1UEAwwIQVQgRFNDIDExCzAJBgNVBAYTAkFUMQ8wDQYDVQQKDAZCTVNHUEsxCjAIBgNVBAUTATEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASt1Vz1rRuW1HqObUE9MDe7RzIk1gq4XW5GTyHuHTj5cFEn2Rge37+hINfCZZcozpwQKdyaporPUP1TE7UWl0F3o1IwUDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFO49y1ISb6cvXshLcp8UUp9VoGLQMB8GA1UdIwQYMBaAFP7JKEOflGEvef2iMdtopsetwGGeMAoGCCqGSM49BAMCA0gAMEUCIQDG2opotWG8tJXN84ZZqT6wUBz9KF8D+z9NukYvnUEQ3QIgdBLFSTSiDt0UJaDF6St2bkUQuVHW6fQbONd731/M4nc=\n-----END CERTIFICATE-----"

# An EUDCC (EU Digital COVID Certificate) quoted from:
# https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/AT/2DCode/raw/1.json
eudcc = bytes.fromhex(
    "d2844da20448d919375fc1e7b6b20126a0590133a4041a61817ca0061a60942ea001624154390103a101a4617681aa62646e01626d616d4f52472d3130303033303231356276706a313131393334393030376264746a323032312d30322d313862636f624154626369783155524e3a555643493a30313a41543a31303830373834334639344145453045453530393346424332353442443831332342626d706c45552f312f32302f31353238626973781b4d696e6973747279206f66204865616c74682c20417573747269616273640262746769383430353339303036636e616da463666e74754d5553544552465241553c474f455353494e47455262666e754d7573746572667261752d47c3b6c39f696e67657263676e74684741425249454c4562676e684761627269656c656376657265312e302e3063646f626a313939382d30322d323658405812fce67cb84c3911d78e3f61f890d0c80eb9675806aebed66aa2d0d0c91d1fc98d7bcb80bf00e181806a9502e11b071325901bd0d2c1b6438747b8cc50f521"
)

public_key = load_pem_hcert_dsc(dsc)
decoded = cwt.decode(eudcc, keys=[public_key])
claims = Claims.new(decoded)
# claims.hcert[1] ==
# {
#     'v': [
#         {
#             'dn': 1,
#             'ma': 'ORG-100030215',
#             'vp': '1119349007',
#             'dt': '2021-02-18',
#             'co': 'AT',
#             'ci': 'URN:UVCI:01:AT:10807843F94AEE0EE5093FBC254BD813#B',
#             'mp': 'EU/1/20/1528',
#             'is': 'Ministry of Health, Austria',
#             'sd': 2,
#             'tg': '840539006',
#         }
#     ],
#     'nam': {
#         'fnt': 'MUSTERFRAU<GOESSINGER',
#         'fn': 'Musterfrau-Gößinger',
#         'gnt': 'GABRIELE',
#         'gn': 'Gabriele',
#     },
#     'ver': '1.0.0',
#     'dob': '1998-02-26',
# }

COSE Usage Examples

Followings are typical and basic examples which create various types of COSE messages, verify and decode them.

See API Reference and COSE Usage Examples on document for more details.

COSE MAC0

Create a COSE MAC0 message, verify and decode it as follows:

from cwt import COSE, COSEKey

mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
encoded = ctx.encode_and_mac(b"Hello world!", mac_key)
assert b"Hello world!" == ctx.decode(encoded, mac_key)

Following two samples are other ways of writing the above example:

from cwt import COSE, COSEKey

mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
ctx = COSE.new()
encoded = ctx.encode_and_mac(
    b"Hello world!",
    mac_key,
    protected={"alg": "HS256"},
    unprotected={"kid": "01"},
)
assert b"Hello world!" == ctx.decode(encoded, mac_key)
from cwt import COSE, COSEKey

mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
ctx = COSE.new()
encoded = ctx.encode_and_mac(
    b"Hello world!",
    mac_key,
    protected={1: 5},
    unprotected={4: b"01"},
)
assert b"Hello world!" == ctx.decode(encoded, mac_key)

COSE MAC

Direct Key Distribution for MAC

The direct key distribution shares a MAC key between the sender and the recipient that is used directly. The follwing example shows the simplest way to make a COSE MAC message, verify and decode it with the direct key distribution method.

from cwt import COSE, COSEKey, Recipient

# The sender makes a COSE MAC message as follows:
mac_key = COSEKey.from_symmetric_key(alg="HS512", kid="01")
r = Recipient.from_jwk({"alg": "direct"})
r.apply(mac_key)
ctx = COSE.new()
encoded = ctx.encode_and_mac(b"Hello world!", mac_key, recipients=[r])

# The recipient has the same MAC key and can verify and decode it:
assert b"Hello world!" == ctx.decode(encoded, mac_key)

Direct Key with KDF for MAC

from secrets import token_bytes
from cwt import COSE, COSEKey, Recipient

shared_material = token_bytes(32)
shared_key = COSEKey.from_symmetric_key(shared_material, kid="01")

