A Python implementation of CWT/COSE.

Overview

Python CWT - A Python implementation of CWT/COSE

PyPI version PyPI - Python Version Documentation Status Github CI codecov

Python CWT is a CBOR Web Token (CWT) and CBOR Object Signing and Encryption (COSE) implementation compliant with:

It is designed to make users who already know about JWS/JWE/JWT be able to use it in ease. Little knowledge of CBOR/COSE/CWT is required to use it.

You can install Python CWT with pip:

$ pip install cwt

And then, you can use it as follows:

>>> import cwt
>>> from cwt import COSEKey
>>> key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
>>> token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
>>> token.hex()
'd18443a10105a05835a60172636f6170733a2f2f61732e657861'...
>>> cwt.decode(token, key)
{1: 'coaps://as.example', 2: 'dajiaji', 7: b'123', 4: 1620088759, 5: 1620085159, 6: 1620085159}

See Documentation for details.

Index

Installation

Install with pip:

pip install cwt

CWT Usage Examples

Followings are typical and basic examples which create various types of CWTs, verify and decode them.

CWT API in the examples are built on top of COSE API.

See API Reference and CWT Usage Examples on document for more details.

MACed CWT

Create a MACed CWT with HS256, verify and decode it as follows:

import cwt
from cwt import Claims, COSEKey

try:
    key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
    token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
    decoded = cwt.decode(token, key)

    # If you want to treat the result like a JWT;
    readable = Claims.new(decoded)
    assert readable.iss == 'coaps://as.example'
    assert readable.sub == 'dajiaji'
    assert readable.cti == '123'
    # readable.exp == 1620088759
    # readable.nbf == 1620085159
    # readable.iat == 1620085159

except Exception as err:
    # All the other examples in this document omit error handling but this CWT library
    # can throw following errors:
    #   ValueError: Invalid arguments.
    #   EncodeError: Failed to encode.
    #   VerifyError: Failed to verify.
    #   DecodeError: Failed to decode.
    print(err)

A raw CWT structure (Dict[int, Any]) can also be used as follows:

import cwt
from cwt import COSEKey

key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
token = cwt.encode({1: "coaps://as.example", 2: "dajiaji", 7: b"123"}, key)
decoded = cwt.decode(token, key)

MAC algorithms other than HS256 are listed in Supported COSE Algorithms.

Signed CWT

Create an Ed25519 key pair:

$ openssl genpkey -algorithm ed25519 -out private_key.pem
$ openssl pkey -in private_key.pem -pubout -out public_key.pem

Create a Signed CWT with Ed25519, verify and decode it with the key pair as follows:

import cwt
from cwt import COSEKey

# The sender side:
with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="01")
token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# The recipient side:
with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="01")
decoded = cwt.decode(token, public_key)

JWKs can also be used instead of the PEM-formatted keys as follows:

import cwt
from cwt import COSEKey

# The sender side:
private_key = COSEKey.from_jwk({
    "kid": "01",
    "kty": "OKP",
    "key_ops": ["sign"],
    "alg": "EdDSA",
    "crv": "Ed25519",
    "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
    "d": "L8JS08VsFZoZxGa9JvzYmCWOwg7zaKcei3KZmYsj7dc",
})
token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# The recipient side:
public_key = COSEKey.from_jwk({
    "kid": "01",
    "kty": "OKP",
    "key_ops": ["verify"],
    "crv": "Ed25519",
    "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
})
decoded = cwt.decode(token, public_key)

Signing algorithms other than Ed25519 are listed in Supported COSE Algorithms.

Encrypted CWT

Create an encrypted CWT with ChaCha20/Poly1305 and decrypt it as follows:

import cwt
from cwt import COSEKey

enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, enc_key)
decoded = cwt.decode(token, enc_key)

Encryption algorithms other than ChaCha20/Poly1305 are listed in Supported COSE Algorithms.

Nested CWT

Create a signed CWT and encrypt it, and then decrypt and verify the nested CWT as follows.

import cwt
from cwt import COSEKey

# A shared encryption key.
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="enc-01")

# Creates a CWT with ES256 signing.
with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="sig-01")
token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# Encrypts the signed CWT.
nested = cwt.encode(token, enc_key)

# Decrypts and verifies the nested CWT.
with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="sig-01")
decoded = cwt.decode(nested, [enc_key, public_key])

CWT with User Settings

The cwt in cwt.encode() and cwt.decode() above is a global CWT class instance created with default settings in advance. The default settings are as follows:

  • expires_in: 3600 seconds. This is the default lifetime in seconds of CWTs.
  • leeway: 60 seconds. This is the default leeway in seconds for validating exp and nbf.

