Skip to main content

Provider-agnostic HPKE envelope for the x402 spec. A utility for confidential, verifiable payment requests and receipts across untrusted intermediaries, using canonical AAD, optional sidecar projection, and cross-language (Python/Node) interoperability.

Project description

x402-hpke (Python)

Monorepo: https://github.com/scryptedai/x402-hpke (Python path: packages/python, Node path: packages/node).

Provider-agnostic HPKE envelope library for x402 (Python). Pinned ciphersuite for interop: X25519 / HKDF-SHA256 / ChaCha20-Poly1305 (envelope); streaming helpers use XChaCha20-Poly1305.

Install

Python >= 3.12

pip install --pre x402-hpke

Quickstart

from x402_hpke import create_hpke, generate_keypair

hpke = create_hpke(namespace="myapp")
pub, priv = generate_keypair()

# Use helpers or transport API; sidecar is private-by-default
from x402_hpke import create_payment
env, headers = create_payment(
    hpke,
    payment_data={"invoiceId": "inv_1"},
    recipient_public_jwk=pub,
    kid="kid1",
    is_public=True,
)

Streaming (Python)

Chunk encryption helpers using XChaCha20-Poly1305:

from x402_hpke import seal_chunk_xchacha, open_chunk_xchacha

key = bytes(32)          # derive via app contract; export API is planned
prefix16 = bytes(16)
seq = 0
ct = seal_chunk_xchacha(key, prefix16, seq, b"chunk")
pt = open_chunk_xchacha(key, prefix16, seq, ct)

JWKS utilities

  • fetch_jwks(url, min_ttl=60, max_ttl=3600)
  • set_jwks(url, jwks, ttl=300)
  • select_jwk(kid, jwks=None, url=None)

Notes

  • AEAD is pinned to ChaCha20-Poly1305 for v1 (envelope). AES-256-GCM may be offered as an optional profile in future versions for FIPS-oriented environments; suite pinning remains per-version.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

x402_hpke-0.2.0a0.tar.gz (11.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

x402_hpke-0.2.0a0-py3-none-any.whl (14.5 kB view details)

Uploaded Python 3

File details

Details for the file x402_hpke-0.2.0a0.tar.gz.

File metadata

  • Download URL: x402_hpke-0.2.0a0.tar.gz
  • Upload date:
  • Size: 11.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.10.14

File hashes

Hashes for x402_hpke-0.2.0a0.tar.gz
Algorithm Hash digest
SHA256 5e658eb1ba11c6b4e70fc52396aaa7777cb3744045a98209c83d061ba7be89bd
MD5 63e939707c8bece09298203fab9fd24b
BLAKE2b-256 1218cef681444fe88cd125d914d9f6dad1328178dc35a2975f4682235dd9770d

See more details on using hashes here.

File details

Details for the file x402_hpke-0.2.0a0-py3-none-any.whl.

File metadata

  • Download URL: x402_hpke-0.2.0a0-py3-none-any.whl
  • Upload date:
  • Size: 14.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.10.14

File hashes

Hashes for x402_hpke-0.2.0a0-py3-none-any.whl
Algorithm Hash digest
SHA256 1614d035f348a889a1af08f5a750751547a5bc3293495cf0a7c3c0a7f822e384
MD5 598dd1c8fc38fc203b606ead7c7abfab
BLAKE2b-256 abacdac24f23bb40243b0fdf47d18e4c5c09573571e9535c4b825c5bc2f83989

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page