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "oct",
        "alg": "direct+HKDF-SHA-256",
    },
)
mac_key = r.apply(shared_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
    b"Hello world!",
    key=mac_key,
    recipients=[r],
)

# The recipient side:
assert b"Hello world!" == ctx.decode(encoded, shared_key, context={"alg": "HS256"})

AES Key Wrap for MAC

The AES key wrap algorithm can be used to wrap a MAC key as follows:

from cwt import COSE, COSEKey, Recipient

# The sender side:
mac_key = COSEKey.from_symmetric_key(alg="HS512")
r = Recipient.from_jwk(
    {
        "kid": "01",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",  # A shared wrapping key
    },
)
r.apply(mac_key)
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(b"Hello world!", key=mac_key, recipients=[r])

# The recipient side:
shared_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "oct",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",
    },
)
assert b"Hello world!" == ctx.decode(encoded, shared_key)

Direct Key Agreement for MAC

The direct key agreement methods can be used to create a shared secret. A KDF (Key Distribution Function) is then applied to the shared secret to derive a key to be used to protect the data. The follwing example shows a simple way to make a COSE Encrypt message, verify and decode it with the direct key agreement methods (ECDH-ES+HKDF-256 with various curves).

from cwt import COSE, COSEKey, Recipient

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "EC",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "P-256",
    },
)
# The following key is provided by the recipient in advance.
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
    }
)
mac_key = r.apply(recipient_key=pub_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
    b"Hello world!",
    key=mac_key,
    recipients=[r],
)

# The recipient side:
# The following key is the private key of the above pub_key.
priv_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
    }
)
# The enc_key will be derived in decode() with priv_key and
# the sender's public key which is conveyed as the recipient
# information structure in the COSE Encrypt message (encoded).
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "HS256"})

Key Agreement with Key Wrap for MAC

from cwt import COSE, COSEKey, Recipient

# The sender side:
mac_key = COSEKey.from_symmetric_key(alg="HS256")
r = Recipient.from_jwk(
    {
        "kty": "EC",
        "alg": "ECDH-SS+A128KW",
        "crv": "P-256",
        "x": "7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
        "y": "DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
        "d": "Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
    }
)
pub_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
    }
)
r.apply(mac_key, recipient_key=pub_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
    b"Hello world!",
    key=mac_key,
    recipients=[r],
)

# The recipient side:
priv_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "crv": "P-256",
        "alg": "ECDH-SS+A128KW",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
    }
)
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "HS256"})

COSE Encrypt0

Create a COSE Encrypt0 message, verify and decode it as follows:

from cwt import COSE, COSEKey

enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key)
decoded = ctx.decode(encoded, enc_key)

COSE Encrypt

Direct Key Distribution for encryption

The direct key distribution shares a MAC key between the sender and the recipient that is used directly. The follwing example shows the simplest way to make a COSE MAC message, verify and decode it with the direct key distribution method.

from cwt import COSE, COSEKey, Recipient

enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")

# The sender side:
nonce = enc_key.generate_nonce()
r = Recipient.from_jwk({"alg": "direct"})
r.apply(enc_key)
ctx = COSE.new()
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    enc_key,
    nonce=nonce,
    recipients=[r],
)

# The recipient side:
assert b"Hello world!" == ctx.decode(encoded, enc_key)

Direct Key with KDF for encryption

from cwt import COSE, COSEKey, Recipient

shared_material = token_bytes(32)
shared_key = COSEKey.from_symmetric_key(shared_material, kid="01")

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "oct",
        "alg": "direct+HKDF-SHA-256",
    },
)
enc_key = r.apply(shared_key, context={"alg": "A256GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    key=enc_key,
    recipients=[r],
)
# The recipient side:
assert b"Hello world!" == ctx.decode(encoded, shared_key, context={"alg": "A256GCM"})

AES Key Wrap for encryption

The AES key wrap algorithm can be used to wrap a MAC key as follows:

from cwt import COSE, COSEKey, Recipient

# The sender side:
r = Recipient.from_jwk(
    {
        "kid": "01",
        "kty": "oct",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",  # A shared wrapping key
    },
)
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
r.apply(enc_key)
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(b"Hello world!", key=enc_key, recipients=[r])

# The recipient side:
shared_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "oct",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",
    },
)
assert b"Hello world!" == ctx.decode(encoded, shared_key)

Direct Key Agreement for encryption

The direct key agreement methods can be used to create a shared secret. A KDF (Key Distribution Function) is then applied to the shared secret to derive a key to be used to protect the data. The follwing example shows a simple way to make a COSE Encrypt message, verify and decode it with the direct key agreement methods (ECDH-ES+HKDF-256 with various curves).

from cwt import COSE, COSEKey, Recipient

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "OKP",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "X25519",
    },
)
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "OKP",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "X25519",
        "x": "y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
    }
)
enc_key = r.apply(recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    key=enc_key,
    recipients=[r],
)

# The recipient side:
priv_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "OKP",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "X25519",
        "x": "y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
        "d": "vsJ1oX5NNi0IGdwGldiac75r-Utmq3Jq4LGv48Q_Qc4",
    }
)
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})

