Authorization Capabilities for Linked Data — Python verification library

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for moisesja from gravatar.com moisesja

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Moises Jaramillo
  • Requires: Python >=3.11
  • Provides-Extra: jsonld
Classifiers
Report project as malware

Project description

zcap-py

CI PyPI Python License

Authorization Capabilities for Linked Data — Python verification library.

A minimal, production-quality Python library implementing the W3C Authorization Capabilities for Linked Data (ZCAP-LD) draft specification. This is the Python counterpart to zcap-dotnet.

Features

  • Ed25519 key generation and signature verification
  • did:key encoding, decoding, and resolution (Ed25519 only)
  • Multibase-z (base58btc) and multicodec support
  • Strict DID URL parsing and validation
  • RFC 8785 / JCS canonicalization
  • Ed25519Signature2020 proof verification (JCS-based for zcap-dotnet interop)
  • W3C-compliant Ed25519Signature2020 proof verification (URDNA2015, optional pyld dependency)
  • ZCAP-LD document parsing (Capability & Invocation)
  • Typed exception hierarchy for controlled error handling
  • 100% type-annotated public API (mypy --strict compliant)
  • Zero network I/O in core — fully offline verification

Installation

pip install zcap-py

Or with uv:

uv add zcap-py

For W3C-compliant URDNA2015 proof verification, install with the jsonld extra:

pip install zcap-py[jsonld]

Quick Start

from zcap_py import generate_ed25519_keypair, verify_document_proof
from zcap_py import canonicalize, base58btc_encode

# Generate a did:key keypair
keypair = generate_ed25519_keypair()
print(keypair.did)                  # did:key:z6Mk...
print(keypair.verification_method)  # did:key:z6Mk...#z6Mk...

# Sign a document with an Ed25519Signature2020 proof
document = {
    "id": "urn:example:cap-1",
    "type": "Authorization",
    "controller": keypair.did,
    "invocationTarget": "https://api.example.com/docs",
    "allowedAction": ["read"],
}
proof_metadata = {
    "type": "Ed25519Signature2020",
    "verificationMethod": keypair.verification_method,
    "created": "2026-01-01T00:00:00Z",
    "proofPurpose": "capabilityDelegation",
}
to_sign = {**document, "proof": proof_metadata}
signature = keypair.private_key.sign(canonicalize(to_sign))
signed = {**document, "proof": {**proof_metadata, "proofValue": base58btc_encode(signature)}}

# Verify — resolves the public key from proof.verificationMethod automatically
verify_document_proof(signed)

Examples

Runnable examples are in the examples/ directory:

Example Description
key_generation.py Generate Ed25519 keypairs with did:key identifiers
sign_and_verify.py Sign and verify raw messages
resolve_did_key.py Resolve a did:key to a verification method
encode_decode_did_key.py Convert between raw key bytes and did:key strings
parse_did_url.py Strict DID and DID URL parsing
multibase_multicodec.py Low-level multibase/multicodec utilities
jcs_canonicalization.py RFC 8785 / JCS canonicalization
verify_proof_jcs.py JCS-based proof verification (zcap-dotnet interop)
verify_proof_w3c.py W3C URDNA2015 proof verification (requires pyld)
parse_capability.py Parse and validate ZCAP-LD capabilities
parse_invocation.py Parse and validate ZCAP-LD invocations
error_handling.py Structured exception handling

Run any example with:

uv run python examples/key_generation.py

Requirements

  • Python 3.11+
  • Runtime dependencies: cryptography>=41.0, multiformats>=0.3.1, rfc8785>=0.1.4
  • Optional: pyld>=2.0 (for W3C URDNA2015 proof verification — install with pip install zcap-py[jsonld])

Project Status

This library is in active development. Phase 1 (crypto & DID foundation) and Phase 2 (JCS canonicalization, proof verification, document parsing) are complete. Upcoming phases will add delegation chain verification, invocation verification, and async support.

Reference Specification

Contributing

See CONTRIBUTING.md for setup instructions and guidelines.

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for moisesja from gravatar.com moisesja

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Moises Jaramillo
  • Requires: Python >=3.11
  • Provides-Extra: jsonld
Classifiers

Release history Release notifications | RSS feed

0.6.0

0.5.0

This version

0.3.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

zcap_py-0.3.0.tar.gz (111.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

zcap_py-0.3.0-py3-none-any.whl (25.8 kB view details)

Uploaded Python 3

File details

Details for the file zcap_py-0.3.0.tar.gz.

File metadata

  • Download URL: zcap_py-0.3.0.tar.gz
  • Upload date:
  • Size: 111.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for zcap_py-0.3.0.tar.gz
Algorithm Hash digest
SHA256 66974f4517fc1bb862df420c594ec801604e3789602d6e5a484712d5ab66ecd0
MD5 6c85c2c30d825473088cf969e436871a
BLAKE2b-256 d2c0fb6fcd7fca23b50587928f8b70ebf4213573116b82aad053f9a539298fc2

See more details on using hashes here.

Provenance

The following attestation bundles were made for zcap_py-0.3.0.tar.gz:

Publisher: publish.yml on moisesja/zcap-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file zcap_py-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: zcap_py-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 25.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for zcap_py-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 a4489decf0850e6cc36cf5bd3f0b40b09972ae730553459265c93173087e4741
MD5 d0a67934b11f460ca46b2067838a8d8a
BLAKE2b-256 3787e3d54ed3f7ed9a307c4396d9463ad5443e8d881e4f19f30ee442482823f1

See more details on using hashes here.

Provenance

The following attestation bundles were made for zcap_py-0.3.0-py3-none-any.whl:

Publisher: publish.yml on moisesja/zcap-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page