Authorization Capabilities for Linked Data — Python verification library

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for moisesja from gravatar.com moisesja

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Moises Jaramillo
  • Requires: Python >=3.11
  • Provides-Extra: jsonld
Classifiers
Report project as malware

Project description

zcap-py

CI PyPI Python License

Authorization Capabilities for Linked Data — Python verification library.

A minimal, production-quality Python library implementing the W3C Authorization Capabilities for Linked Data (ZCAP-LD) draft specification. This is the Python counterpart to zcap-dotnet.

Features

  • Ed25519 key generation and signature verification
  • did:key encoding, decoding, and resolution (Ed25519 only)
  • Multibase-z (base58btc) and multicodec support
  • Strict DID URL parsing and validation
  • RFC 8785 / JCS canonicalization
  • Ed25519Signature2020 proof verification (JCS-based for zcap-dotnet interop)
  • W3C-compliant Ed25519Signature2020 proof verification (URDNA2015, optional pyld dependency)
  • ZCAP-LD document parsing (Capability & Invocation)
  • Typed exception hierarchy for controlled error handling
  • 100% type-annotated public API (mypy --strict compliant)
  • Zero network I/O in core — fully offline verification

Installation

pip install zcap-py

Or with uv:

uv add zcap-py

For W3C-compliant URDNA2015 proof verification, install with the jsonld extra:

pip install zcap-py[jsonld]

Quick Start

from zcap_py import generate_ed25519_keypair, verify_document_proof
from zcap_py import canonicalize, base58btc_encode

# Generate a did:key keypair
keypair = generate_ed25519_keypair()
print(keypair.did)                  # did:key:z6Mk...
print(keypair.verification_method)  # did:key:z6Mk...#z6Mk...

# Sign a document with an Ed25519Signature2020 proof
document = {
    "id": "urn:example:cap-1",
    "type": "Authorization",
    "controller": keypair.did,
    "invocationTarget": "https://api.example.com/docs",
    "allowedAction": ["read"],
}
proof_metadata = {
    "type": "Ed25519Signature2020",
    "verificationMethod": keypair.verification_method,
    "created": "2026-01-01T00:00:00Z",
    "proofPurpose": "capabilityDelegation",
}
to_sign = {**document, "proof": proof_metadata}
signature = keypair.private_key.sign(canonicalize(to_sign))
signed = {**document, "proof": {**proof_metadata, "proofValue": base58btc_encode(signature)}}

# Verify — resolves the public key from proof.verificationMethod automatically
verify_document_proof(signed)

Examples

Runnable examples are in the examples/ directory:

Example Description
key_generation.py Generate Ed25519 keypairs with did:key identifiers
sign_and_verify.py Sign and verify raw messages
resolve_did_key.py Resolve a did:key to a verification method
encode_decode_did_key.py Convert between raw key bytes and did:key strings
parse_did_url.py Strict DID and DID URL parsing
multibase_multicodec.py Low-level multibase/multicodec utilities
jcs_canonicalization.py RFC 8785 / JCS canonicalization
verify_proof_jcs.py JCS-based proof verification (zcap-dotnet interop)
verify_proof_w3c.py W3C URDNA2015 proof verification (requires pyld)
parse_capability.py Parse and validate ZCAP-LD capabilities
parse_invocation.py Parse and validate ZCAP-LD invocations
error_handling.py Structured exception handling

Run any example with:

uv run python examples/key_generation.py

Requirements

  • Python 3.11+
  • Runtime dependencies: cryptography>=41.0, multiformats>=0.3.1, rfc8785>=0.1.4
  • Optional: pyld>=2.0 (for W3C URDNA2015 proof verification — install with pip install zcap-py[jsonld])

Project Status

This library is in active development. Phase 1 (crypto & DID foundation) and Phase 2 (JCS canonicalization, proof verification, document parsing) are complete. Upcoming phases will add delegation chain verification, invocation verification, and async support.

Reference Specification

Contributing

See CONTRIBUTING.md for setup instructions and guidelines.

License

Apache-2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for moisesja from gravatar.com moisesja

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: Moises Jaramillo
  • Requires: Python >=3.11
  • Provides-Extra: jsonld
Classifiers

Release history Release notifications | RSS feed

0.6.0

This version

0.5.0

0.3.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

zcap_py-0.5.0.tar.gz (129.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

zcap_py-0.5.0-py3-none-any.whl (34.4 kB view details)

Uploaded Python 3

File details

Details for the file zcap_py-0.5.0.tar.gz.

File metadata

  • Download URL: zcap_py-0.5.0.tar.gz
  • Upload date:
  • Size: 129.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for zcap_py-0.5.0.tar.gz
Algorithm Hash digest
SHA256 531087da2e1f6399627f33278b607190fa43d6260bc82cf6e891165022dbaeaa
MD5 e70b5f463fb3a851bf067fb4ba710e4c
BLAKE2b-256 a0c7d0d942e097860d12e0d96499599ade20c4bcb828f9d107b97249c4739bbc

See more details on using hashes here.

Provenance

The following attestation bundles were made for zcap_py-0.5.0.tar.gz:

Publisher: publish.yml on moisesja/zcap-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file zcap_py-0.5.0-py3-none-any.whl.

File metadata

  • Download URL: zcap_py-0.5.0-py3-none-any.whl
  • Upload date:
  • Size: 34.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for zcap_py-0.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e73ee34ff86daab683dff92529f97a872eb4b3e2e66c3f2a15cccec5104ff30b
MD5 d57c090c06091369b096fd4e4b2ca0df
BLAKE2b-256 08899cd69e0b051cfd2bdc104f9969af876e79463d78d9515c08908c9c098f53

See more details on using hashes here.

Provenance

The following attestation bundles were made for zcap_py-0.5.0-py3-none-any.whl:

Publisher: publish.yml on moisesja/zcap-py

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page