Key Agreement with Key Wrap for encryption

from cwt import COSE, COSEKey, Recipient

# The sender side:
enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
nonce = enc_key.generate_nonce()
r = Recipient.from_jwk(
    {
        "kty": "EC",
        "alg": "ECDH-SS+A128KW",
        "crv": "P-256",
        "x": "7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
        "y": "DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
        "d": "Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
    }
)
pub_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
    }
)
r.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    key=enc_key,
    nonce=nonce,
    recipients=[r],
)

# The recipient side:
priv_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "alg": "ECDH-SS+A128KW",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
    }
)
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})

COSE Signature1

Create a COSE Signature1 message, verify and decode it as follows:

from cwt import COSE, COSEKey, Signer

# The sender side:
signer = Signer.new(
    cose_key=COSEKey.from_jwk(
        {
            "kid": "01",
            "kty": "EC",
            "crv": "P-256",
            "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
            "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
            "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM",
        }
    ),
    protected={"alg": "ES256"},
    unprotected={"kid": "01"},
)
ctx = COSE.new()
encoded = ctx.encode_and_sign(b"Hello world!", signers=[signer])

# The recipient side:
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "crv": "P-256",
        "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
        "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
    }
)
assert b"Hello world!" == ctx.decode(encoded, pub_key)

COSE Signature

Create a COSE Signature message, verify and decode it as follows:

from cwt import COSE, COSEKey, Signer

# The sender side:
signer = Signer.new(
    cose_key=COSEKey.from_jwk(
        {
            "kid": "01",
            "kty": "EC",
            "crv": "P-256",
            "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
            "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
            "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM",
        }
    ),
    protected={1: -7},
    unprotected={4: b"01"},
)
ctx = COSE.new()
encoded = ctx.encode_and_sign(b"Hello world!", signers=[signer])

# The recipient side:
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "crv": "P-256",
        "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
        "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
    }
)
assert b"Hello world!" == ctx.decode(encoded, pub_key)

API Reference

See Documentation.

Supported CWT Claims

See Documentation.

Supported COSE Algorithms

See Documentation.

Referenced Specifications

Python CWT is (partially) compliant with following specifications:

Tests

You can run tests from the project root after cloning with:

$ tox

Contributing

We welcome all kind of contributions, filing issues, suggesting new features or sending PRs.

Comments
  • Some EUDCC certificates can't be decoded

    Some EUDCC certificates can't be decoded

    Hi,

    I've got issues with some RSA type public keys for EUDCC decoding. I've tried the same certificate with https://github.com/panzi/verify-ehc, and it decodes the swiss certificate properly using the given certificate. Bildschirmfoto vom 2021-12-13 23-47-26

    python-cwt returns a validation error for the RSA key. Most other keys seem to work.

    The following is the offending key.

    	"Ll3NP03zOxY=": {
    		"serialNumber": "1479dce89e848ba6077c57b16f925eca",
    		"subject": "C=CH, ST=Bern, L=Köniz, 2.5.4.15=Government Entity, 2.5.4.97=NTRCH-CHE-467.023.568, O=Bundesamt für Gesundheit (BAG), OU=GE-0220-BAG, OU=Taskforce BAG Covid-19, CN=COVID-certificate-CH-21-05",
    		"issuer": "C=CH, 2.5.4.97=VATCH-CHE-221.032.573, O=Bundesamt fuer Informatik und Telekommunikation (BIT), OU=Swiss Government PKI, CN=Swiss Government Regulated CA 02",
    		"notBefore": "2021-05-20T10:04:31.000Z",
    		"notAfter": "2024-05-20T10:04:31.000Z",
    		"signatureAlgorithm": "RSASSA-PKCS1-v1_5",
    		"fingerprint": "a572445c2c1d3ced7689963caf2c0e763778c024",
    		"publicKeyAlgorithm": {
    			"hash": {
    				"name": "SHA-256"
    			},
    			"name": "RSASSA-PKCS1-v1_5",
    			"publicExponent": {
    				"0": 1,
    				"1": 0,
    				"2": 1
    			},
    			"modulusLength": 2048
    		},
    		"publicKeyPem": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtk/51stJXU48RqD2lh4IdsxFrjlJfmTCrLr3cQNEXkrEoI3OEV8NnotE1RjVmQrqLTT04oxpWlcbMolXtJBtu3rOiLNwQvyVEbj/xSc6KT84Tp7GBo1P/kkunY+Vmab6HUCV/oGZYmsdiUP/OnTPX6Wy6delDhnrgHIDti73/TSsG7Zl1V6km7+KIkjAkVCEDkkUD7uffd4G+GBZ0B9F1KOT0IcFQNvDm0zlROVoGFlmPS8DWlrLHuIdMbB281uiDjcN+kNUt7rUyyj6TFgX9WCgEB/5mQBMRaaXK1zeDTaNkmC2S7IWxhMQsMBXJyAdbD9AnQOZc6XRjBauO7gz0wIDAQAB"
    	},
    
    opened by merlinschumacher 7
  • Bump tox from 4.0.14 to 4.0.15

    Bump tox from 4.0.14 to 4.0.15

    Bumps tox from 4.0.14 to 4.0.15.

