A library for using DANE for identity-secured JWE and JWS.
Project description
A library for using JWE and JWS with DANE for identity-secured messaging.
This library enables the easy generation of signed and encrypted messages, using TLSA records in DNS for public key discovery. This library places the DNS URI in the x5u protected header field. The receiving party uses this field for discovering the public key which is used for verifying message payload.
Note: Currently, only RSA public keys are supported (RSA-OAEP-256 for encryption and RS256 for signing)
Quick Start
Installation
pip install dane-jwe-jws
Encrypt a message using a DANE-represented identity
from dane_jwe_jws.encryption import Encryption
test_message = "hello world!!"
identity_name = "dns.name.where.cert.lives.in.a.tlsa.record"
encrypted = Encryption.encrypt(test_message, identity_name)
print(encrypted)
Changelog
v0.6
Changes
Update dane-discovery pin to v0.14. This update includes changes to the pattern used for forming the PKIXCD CA certificate URL. [Ash Wilson]
Close #11
v0.5 (2021-05-31)
Fix
Fix issue where only PKIX-CD certs were retrieved for authentication. [Ash Wilson]
Close #9
v0.4 (2021-05-28)
Changes
Improve flexibility of Utility.get_pubkey_from_dns(). [Ash Wilson]
Unspecified dane_type argument for Util.get_pubkey_from_dns() will cause the first entity certificate of any type to be returned.
Close #7
v0.3 (2021-05-19)
Changes
Update CHANGELOG.rst. [Ash Wilson]
Add strict mode support. [Ash Wilson]
Closes #1
Other
Build(deps): bump dane-discovery from 0.6 to 0.11. [dependabot[bot]]
Bumps [dane-discovery](https://github.com/valimail/dane_discovery) from 0.6 to 0.11. - [Release notes](https://github.com/valimail/dane_discovery/releases) - [Commits](https://github.com/valimail/dane_discovery/commits)
Build(deps): update pytest requirement from ~=6.0 to ~=6.2. [dependabot[bot]]
Updates the requirements on [pytest](https://github.com/pytest-dev/pytest) to permit the latest version. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest/compare/6.0.0…6.2.4)
Build(deps): update pytest-cov requirement from ~=2.10 to ~=2.12. [dependabot[bot]]
Updates the requirements on [pytest-cov](https://github.com/pytest-dev/pytest-cov) to permit the latest version. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](https://github.com/pytest-dev/pytest-cov/compare/v2.10.0…v2.12.0)
Build(deps): update sphinx requirement from ~=3.1 to ~=4.0. [dependabot[bot]]
Updates the requirements on [sphinx](https://github.com/sphinx-doc/sphinx) to permit the latest version. - [Release notes](https://github.com/sphinx-doc/sphinx/releases) - [Changelog](https://github.com/sphinx-doc/sphinx/blob/4.x/CHANGES) - [Commits](https://github.com/sphinx-doc/sphinx/compare/v3.1.0…v4.0.1)
v0.2 (2020-09-14)
Fix
Correct parsing of DNS URI for message verification. [Ash Wilson]
v0.1 (2020-08-05)
New
Initial commit. [Ash Wilson]
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for dane_jwe_jws-0.6-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 85ea3d6cdbf4150a72ecd57e25cca93b189c08ff4fb82c069dfa632cce66c599 |
|
MD5 | 600e91d603d3216b09673b0bf104559d |
|
BLAKE2b-256 | 582b14e36c4bb946a27fd82c17839dd47c3feae1714a3b54cded8d2e9ef3342f |