Skip to main content

secp256k1-based signer for Swarmauri

Project description

Swarmauri Logo

PyPI - Downloads Hits PyPI - Python Version PyPI - License PyPI - swarmauri_signing_secp256k1 Discord

Swarmauri Signing Secp256k1

An opinionated secp256k1 ECDSA signer that implements the Swarmauri ISigning interface for detached signatures over raw bytes and canonicalized envelopes.

Features

  • Asynchronous API ? sign_bytes, verify_bytes, sign_envelope, and verify_envelope operate with asyncio and return canonical Swarmauri signature payloads.
  • Multiple canonicalizations ? JSON canonicalization is always available, while CBOR canonicalization can be enabled with the optional cbor2 dependency.
  • Flexible key loading ? accepts PEM strings/paths, JWK dictionaries, or native cryptography key objects via the KeyRef protocol.
  • Deterministic verification requirements ? verification expects one or more secp256k1 public keys provided through opts["pubkeys"].
  • Signature format control ? DER encoding is returned by default; supply opts={"format": "RAW"} when signing or verifying to work with JOSE-style r || s concatenated signatures.

Installation

The package requires cryptography and, optionally, cbor2 when CBOR canonicalization is needed.

pip install swarmauri_signing_secp256k1

# install with CBOR canonicalization support
pip install "swarmauri_signing_secp256k1[cbor]"
poetry add swarmauri_signing_secp256k1
uv add swarmauri_signing_secp256k1

# with the optional CBOR extra
uv add "swarmauri_signing_secp256k1[cbor]"

Usage

Sign and verify raw bytes

The signer derives a key identifier (kid) from the provided private key and requires the corresponding public key when verifying signatures.

import asyncio

from cryptography.hazmat.primitives.asymmetric import ec

from swarmauri_signing_secp256k1 import Secp256k1EnvelopeSigner


async def main() -> bool:
    signer = Secp256k1EnvelopeSigner()

    private_key = ec.generate_private_key(ec.SECP256K1())
    key_ref = {"kind": "cryptography_obj", "obj": private_key}

    payload = b"hello from secp256k1"
    signatures = await signer.sign_bytes(key_ref, payload)

    public_key_ref = {
        "kind": "cryptography_obj",
        "obj": private_key.public_key(),
    }
    is_valid = await signer.verify_bytes(
        payload,
        signatures,
        opts={"pubkeys": [public_key_ref]},
    )

    print(f"Signature valid? {is_valid}")
    assert is_valid
    return is_valid


if __name__ == "__main__":
    asyncio.run(main())

Canonicalized envelopes

To sign envelopes, pass JSON-serializable dictionaries (and optionally canon="cbor"). Canonicalization reuses the same raw signing logic shown above:

envelope = {"payload": {"msg": "hello"}}
signatures = await signer.sign_envelope(key_ref, envelope, canon="json")
is_valid = await signer.verify_envelope(
    envelope,
    signatures,
    opts={"pubkeys": [public_key_ref]},
)

Entry Point

The signer registers under the swarmauri.signings entry point as Secp256k1EnvelopeSigner.

Want to help?

If you want to contribute to swarmauri-sdk, read up on our guidelines for contributing that will help you get started.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

swarmauri_signing_secp256k1-0.11.0.dev1.tar.gz (13.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

File details

Details for the file swarmauri_signing_secp256k1-0.11.0.dev1.tar.gz.

File metadata

  • Download URL: swarmauri_signing_secp256k1-0.11.0.dev1.tar.gz
  • Upload date:
  • Size: 13.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_signing_secp256k1-0.11.0.dev1.tar.gz
Algorithm Hash digest
SHA256 dc47588d3a75cdcefaf0b61e50d0d2a8113a76b3d2cc570a5c17b52ac2bdba4b
MD5 e4f9891843bc63fc2c3c04fe44e227b1
BLAKE2b-256 6446d181d99f73efd98cf5a2e41fec3a44d253941f0ee743cb4faa7c4e67527b

See more details on using hashes here.

File details

Details for the file swarmauri_signing_secp256k1-0.11.0.dev1-py3-none-any.whl.

File metadata

  • Download URL: swarmauri_signing_secp256k1-0.11.0.dev1-py3-none-any.whl
  • Upload date:
  • Size: 13.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.26 {"installer":{"name":"uv","version":"0.11.26","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for swarmauri_signing_secp256k1-0.11.0.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 4d1e4cd78914d504f7e18b9242155a1a176a8c98f93194b35db597b9361abe5a
MD5 fee806ee8863c7ce0574377841032b35
BLAKE2b-256 b94987d0237e4ec68241ebf23331fe1777a3f92ae7445ba2c326ec5817bf3716

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page