    Release notes

    Sourced from tox's releases.

    4.0.15

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.14...4.0.15

    Changelog

    Sourced from tox's changelog.

    v4.0.15 (2022-12-19)

    Bugfixes - 4.0.15

    - Fix tox auto-provisioning not working and relax :ref:`min_version` default from ``4.0`` to no version constraint
      - by user:`gaborbernat`. (:issue:`2634`)
    - Fix assertion in ``test_result_json_sequential`` when interpreter ``_base_executable`` is a hardlink (macOS homebrew)
      - by user:`masenf`. (:issue:`2720`)
    - Complex negative factor filters not working  - by user:`gaborbernat`. (:issue:`2747`)
    
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 4.0.8 to 4.0.9

    Bump tox from 4.0.8 to 4.0.9

    Bumps tox from 4.0.8 to 4.0.9.

    Release notes

    Sourced from tox's releases.

    4.0.9

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.8...4.0.9

    Changelog

    Sourced from tox's changelog.

    v4.0.9 (2022-12-13)

    Features - 4.0.9

    - Add :meth:`tox_on_install <tox.plugin.spec.tox_on_install>` and
      :meth:`tox_env_teardown <tox.plugin.spec.tox_env_teardown>` plugin hooks - by :user:`gaborbernat`. (:issue:`2687`)
    - Add ``PKG_CONFIG_PATH`` to the default pass through environment list for python tox environments -
      by :user:`gaborbernat`. (:issue:`2700`)
    
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 3.27.1 to 4.0.3

    Bump tox from 3.27.1 to 4.0.3

    Bumps tox from 3.27.1 to 4.0.3.

    Release notes

    Sourced from tox's releases.

    4.0.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.2...4.0.3

    4.0.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.1...4.0.2

    4.0.1

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0...4.0.1

    4.0.0

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc4...4.0.0

    4.0.0rc4

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc3...4.0.0rc4

    4.0.0rc3

    What's Changed

    ... (truncated)

    Changelog

    Sourced from tox's changelog.

    v4.0.3 (2022-12-08)

    Bugfixes - 4.0.3

    - Always set environment variable ``PYTHONIOENCODING`` to ``utf-8`` to ensure tox works under Windows custom encodings
      - by :user:`gaborbernat`. (:issue:`2422`)
    - Ensure :ref:`change_dir` is created if does not exist before executing :ref:`commands` - by :user:`gaborbernat`. (:issue:`2620`)
    - Pass through ``NUMBER_OF_PROCESSORS`` on Windows as is needed for ``multiprocessing.cpu_count`` -
      by :user:`gaborbernat`. (:issue:`2629`)
    - The core tox configuration now contains ``host_python`` key showing the host python executable path -
      by :user:`gaborbernat`. (:issue:`2630`)
    

    Improved Documentation - 4.0.3

    • Document that space separator is no longer valid for the :ref:passenv and instead one should use comma - by :user:gaborbernat. (:issue:2615)
    • Document necessity to escape # within INI configuration - by :user:jugmac00. (:issue:2617)

    v4.0.2 (2022-12-07)

    Bugfixes - 4.0.2

    - Unescaped comma in substitution should not be replaced during INI expansion - by :user:`gaborbernat`. (:issue:`2616`)
    - ``tox --showconfig -e py311`` reports tox section, though it should not - by :user:`gaborbernat`. (:issue:`2624`)
    

    v4.0.1 (2022-12-07)

    Bugfixes - 4.0.1

    • Create session views of the build wheel/sdist into the :ref:temp_dir folder - by :user:gaborbernat. (:issue:2612)
    • Default tox min_version to 4.0 instead of current tox version - by :user:gaborbernat. (:issue:2613)

    v4.0.0 (2022-12-07)

    Bugfixes - 4.0.0

    - The temporary folder within the tox environment was named ``.temp`` instead of ``.tmp`` - by :user:`gaborbernat`. (:issue:`2608`)
    

    Improved Documentation - 4.0.0

    • Enumerate breaking changes of tox 4 in the FAQ, and also list major new improvements - by :user:gaborbernat. (:issue:2587)
    • Document in the FAQ that tox 4 will raise a warning when finding conflicting environment names - by :user:gaborbernat. (:issue:2602)

    ... (truncated)

    Commits
    • 95084f2 release 4.0.3
    • 8894ee9 Pass through NUMBER_OF_PROCESSORS on Windows (#2647)
    • a9bfef3 Set always PYTHONIOENCODING to utf-8 (#2646)
    • ab5ea45 Show host python under core section as constant (#2644)
    • 31ad830 Ensure change_dir is created before running commands (#2643)
    • 267d327 Document necessity to escape # sign used in commands (#2621)
    • 4c485f8 Merge pull request #2627 from tox-dev/release-4.0.2
    • 5c0863c release 4.0.2
    • 98830e4 Unescaped comma in substitution should not be replaced during INI expansion (...
    • 3661b94 tox --showconfig -e py shows core configs (#2625)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 3.27.1 to 4.0.2

    Bump tox from 3.27.1 to 4.0.2

    Bumps tox from 3.27.1 to 4.0.2.

