PyCA cryptography 45.0.1 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.7+, and PyPy3 7.3.10+.
Changelog (https://cryptography.io/en/latest/changelog/#v45-0-1): * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.0. This also includes the changes from 45.0.0: Changelog (https://cryptography.io/en/latest/changelog/#v45-0-0): * Support for Python 3.7 is deprecated and will be removed in the next cryptography release. * Updated the minimum supported Rust version (MSRV) to 1.74.0, from 1.65.0. * Added support for serialization of PKCS#12 Java truststores in serialize_java_truststore() * Added derive_phc_encoded() and verify_phc_encoded() methods to support password hashing in the PHC string format. * Added support for PKCS7 decryption and encryption using AES-256 as the content algorithm, in addition to AES-128. * BACKWARDS INCOMPATIBLE: Made SSH private key loading more consistent with other private key loading: load_ssh_private_key() now raises a TypeError if the key is unencrypted but a password is provided (previously no exception was raised), and raises a TypeError if the key is encrypted but no password is provided (previously a ValueError was raised). * We significantly refactored how private key loading ( load_pem_private_key() and load_der_private_key()) works. This is intended to be backwards compatible for all well-formed keys, therefore if you discover a key that now raises an exception, please file a bug with instructions for reproducing. * Added unsafe_skip_rsa_key_validation keyword-argument to load_ssh_private_key(). * Added XOFHash to support repeated squeeze() operations on extendable output functions. * Added add_response_by_hash() method to allow creating OCSP responses using certificate hash values rather than full certificates. * Extended the X.509 path validation API to support user-configured extension policies via the PolicyBuilder.extension_policies method. * Deprecated the subject, verification_time and max_chain_depth properties on ClientVerifier and ServerVerifier in favor of a new policy property. These properties will be removed in the next release of cryptography. * BACKWARDS INCOMPATIBLE: The VerifiedClient.subject property can now be None since a custom extension policy may allow certificates without a Subject Alternative Name extension. * Changed the behavior when the OpenSSL 3 legacy provider fails to load. Instead of raising an exception, a warning is now emitted. The CRYPTOGRAPHY_OPENSSL_NO_LEGACY environment variable can still be used to disable the legacy provider at runtime. * Added support for the CRYPTOGRAPHY_BUILD_OPENSSL_NO_LEGACY environment variable during build time, which prevents the library from ever attempting to load the legacy provider. * Added support for the PrivateKeyUsagePeriod X.509 extension. This extension defines the period during which the private key corresponding to the certificate’s public key may be used. Added support for compiling against aws-lc. * Parsing X.509 structures now more strictly enforces that Name structures do not have malformed ASN.1. * We now publish py311 wheels that utilize the faster pyo3::buffer::PyBuffer interface, resulting in significantly improved performance for operations involving small buffers. * Added ssh_key_fingerprint() for computing fingerprints of SSH public keys. * Added support for deterministic ECDSA signing via the new keyword-only argument ecdsa_deterministic in the X509 builder sign methods. -Pau Kehrer (reaperhulk)
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
