Skip to main content

PEP 458 policy and algorithm definitions for Swarmauri cipher suites

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_cipher_suite_pep458 Discord

swarmauri_cipher_suite_pep458

swarmauri_cipher_suite_pep458 captures the policy surface and algorithm registry that PEP 458 describes for securing Python package repositories. The suite models canonicalization, allowed algorithms, role thresholds, and metadata lifetimes so Swarmauri services can negotiate the same expectations when they sign or verify TUF metadata.

Highlights

  • Explicit role policies ? Encodes recommended thresholds, expiration windows, and algorithm selections for the canonical root, targets, snapshot, and timestamp metadata roles.
  • Deterministic defaults ? Advertises TUF canonical JSON (tuf-json) as the canonicalization format and returns Ed25519 as the default online algorithm while still supporting RSA-PSS-SHA256 for offline roots.
  • Descriptor normalization ? Produces rich normalized descriptors containing the signer implementation hint (swarmauri_signing_pep458.Pep458Signer), canonical preferences, and caller-specified policy overrides.
  • Compliance metadata ? Surfaces machine readable notes indicating PEP 458 and TUF compatibility, enabling automated linting and negotiation between components.

Installation

Using uv

uv add swarmauri_cipher_suite_pep458

Using pip

pip install swarmauri_cipher_suite_pep458

Quick Usage

from swarmauri_cipher_suite_pep458 import Pep458CipherSuite

suite = Pep458CipherSuite()

print(suite.features())
# {'suite': 'pep458', 'version': 1, ...}

descriptor = suite.normalize(op="sign", params={"role": "targets", "threshold": 2})
print(descriptor["mapped"]["provider"]["signer"])
# 'swarmauri_signing_pep458.Pep458Signer'

Combine the descriptor with instances of Pep458Signer to build automated pipelines that enforce PEP 458's online/offline separation.

Role Guidance

Role Default Alg Threshold Recommended Expiration
root RSA-PSS-SHA256 2 P365D
targets Ed25519 1 P90D
snapshot Ed25519 1 P14D
timestamp Ed25519 1 P1D

These defaults mirror the best practices described in PEP 458, but you can override them by passing parameters to normalize or adjusting the resulting policy document.

Relationship to the Signer

This package pairs with swarmauri_signing_pep458, which implements the detached signature algorithm itself. The cipher suite surfaces metadata while the signer performs the cryptographic operations.

Development

  • Format the code with ruff format . and lint with ruff check . --fix.
  • Add or update unit tests alongside policy changes to validate normalization and feature reporting.
  • Document any new role guidance in both the README and the policy() payload so downstream systems stay synchronized.

License

This project is licensed under the Apache License 2.0.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_cipher_suite_pep458-0.11.0.dev2.tar.gz (8.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_cipher_suite_pep458-0.11.0.dev2.tar.gz.

File metadata

  • Download URL: swarmauri_cipher_suite_pep458-0.11.0.dev2.tar.gz
  • Upload date:
  • Size: 8.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_cipher_suite_pep458-0.11.0.dev2.tar.gz
Algorithm Hash digest
SHA256 01cb8c7c7d50c0ff3abf487407583cb56f2a963c1f617192e06be30af7508a25
MD5 fa2e1616cd8ecfcd8c43ea381e8b94d1
BLAKE2b-256 23eb27dc05f22d3e87b7b85b3056c0e91d1c3b131cc0b03b923320dc5354ff22

See more details on using hashes here.

File details

Details for the file swarmauri_cipher_suite_pep458-0.11.0.dev2-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_cipher_suite_pep458-0.11.0.dev2-py3-none-any.whl
  • Upload date:
  • Size: 9.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_cipher_suite_pep458-0.11.0.dev2-py3-none-any.whl
Algorithm Hash digest
SHA256 35c36b67263df866c66646f883fb753f0b9d8e6ab72934c3447738d54482d0fa
MD5 27c87413391e515db75df23dd183c363
BLAKE2b-256 29a8bc6e7f317dde2fd71e2dd279b2c2cffce38a9567c285ae9cbd4d99cb54f9

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page