    Release notes

    Sourced from tox's releases.

    4.0.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.1...4.0.2

    4.0.1

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0...4.0.1

    4.0.0

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc4...4.0.0

    4.0.0rc4

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc3...4.0.0rc4

    4.0.0rc3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc2...4.0.0rc3

    4.0.0rc2

    What's Changed

    ... (truncated)

    Changelog

    Sourced from tox's changelog.

    v4.0.2 (2022-12-07)

    Bugfixes - 4.0.2

    - Unescaped comma in substitution should not be replaced during INI expansion - by :user:`gaborbernat`. (:issue:`2616`)
    - ``tox --showconfig -e py311`` reports tox section, though it should not - by :user:`gaborbernat`. (:issue:`2624`)
    

    v4.0.1 (2022-12-07)

    Bugfixes - 4.0.1

    • Create session views of the build wheel/sdist into the :ref:temp_dir folder - by :user:gaborbernat. (:issue:2612)
    • Default tox min_version to 4.0 instead of current tox version - by :user:gaborbernat. (:issue:2613)

    v4.0.0 (2022-12-07)

    Bugfixes - 4.0.0

    - The temporary folder within the tox environment was named ``.temp`` instead of ``.tmp`` - by :user:`gaborbernat`. (:issue:`2608`)
    

    Improved Documentation - 4.0.0

    • Enumerate breaking changes of tox 4 in the FAQ, and also list major new improvements - by :user:gaborbernat. (:issue:2587)
    • Document in the FAQ that tox 4 will raise a warning when finding conflicting environment names - by :user:gaborbernat. (:issue:2602)

    v4.0.0rc4 (2022-12-06)

    Bugfixes - 4.0.0rc4

    - Fix extras not being kept for install dependencies - by :user:`gaborbernat`. (:issue:`2603`)
    

    Deprecations and Removals - 4.0.0rc4

    • Remove deprecated configuration option whitelist_externals which was replaced by allowlist_externals - by :user:jugmac00. (:issue:2599)

    v4.0.0rc3 (2022-12-05)

    Features - 4.0.0rc3

    - Add ``--exit-and-dump-after`` flag that allows automatically killing tox if does not finish within the passed seconds,
      and dump the thread stacks (useful to debug tox when it seemingly hangs) - by :user:`gaborbernat`. (:issue:`2595`)
    </tr></table> 
    

    ... (truncated)

    Commits
    • 5c0863c release 4.0.2
    • 98830e4 Unescaped comma in substitution should not be replaced during INI expansion (...
    • 3661b94 tox --showconfig -e py shows core configs (#2625)
    • 871d091 Merge pull request #2623 from tox-dev/release-4.0.1
    • cc2ff1d release 4.0.1
    • 2476e95 Create session views of the build wheel/sdist into temp_dir (#2614)
    • 6305d9a Default tox min_version to 4.0 instead of current tox version (#2613)
    • 554bd0a Update faq.rst
    • 60d4e25 Merge pull request #2609 from tox-dev/release-4.0.0
    • c63ee4a release 4.0.0
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 3.27.0 to 3.27.1

    Bump tox from 3.27.0 to 3.27.1

    Bumps tox from 3.27.0 to 3.27.1.

    Release notes

    Sourced from tox's releases.

    3.27.1

    What's Changed

    New Contributors

    Full Changelog: https://github.com/tox-dev/tox/compare/3.27.0...3.27.1

    Changelog

    Sourced from tox's changelog.

    v3.27.1 (2022-11-13)

    Bugfixes ^^^^^^^^

    • Replaced deprecated license_file key with license_files in setup.cfg -- by :user:mgorny. [#2521](https://github.com/tox-dev/tox/issues/2521) <https://github.com/tox-dev/tox/issues/2521>_
    • Add env cleanup to envreport - fix PYTHONPATH leak into "envreport" -- by :user:f3flight. [#2528](https://github.com/tox-dev/tox/issues/2528) <https://github.com/tox-dev/tox/issues/2528>_
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump sphinx from 5.2.3 to 5.3.0

    Bump sphinx from 5.2.3 to 5.3.0

    Bumps sphinx from 5.2.3 to 5.3.0.

    Release notes

    Sourced from sphinx's releases.

    v5.3.0

    Changelog: https://www.sphinx-doc.org/en/master/changes.html

    Changelog

    Sourced from sphinx's changelog.

    Release 5.3.0 (released Oct 16, 2022)

    • #10759: LaTeX: add :confval:latex_table_style and support the 'booktabs', 'borderless', and 'colorrows' styles. (thanks to Stefan Wiehler for initial pull requests #6666, #6671)
    • #10840: One can cross-reference including an option value like :option:`--module=foobar```, :option:--module[=foobar]``` or ``:option:--module foobar```. Patch by Martin Liska.
    • #10881: autosectionlabel: Record the generated section label to the debug log.
    • #10268: Correctly URI-escape image filenames.
    • #10887: domains: Allow sections in all the content of all object description directives (e.g. :rst:dir:py:function). Patch by Adam Turner
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump cryptography from 37.0.4 to 38.0.0

    Bump cryptography from 37.0.4 to 38.0.0

    Bumps cryptography from 37.0.4 to 38.0.0.

