Skip to main content

OpenPGP envelope signer for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_signing_pgp Discord

Swarmauri Signing PGP

The swarmauri_signing_pgp package provides an OpenPGP signer for the Swarmauri SDK. It creates and verifies detached signatures over raw byte payloads or structured envelopes that are canonicalized to JSON or, optionally, CBOR.

Features

  • Detached OpenPGP signatures for bytes and envelopes
  • JSON canonicalization with optional CBOR support via cbor2
  • Multi-signer verification with configurable minimum signer requirements
  • Private key loading from in-memory pgpy objects or ASCII-armored blobs
  • Passphrase handling for locked private keys

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_signing_pgp
poetry add swarmauri_signing_pgp
uv pip install swarmauri_signing_pgp

Optional CBOR support

Enable canonicalization to CBOR by installing the optional dependency group:

pip install "swarmauri_signing_pgp[cbor]"
poetry add swarmauri_signing_pgp -E cbor
uv pip install "swarmauri_signing_pgp[cbor]"

Usage

The signer exposes asynchronous methods from the Swarmauri signing base class. Key references are dictionaries describing how to load private keys. For pgpy objects, the signer expects a mapping such as {"kind": "pgpy_key", "priv": pgpy_key}. Verification requires the corresponding public keys supplied in the opts={"pubkeys": [...]} argument.

Sign and verify raw bytes

import asyncio

from pgpy import PGPKey, PGPUID
from pgpy.constants import (
    CompressionAlgorithm,
    HashAlgorithm,
    KeyFlags,
    PubKeyAlgorithm,
    SymmetricKeyAlgorithm,
)

from swarmauri_signing_pgp import PgpEnvelopeSigner


def make_demo_key() -> PGPKey:
    key = PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 2048)
    uid = PGPUID.new("Example User", email="user@example.com")
    key.add_uid(
        uid,
        usage={KeyFlags.Sign},
        hashes=[HashAlgorithm.SHA256],
        ciphers=[SymmetricKeyAlgorithm.AES256],
        compression=[CompressionAlgorithm.ZLIB],
    )
    return key


async def main() -> None:
    signer = PgpEnvelopeSigner()
    key = make_demo_key()
    key_ref = {"kind": "pgpy_key", "priv": key}
    payload = b"openpgp demo"

    signatures = await signer.sign_bytes(key_ref, payload)
    verified = await signer.verify_bytes(
        payload,
        signatures,
        opts={"pubkeys": [key.pubkey]},
    )
    print("Verified:", verified)


asyncio.run(main())

The signer returns detached signatures that include both binary and ASCII-armored representations. Passphrases for locked private keys can be supplied through opts={"passphrase": "secret"}.

Sign envelopes

Envelopes are canonicalized before signing. JSON canonicalization is always available and CBOR becomes available when the optional dependency group is installed:

envelope = {"subject": "demo", "body": "hello"}
signatures = await signer.sign_envelope(key_ref, envelope, canon="json")
await signer.verify_envelope(
    envelope,
    signatures,
    canon="json",
    opts={"pubkeys": [key.pubkey]},
)

Use canon="cbor" to opt into CBOR canonicalization. The supports() helper exposes the available algorithms, canonicalization formats, and feature flags at runtime.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_signing_pgp-0.11.0.dev1.tar.gz (10.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_signing_pgp-0.11.0.dev1-py3-none-any.whl (11.3 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_signing_pgp-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_signing_pgp-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 10.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_signing_pgp-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 76f8a9dae9f7c8d53ae1605fa3bc04e40f0281ed94b20f78ee47b2fddb098128
MD5 f808f784536a822e23cded4555a23de1
BLAKE2b-256 9cedb677ee86df09fe2bf77c611240e8592d3a54e3ddebb967defe356c6f1ce9

See more details on using hashes here.

File details

Details for the file swarmauri_signing_pgp-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_signing_pgp-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 11.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_signing_pgp-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 eccc1b0ff12891481b3b941338ed195331de289ae3c241d479028026f463d7d4
MD5 52b50860d196b92fe2aba7b02853a3a1
BLAKE2b-256 5777c988e5e71363bfec3363c77fca3684c57ca035f260bab13f4da27ceda869

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page