Skip to main content

HMAC-based signer for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_signing_hmac Discord

Swarmauri Signing HMAC

An HMAC-based signer implementing the ISigning interface for detached signatures over raw bytes and canonicalized envelopes.

Features

  • JSON canonicalization (always available)
  • Optional CBOR canonicalization via cbor2
  • Detached signatures using standard library hmac
  • Supports raw, hex, environment, and HKDF-derived KeyRef secrets.

Security Notes

  • Supports HMAC-SHA-256/384/512 only.
  • Keys must be at least 32 bytes (256 bits).
  • Tags default to the hash digest size and may be truncated via opts["tag_size"] but not below 16 bytes (128 bits).
  • Secrets shorter than 32 bytes are rejected even when using a longer digest.

Installation

Install the package with your preferred Python packaging tool:

pip install swarmauri_signing_hmac
poetry add swarmauri_signing_hmac
uv pip install swarmauri_signing_hmac

Install cbor2 to enable CBOR canonicalization:

pip install cbor2

Usage

import asyncio
from swarmauri_signing_hmac import HmacEnvelopeSigner
from swarmauri_core.crypto.types import JWAAlg


async def main() -> None:
    signer = HmacEnvelopeSigner()

    # KeyRef with a raw 32-byte secret; see swarmauri_core for more options
    key = {"kind": "raw", "key": "a" * 32}

    # Sign and verify raw bytes
    payload = b"hello"
    sigs = await signer.sign_bytes(key, payload, alg=JWAAlg.HS256, opts={"tag_size": 16})
    assert await signer.verify_bytes(payload, sigs, opts={"keys": [key]})

    # Sign and verify a JSON envelope
    env = {"msg": "hello"}
    sigs_env = await signer.sign_envelope(
        key, env, alg=JWAAlg.HS256, canon="json", opts={"tag_size": 16}
    )
    assert await signer.verify_envelope(env, sigs_env, canon="json", opts={"keys": [key]})


asyncio.run(main())

Verification requires providing one or more keys via opts["keys"].

Key references

HmacEnvelopeSigner accepts multiple KeyRef forms:

  • {"kind": "raw", "key": <bytes-or-str>} ? direct secret material.
  • {"kind": "hex", "key": <hex str>} ? hex encoded secret.
  • {"kind": "env", "name": <ENV_NAME>} ? loads the secret from an environment variable.
  • {"kind": "derived", "key": <bytes-or-str>, "hkdf": {"salt": ..., "info": ...}} ? derives the signing secret with HKDF.

Provide an optional "kid" to control the key identifier or specify "alg" when verifying to override the default HS256 digest for a key entry.

Entry Point

The signer registers under the swarmauri.signings entry point as HmacEnvelopeSigner.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_signing_hmac-0.11.0.dev1.tar.gz (9.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

swarmauri_signing_hmac-0.11.0.dev1-py3-none-any.whl (10.8 kB view details)

Uploaded Python 3

File details

Details for the file swarmauri_signing_hmac-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_signing_hmac-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 9.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_signing_hmac-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 bf2a68198439d8b654c352f48d39ae1bb26749f9e9e9bb65ea8eadb5f5a7d25a
MD5 3b93826083b1fba8af2ba92bc9640030
BLAKE2b-256 583cf7d7b92b1ac6b6b0790e2f90275223346b2b3d9113ddfe5f894647e35cf7

See more details on using hashes here.

File details

Details for the file swarmauri_signing_hmac-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_signing_hmac-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 10.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_signing_hmac-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 34cd658487eaaf432ffb4caad89b5cae3c85ad5fb30968d3fb40f5f05dd3ead4
MD5 50ae52197bb37f926221d0e41ef04337
BLAKE2b-256 b5b8f52c1c22fd55a2dfe6d249d062e46536559315161f7c2dc6386ed08a8eb5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page