    Changelog

    Sourced from cryptography's changelog.

    38.0.0 - 2022-09-06

    
    * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
      will drop support.
    * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
      latest ``pip`` to ensure this doesn't cause issues downloading wheels on
      their platform. We now ship ``manylinux_2_28`` wheels for users on new
      enough platforms.
    * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
      Users with the latest ``pip`` will typically get a wheel and not need Rust
      installed, but check :doc:`/installation` for documentation on installing a
      newer ``rustc`` if required.
    * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
      both ``str`` and ``bytes`` tokens.
    * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
      that the ``Extension`` ``critical`` field must be correctly encoded DER. See
      `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
      details.
    * Added two new OpenSSL functions to the bindings to support an upcoming
      ``pyOpenSSL`` release.
    * When parsing :class:`~cryptography.x509.CertificateRevocationList` and
      :class:`~cryptography.x509.CertificateSigningRequest` values, it is now
      enforced that the ``version`` value in the input must be valid according to
      the rules of :rfc:`2986` and :rfc:`5280`.
    * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
      other X.509 builders is deprecated and support will be removed in the next
      version.
    * Added additional APIs to
      :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
      :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`,
      :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`,
      :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and
      :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`.
    * Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing
      users to access the to-be-signed pre-certificate data needed for signed
      certificate timestamp verification.
    * :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and
      :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support
      :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed`
      counter location.
    * Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according
      to the section 2.1 of the RFC, affecting method
      :meth:`~cryptography.x509.Name.from_rfc4514_string`.
    * It is now possible to customize some aspects of encryption when serializing
      private keys, using
      :meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`.
    * Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL
      versions older than 22.0 will need to upgrade.
    * Added
    </tr></table> 
    

    ... (truncated)

    Commits
    • 52d6f1a version bump for 38 release (#7567)
    • 8c687e6 Bump rust-asn1 to 0.12.1 (#7564)
    • aca4b10 Bump rust-asn1 to 0.12.0 (#7563)
    • 1742975 support setting more PKCS12 serialization encryption options (#7560)
    • abb1f54 Bump once_cell from 1.13.1 to 1.14.0 in /src/rust (#7559)
    • 01a0e3b Bump BoringSSL version to 8462a367bb57e9524c3d8eca9c62733c63a63cf4 (#7558)
    • 35a965f Bump ouroboros from 0.15.3 to 0.15.4 in /src/rust (#7557)
    • 9a208e1 Bump BoringSSL version to 19009c51bff0706362e824f66a0b189326a1c27d (#7555)
    • b342224 Bump iana-time-zone from 0.1.46 to 0.1.47 in /src/rust (#7552)
    • edd1e69 attempt to fix josepy tests by pinning poetry (#7553)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump asn1crypto from 1.4.0 to 1.5.0

    Bump asn1crypto from 1.4.0 to 1.5.0

    Bumps asn1crypto from 1.4.0 to 1.5.0.

    Changelog

    Sourced from asn1crypto's changelog.

    1.5.0

    • Fix tsp.TimeStampAndCRL to be a core.Sequence instead of a core.SequenceOf via @​joernheissler
    • Added OIDs for Edwards curves from RFC 8410 - via @​MatthiasValvekens
    • Fixed convenience attributes on algos.EncryptionAlgorithm when the algorithm is RC2 via @​joernheissler
    • Added Microsoft OIDs microsoft_enrollment_csp_provider (1.3.6.1.4.1.311.13.2.2), microsoft_os_version (1.3.6.1.4.1.311.13.2.3) and microsoft_request_client_info (1.3.6.1.4.1.311.21.20) to csr.CSRAttributeType along with supporting extension structures via @​qha
    • Added Microsoft OID microsoft_enroll_certtype (1.3.6.1.4.1.311.20.2) to x509.ExtensionId via @​qha
    • Fixed a few bugs with parsing indefinite-length encodings via @​davidben
    • Added various bounds checks to parsing engine via @​davidben
    • Fixed a bug with tags not always being minimally encoded via @​davidben
    • Fixed cms.RoleSyntax, cms.SecurityCategory and cms.AttCertIssuer to have explicit instead of implicit tagging via @​MatthiasValvekens
    • Fixed tagging of, and default value for fields in cms.Clearance via @​MatthiasValvekens
    • Fixed calling .dump(force=True) when the value has undefined/unknown core.Sequence fields. Previously the value would be truncated, now the existing encoding is preserved.
    • Added sMIME capabilities (1.2.840.113549.1.9.15) support from RFC 2633 to cms.CMSAttribute via Hellzed
    Commits
    • 47f7588 Version 1.5.0
    • 9e067d2 Fix dev/deps.py to work on Python 3.10
    • 557a900 Update copyright year in license
    • 6bad16e Add Python 3.10 to CI and docs
    • 4791c1e Update SMIMECapabilityIdentifier to use EncryptionAlgorithmId
    • 976dbba Add support for rfc2633 sMIME capabilities signed attr (#215)
    • 5a24aed Fix calling .dump(force=True) on a core.Sequence() with no field info
    • 6cffd3d Merge pull request #221 from isidroas/patch-1
    • 6250ee4 Merge pull request #220 from MatthiasValvekens/bugfix/attcertissuer-tagging-fix
    • f9133f0 Merge branch 'master' into bugfix/attcertissuer-tagging-fix
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump sphinx-autodoc-typehints from 1.19.5 to 1.20.0

    Bump sphinx-autodoc-typehints from 1.19.5 to 1.20.0

    Bumps sphinx-autodoc-typehints from 1.19.5 to 1.20.0.

