Authorization Capabilities for Linked Data — Python verification library

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for moisesja from gravatar.com moisesja

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Moises Jaramillo
  • Requires: Python >=3.11
  • Provides-Extra: jsonld
Classifiers
Report project as malware

Project description

zcap-py

CI PyPI Python License

Authorization Capabilities for Linked Data — Python verification library.

A minimal, production-quality Python library implementing the W3C Authorization Capabilities for Linked Data (ZCAP-LD) draft specification. This is the Python counterpart to zcap-dotnet.

Features

  • Ed25519 key generation and signature verification
  • did:key encoding, decoding, and resolution (Ed25519 only)
  • Multibase-z (base58btc) and multicodec support
  • Strict DID URL parsing and validation
  • RFC 8785 / JCS canonicalization
  • Ed25519Signature2020 proof verification (JCS-based for zcap-dotnet interop)
  • W3C-compliant Ed25519Signature2020 proof verification (URDNA2015, optional pyld dependency)
  • ZCAP-LD document parsing (Capability & Invocation)
  • Typed exception hierarchy for controlled error handling
  • 100% type-annotated public API (mypy --strict compliant)
  • Zero network I/O in core — fully offline verification

Installation

pip install zcap-py

Or with uv:

uv add zcap-py

For W3C-compliant URDNA2015 proof verification, install with the jsonld extra:

pip install zcap-py[jsonld]

Quick Start

from zcap_py import generate_ed25519_keypair, verify_document_proof
from zcap_py import canonicalize, base58btc_encode

# Generate a did:key keypair
keypair = generate_ed25519_keypair()
print(keypair.did)                  # did:key:z6Mk...
print(keypair.verification_method)  # did:key:z6Mk...#z6Mk...

# Sign a document with an Ed25519Signature2020 proof
document = {
    "id": "urn:example:cap-1",
    "type": "Authorization",
    "controller": keypair.did,
    "invocationTarget": "https://api.example.com/docs",
    "allowedAction": ["read"],
}
proof_metadata = {
    "type": "Ed25519Signature2020",
    "verificationMethod": keypair.verification_method,
    "created": "2026-01-01T00:00:00Z",
    "proofPurpose": "capabilityDelegation",
}
to_sign = {**document, "proof": proof_metadata}
signature = keypair.private_key.sign(canonicalize(to_sign))
signed = {**document, "proof": {**proof_metadata, "proofValue": base58btc_encode(signature)}}

# Verify — resolves the public key from proof.verificationMethod automatically
verify_document_proof(signed)

Examples

Runnable examples are in the examples/ directory:

Example Description
key_generation.py Generate Ed25519 keypairs with did:key identifiers
sign_and_verify.py Sign and verify raw messages
resolve_did_key.py Resolve a did:key to a verification method
encode_decode_did_key.py Convert between raw key bytes and did:key strings
parse_did_url.py Strict DID and DID URL parsing
multibase_multicodec.py Low-level multibase/multicodec utilities
jcs_canonicalization.py RFC 8785 / JCS canonicalization
verify_proof_jcs.py JCS-based proof verification (zcap-dotnet interop)
verify_proof_w3c.py W3C URDNA2015 proof verification (requires pyld)
parse_capability.py Parse and validate ZCAP-LD capabilities
parse_invocation.py Parse and validate ZCAP-LD invocations
error_handling.py Structured exception handling

Run any example with:

uv run python examples/key_generation.py

Requirements

  • Python 3.11+
  • Runtime dependencies: cryptography>=41.0, multiformats>=0.3.1, rfc8785>=0.1.4
  • Optional: pyld>=2.0 (for W3C URDNA2015 proof verification — install with pip install zcap-py[jsonld])

Project Status

This library is in active development. Phase 1 (crypto & DID foundation) and Phase 2 (JCS canonicalization, proof verification, document parsing) are complete. Upcoming phases will add delegation chain verification, invocation verification, and async support.

Reference Specification

Contributing

See CONTRIBUTING.md for setup instructions and guidelines.

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for moisesja from gravatar.com moisesja

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Moises Jaramillo
  • Requires: Python >=3.11
  • Provides-Extra: jsonld
Classifiers

Release history Release notifications | RSS feed

This version

0.6.0

0.5.0

0.3.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

zcap_py-0.6.0.tar.gz (137.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

zcap_py-0.6.0-py3-none-any.whl (35.0 kB view details)

Uploaded Python 3

File details

Details for the file zcap_py-0.6.0.tar.gz.

File metadata

  • Download URL: zcap_py-0.6.0.tar.gz
  • Upload date:
  • Size: 137.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for zcap_py-0.6.0.tar.gz
Algorithm Hash digest
SHA256 29d46504fcd270c49f698155e975e225f6c516f8fcd479dc329aff820314dee1
MD5 f0489a4aaa4bee776ee9db2489e78b63
BLAKE2b-256 ff9632a8fe5d1b833b378fcf00c298fa21c143f344d0d98f10aecd37f77b731d

See more details on using hashes here.

Provenance

The following attestation bundles were made for zcap_py-0.6.0.tar.gz:

Publisher: publish.yml on moisesja/zcap-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file zcap_py-0.6.0-py3-none-any.whl.

File metadata

  • Download URL: zcap_py-0.6.0-py3-none-any.whl
  • Upload date:
  • Size: 35.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for zcap_py-0.6.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a7aa9a5199ebc2a1cb2956a93796d7925dd4bf85683a80fecea56261978c6dec
MD5 d6467dbb8a0a3f64b003f1b6796ee72a
BLAKE2b-256 d8e8fa5a5c508f99f530ad7defb50f2c4046a5e135040231c423d4b817f0a6be

See more details on using hashes here.

Provenance

The following attestation bundles were made for zcap_py-0.6.0-py3-none-any.whl:

Publisher: publish.yml on moisesja/zcap-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page