PyCA cryptography 47.0.0 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.8+, and PyPy3 3.11.
Changelog (https://cryptography.io/en/latest/changelog/#v47-0-0) * Support for Python 3.8 is deprecated and will be removed in the next cryptography release. * BACKWARDS INCOMPATIBLE: Support for binary elliptic curves (SECT* classes) has been removed. These curves are rarely used and have additional security considerations that make them undesirable. * BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.1.x has been removed. OpenSSL 3.0.0 or later is now required. LibreSSL, BoringSSL, and AWS-LC continue to be supported. * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 4.1. * BACKWARDS INCOMPATIBLE: Loading keys with unsupported algorithms or keys with unsupported explicit curve encodings now raises UnsupportedAlgorithm instead of ValueError. This change affects load_pem_private_key(), load_der_private_key(), load_pem_public_key(), load_der_public_key(), and public_key() when called on certificates with unsupported public key algorithms. * BACKWARDS INCOMPATIBLE: When parsing elliptic curve private keys, we now reject keys that incorrectly encode a private key of the wrong length because such keys are impossible to process in a constant-time manner. We do not believe keys with this problem are in wide use, however we may revert this change based on the feedback we receive. * Deprecated passing 64-bit (8-byte) and 128-bit (16-byte) keys to TripleDES. In a future release, only 192-bit (24-byte) keys will be accepted. Users should expand shorter keys themselves (e.g., for single DES: key + key + key, for two-key: key + key[:8]). * Updated the minimum supported Rust version (MSRV) to 1.83.0, from 1.74.0. * Support for x86_64 macOS (including publishing wheels) is deprecated and will be removed in the next release. We will switch to publishing an arm64 only wheel for macOS. * Support for 32-bit Windows (including publishing wheels) is deprecated and will be removed in the next release. Users should move to a 64-bit Python installation. public_bytes and private_bytes methods on keys now raise TypeError (instead of ValueError) if an invalid encoding is provided for the given format. * Moved CFB, OFB, and CFB8 into Decrepit cryptography and deprecated them in the modes module. They will be removed from the modes module in 49.0.0. * Moved Camellia into Decrepit cryptography and deprecated it in the cipher module. It will be removed from the cipher module in 49.0.0. * Added extract() to HKDF. The previous private implementation will be removed in 49.0.0. * Added support for loading elliptic curve keys that contain explicit encodings of the curves secp256r1, secp384r1, and secp521r1. * Added support for Argon2d and Argon2i when using OpenSSL 3.2.0+. * Added derive_into methods to HKDF, HKDFExpand, ConcatKDFHash, ConcatKDFHMAC, Argon2id, PBKDF2HMAC, KBKDFHMAC, KBKDFCMAC, Scrypt, and X963KDF to allow deriving keys directly into pre-allocated buffers. * Added encrypt_into and decrypt_into methods to AESCCM, AESGCM, AESGCMSIV, AESOCB3, AESSIV, and ChaCha20Poly1305 to allow encrypting directly into a pre-allocated buffer. * Added support for PKCS1v15 signing without DigestInfo using NoDigestInfo. * Added hash(), a one-shot method for computing hashes. * Added HPKE (Hybrid Public Key Encryption) support implementing RFC 9180 for hybrid authenticated encryption. * Added new ML-KEM key encapsulation module with support for ML-KEM key encapsulation with AWS-LC and BoringSSL. * Note: Post-quantum algorithm support requires AWS-LC or BoringSSL. As we ship our wheels with OpenSSL, most users will not have access to these APIs yet. See ( https://cryptography.io/en/latest/statements/state-of-openssl/) for more information on OpenSSL support. * Added new ML-DSA signing module with support for ML-DSA signing and verification with AWS-LC and BoringSSL. * Note: Post-quantum algorithm support requires AWS-LC or BoringSSL. As we ship our wheels with OpenSSL, most users will not have access to these APIs yet. See ( https://cryptography.io/en/latest/statements/state-of-openssl/) for more information on OpenSSL support. * Added new ASN.1 module with support for declaratively defining custom ASN.1 types and encoding/decoding them. * Fixed compilation when using LibreSSL 4.3.0 and OpenSSL 4.0.0. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 4.0.0. -Paul Kehrer (reaperhulk)
_______________________________________________ Cryptography-dev mailing list -- [email protected] To unsubscribe send an email to [email protected] https://mail.python.org/mailman3//lists/cryptography-dev.python.org Member address: [email protected]