    Release notes

    Sourced from sphinx-autodoc-typehints's releases.

    1.20.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/tox-dev/sphinx-autodoc-typehints/compare/1.19.5...1.20.0

    Changelog

    Sourced from sphinx-autodoc-typehints's changelog.

    Changelog

    1.20

    • Use hatchling instead of setuptools
    • Add support for typing.ParamSpec
    • Allow star prefixes for parameter names in docstring

    1.19.2

    • Fix incorrect domain used for collections.abc.Callable.

    1.19.1

    • Fix bug for recursive type alias.

    1.19.0

    1.18.3

    • Support and require nptyping>=2.1.2

    1.18.2

    • Support and require nptyping>=2.1.1

    1.18.1

    • Fix mocked module import not working when used as guarded import

    1.18.0

    • Support and require nptyping>=2
    • Handle UnionType

    1.17.1

    • Mark it as requiring nptyping<2

    1.17.0

    • Add typehints_use_rtype option
    • Handles TypeError when getting source code via inspect

    1.16.0

    • Add support for type subscriptions with multiple elements, where one or more elements are tuples; e.g.,

    ... (truncated)

    Commits
    • 32dc422 Added options to retain original typehints in signatures (#278)
    • 477c438 Bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4 (#273)
    • 7ec1a6c Bump pypa/gh-action-pypi-publish from 1.5.2 to 1.6.1 (#271)
    • c61094f Bump pypa/gh-action-pypi-publish from 1.5.1 to 1.5.2 (#270)
    • 7e467a1 [pre-commit.ci] pre-commit autoupdate (#268)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.2.3 to 4.2.4

    Bump tox from 4.2.3 to 4.2.4

    Bumps tox from 4.2.3 to 4.2.4.

    Release notes

    Sourced from tox's releases.

    4.2.4

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.3...4.2.4

    Changelog

    Sourced from tox's changelog.

    v4.2.4 (2023-01-05)

    Bugfixes - 4.2.4

    - Setting ``[testenv] basepython = python3`` will no longer override the Python interpreter version requested by a factor,
      such as ``py311`` - by :user:`stephenfin`. (:issue:`2754`)
    - Also accept tab after colon before factor filter expansion - by :user:`pdecat`. (:issue:`2823`)
    
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump sphinx-autodoc-typehints from 1.20.0 to 1.20.1

    Bump sphinx-autodoc-typehints from 1.20.0 to 1.20.1

    Bumps sphinx-autodoc-typehints from 1.20.0 to 1.20.1.

    Release notes

    Sourced from sphinx-autodoc-typehints's releases.

    1.20.1

    What's Changed

    Full Changelog: https://github.com/tox-dev/sphinx-autodoc-typehints/compare/1.20.0...1.20.1

    Changelog

    Sourced from sphinx-autodoc-typehints's changelog.

    1.20.1

    • Fixed default options not displaying for parameters without type hints.

    1.20

    • Use hatchling instead of setuptools
    • Add support for typing.ParamSpec
    • Allow star prefixes for parameter names in docstring

    1.19.2

    • Fix incorrect domain used for collections.abc.Callable.

    1.19.1

    • Fix bug for recursive type alias.

    1.19.0

    1.18.3

    • Support and require nptyping>=2.1.2

    1.18.2

    • Support and require nptyping>=2.1.1

    1.18.1

    • Fix mocked module import not working when used as guarded import

    1.18.0

    • Support and require nptyping>=2
    • Handle UnionType

    1.17.1

    • Mark it as requiring nptyping<2

    1.17.0

    • Add typehints_use_rtype option
    • Handles TypeError when getting source code via inspect

    1.16.0

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.2.4 to 4.2.6

    Bump tox from 4.2.4 to 4.2.6

    Bumps tox from 4.2.4 to 4.2.6.

    Release notes

    Sourced from tox's releases.

