PyCA cryptography 40.0.0 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.6+, and PyPy3 7.3.10+.
Changelog (https://cryptography.io/en/latest/changelog/#v40-0-0): * BACKWARDS INCOMPATIBLE: As announced in the 39.0.0 changelog, the way cryptography links OpenSSL has changed. This only impacts users who build cryptography from source (i.e., not from a wheel), and specify their own version of OpenSSL. For those users, the CFLAGS, LDFLAGS, INCLUDE, LIB, and CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS environment variables are no longer valid. Instead, users need to configure their builds as documented here. * Support for Python 3.6 is deprecated and will be removed in the next release. * Deprecated the current minimum supported Rust version (MSRV) of 1.48.0. In the next release we will raise MSRV to 1.56.0. Users with the latest pip will typically get a wheel and not need Rust installed, but check Installation for documentation on installing a newer rustc if required. * Deprecated support for OpenSSL less than 1.1.1d. The next release of cryptography will drop support for older versions. * Deprecated support for DSA keys in load_ssh_public_key() and load_ssh_private_key(). * Deprecated support for OpenSSH serialization in DSAPublicKey and DSAPrivateKey. * The minimum supported version of PyPy3 is now 7.3.10. * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.0. * Added support for parsing SSH certificates in addition to public keys with load_ssh_public_identity(). load_ssh_public_key() continues to support only public keys. * Added support for generating SSH certificates with SSHCertificateBuilder. * Added verify_directly_issued_by() to Certificate. * Added a check to NameConstraints to ensure that DNSName constraints do not contain any * wildcards. * Removed many unused CFFI OpenSSL bindings. This will not impact you unless you are using cryptography to directly invoke OpenSSL’s C API. Note that these have never been considered a stable, supported, public API by cryptography, this note is included as a courtesy. * The X.509 builder classes now raise UnsupportedAlgorithm instead of ValueError if an unsupported hash algorithm is passed. * Added public union type aliases for type hinting: Asymmetric types: PublicKeyTypes, PrivateKeyTypes, CertificatePublicKeyTypes, CertificateIssuerPublicKeyTypes, CertificateIssuerPrivateKeyTypes SSH keys: SSHPublicKeyTypes, SSHPrivateKeyTypes, SSHCertPublicKeyTypes, SSHCertPrivateKeyTypes PKCS12: PKCS12PrivateKeyTypes PKCS7: PKCS7HashTypes, PKCS7PrivateKeyTypes Two-factor: HOTPHashTypes * Deprecated previously undocumented but not private type aliases in the cryptography.hazmat.primitives.asymmetric.types module in favor of new ones above. -Paul Kehrer (reaperhulk) _______________________________________________ Python-announce-list mailing list -- python-announce-list@python.org To unsubscribe send an email to python-announce-list-le...@python.org https://mail.python.org/mailman3/lists/python-announce-list.python.org/ Member address: arch...@mail-archive.com