    4.2.6

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.5...4.2.6

    4.2.5

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.4...4.2.5

    Changelog

    Sourced from tox's changelog.

    v4.2.6 (2023-01-06)

    Bugfixes - 4.2.6

    - Handle properly pip ``--no-binary`` / ``--only-binary`` options in requirements.txt format files. (:issue:`2814`)
    

    v4.2.5 (2023-01-06)

    Bugfixes - 4.2.5

    • The combination of usedevelop = true and --skip-missing-interpreters=false will no longer fail for environments that were not invoked - by :user:stephenfin. (:issue:2811)
    • Fix an attribute error when use_develop = true is set and an unsupported interpreter version is requested - by :user:stephenfin. (:issue:2826)
    • tox returns a non-zero error code if all envs are skipped. It will now correctly do this if only a single env was requested and this was skipped - by :user:stephenfin. (:issue:2827)
    Commits
    • fd866d5 release 4.2.6
    • e9d6e63 Handle properly pip --no-binary / --only-binary options in requirements.txt f...
    • b9b4d02 release 4.2.5
    • c790c60 Fix various issues with missing interpreters (#2828)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
Releases(v2.2.0)
Owner
Ajitomi Daisuke
Software developer. My repositories are not related to the company to which I belong except for W3C activity (e.g., HTTPS in Local Network).
Ajitomi Daisuke
📊Python implementation of the Colin Talks Crypto Bitcoin Bull Run Index (CBBI).

Colin Talks Crypto Bitcoin Bull Run Index (CBBI) This is a Python implementation of the Colin Talks Crypto Bitcoin Bull Run Index (CBBI). It makes use

Kamil Monicz 86 Jan 2, 2023
Python implementation of a blockchain.

The goal of this project is to explain and to make clearer how is a blockchain structured at the very core. It's not built with the intention to replicate an advanced blockchain like Bitcoin or Ethereum

Rahul raikwar 5 Jan 28, 2022
Blockchain Python Implementation

Blockchain Python Implementation

0918nobita 2 Nov 21, 2021
Simple crypto & blockchain implementation written in Python

JaamoCoin - simple Python blockchain example This is a very simple blockchain example written in Python. Based on this tutorial: https://medium.com/co

Jaakko Alajoki 1 Jan 7, 2022
A python implementation of our standard object-oriented encryption package, shipped with most apps.

Encryption Manager (python edition) VerseGroup's native encryption manager adapted for python applications. Function Generate new set of private and p

Verse Group LLC 2 Oct 30, 2022
SSEPy: Implementation of searchable symmetric encryption in pure Python

SSEPy: Implementation of searchable symmetric encryption in pure Python Searchable symmetric encryption, one of the research hotspots in applied crypt

null 33 Dec 5, 2022
Implementation of Smart Batch Auction for NFT launches on Tezos.

NFT Smart Batch Auction Smart Batch Auctions are an improvement over the traditional first come first serve (FCFS) NFT drops. FCFS design has been in

Anshu Jalan 5 May 6, 2022
The leading native Python SSHv2 protocol library.

Paramiko Paramiko: Python SSH module Copyright: Copyright (c) 2009 Robey Pointer <[email protected]> Copyright: Copyright (c) 2020 Jeff Forcier <

null 8.1k Jan 8, 2023
Python binding to the Networking and Cryptography (NaCl) library

PyNaCl: Python binding to the libsodium library PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library. T

Python Cryptographic Authority 941 Jan 4, 2023
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

pyca/cryptography cryptography is a package which provides cryptographic recipes and primitives to Python developers. Our goal is for it to be your "c

Python Cryptographic Authority 5.2k Dec 30, 2022
A self-contained cryptographic library for Python

PyCryptodome PyCryptodome is a self-contained Python package of low-level cryptographic primitives. It supports Python 2.7, Python 3.4 and newer, and

Helder Eijs 2.2k Jan 8, 2023
Python ASN.1 library with a focus on performance and a pythonic API

asn1crypto A fast, pure Python library for parsing and serializing ASN.1 structures. Features Why Another Python ASN.1 Library? Related Crypto Librari

Will Bond 282 Dec 11, 2022
Bitcoin Clipper malware made in Python.

a BTC Clipper or a "Bitcoin Clipper" is a type of malware designed to target cryptocurrency transactions.

Nightfall 96 Dec 30, 2022
Freqtrade is a free and open source crypto trading bot written in Python

Freqtrade is a free and open source crypto trading bot written in Python. It is designed to support all major exchanges and be controlled via Telegram. It contains backtesting, plotting and money management tools as well as strategy optimization by machine learning.

null 20.2k Jan 7, 2023
This python module can analyse cryptocurrency news for any number of coins given and return a sentiment. Can be easily integrated with a Trading bot to keep an eye on the news.

Python script that analyses news headline or body sentiment and returns the overall media sentiment of any given coin. It can take multiple coins an

null 185 Dec 22, 2022
Learn Blockchains by Building One, A simple Blockchain in Python using Flask as a micro web framework.

Blockchain ✨ Learn Blockchains by Building One Yourself Installation Make sure Python 3.6+ is installed. Install Flask Web Framework. Clone this repos

Vaibhaw 46 Jan 5, 2023
The (Python-based) mining software required for the Nintendo Switch mining project.

ntgbtminer - Nintendo Switch edition This is a version of ntgbtminer that works with the Nintendo Switch bitcoin miner. ntgbtminer ntgbtminer is a no

null 4 Jun 3, 2021
RSI Algorithmic Trading with Python

In this repository you can see my first algorithhmic trading script. I use 5 cryptocurrencies: Bitcoin (BTC), Ethereum (ETH), Bitcoin Cash (BCH), Litecoin (LTC) and Chainlink (LINK).

Jon Aldekoa 4 Mar 16, 2022