If you want to change the settings, you can create your own CWT class instance as follows:

from cwt import COSEKey, CWT

key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
mycwt = CWT.new(expires_in=3600*24, leeway=10)
token = mycwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
decoded = mycwt.decode(token, key)

CWT with User-Defined Claims

You can use your own claims as follows:

Note that such user-defined claim's key should be less than -65536.

import cwt
from cwt import COSEKey

# The sender side:
with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="01")
token = cwt.encode(
    {
        1: "coaps://as.example",  # iss
        2: "dajiaji",  # sub
        7: b"123",  # cti
        -70001: "foo",
        -70002: ["bar"],
        -70003: {"baz": "qux"},
        -70004: 123,
    },
    private_key,
)

# The recipient side:
with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="01")
raw = cwt.decode(token, public_key)
assert raw[-70001] == "foo"
assert raw[-70002][0] == "bar"
assert raw[-70003]["baz"] == "qux"
assert raw[-70004] == 123

readable = Claims.new(raw)
assert readable.get(-70001) == "foo"
assert readable.get(-70002)[0] == "bar"
assert readable.get(-70003)["baz"] == "qux"
assert readable.get(-70004) == 123

User-defined claims can also be used with JSON-based claims as follows:

import cwt
from cwt import Claims, COSEKey

with open("./private_key.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="01")

my_claim_names = {
    "ext_1": -70001,
    "ext_2": -70002,
    "ext_3": -70003,
    "ext_4": -70004,
}

cwt.set_private_claim_names(my_claim_names)
token = cwt.encode(
    {
        "iss": "coaps://as.example",
        "sub": "dajiaji",
        "cti": b"123",
        "ext_1": "foo",
        "ext_2": ["bar"],
        "ext_3": {"baz": "qux"},
        "ext_4": 123,
    },
    private_key,
)

with open("./public_key.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="01")

raw = cwt.decode(token, public_key)
readable = Claims.new(
    raw,
    private_claims_names=my_claim_names,
)
assert readable.get("ext_1") == "foo"
assert readable.get("ext_2")[0] == "bar"
assert readable.get("ext_3")["baz"] == "qux"
assert readable.get("ext_4") == 123

CWT with PoP Key

Python CWT supports Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs). A CWT can include a PoP key as follows:

On the issuer side:

import cwt
from cwt import COSEKey

# Prepares a signing key for CWT in advance.
with open("./private_key_of_issuer.pem") as key_file:
    private_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")

# Sets the PoP key to a CWT for the presenter.
token = cwt.encode(
    {
        "iss": "coaps://as.example",
        "sub": "dajiaji",
        "cti": "123",
        "cnf": {
            "jwk": {  # Provided by the CWT presenter.
                "kty": "OKP",
                "use": "sig",
                "crv": "Ed25519",
                "kid": "presenter-01",
                "x": "2E6dX83gqD_D0eAmqnaHe1TC1xuld6iAKXfw2OVATr0",
                "alg": "EdDSA",
            },
        },
    },
    private_key,
)

# Issues the token to the presenter.

On the CWT presenter side:

import cwt
from cwt import COSEKey

# Prepares a private PoP key in advance.
with open("./private_pop_key.pem") as key_file:
    pop_key_private = COSEKey.from_pem(key_file.read(), kid="presenter-01")

# Receives a message (e.g., nonce)  from the recipient.
msg = b"could-you-sign-this-message?"  # Provided by recipient.

# Signs the message with the private PoP key.
sig = pop_key_private.sign(msg)

# Sends the msg and the sig with the CWT to the recipient.

On the CWT recipient side:

import cwt
from cwt import Claims, COSEKey

# Prepares the public key of the issuer in advance.
with open("./public_key_of_issuer.pem") as key_file:
    public_key = COSEKey.from_pem(key_file.read(), kid="issuer-01")

# Verifies and decodes the CWT received from the presenter.
raw = cwt.decode(token, public_key)
decoded = Claims.new(raw)

# Extracts the PoP key from the CWT.
extracted_pop_key = COSEKey.new(decoded.cnf)  # = raw[8][1]

# Then, verifies the message sent by the presenter
# with the signature which is also sent by the presenter as follows:
extracted_pop_key.verify(msg, sig)

Usage Examples shows other examples which use other confirmation methods for PoP keys.

CWT with Private CA

Python CWT supports the case of using an arbitrary private CA as a root of trust. In this case, a COSE message sender needs to specify the trust relationship chaining up to the root CA by using x5chain header parameter. On the other hand, a COSE message receiver needs to specify trusted root CAs by using ca_certs parameter of CWT/COSE constructor (CWT.new() or COSE.new()).

import cwt
from cwt import Claims, COSEKey

# The sernder side:
with open("./private_key_of_cert.pem")) as f:
    private_key = COSEKey.from_pem(f.read(), kid="01")

token = cwt.encode(
    {"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, private_key
)

# The recipient side:
public_key = COSEKey.from_jwk(
    {
        "kty": "EC",
        "use": "sig",
        "crv": "P-256",
        "kid": "P-256-01",
        "x": "oONCv1QoiajIbcW21Dqy6EnGvBTuF26GU7dy6JzOfXk",
        "y": "sl6k77K0TS36FW-TyEGLHY14ovZfdZ9DZWsbA8BTHGc",
        "x5c": [
          # The DER formatted X509 certificate which pairs with the private_key_of_cert.pem above.
          "MIIClDCCAXygAwIBAgIBBDANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJKUDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAoMB2RhamlhamkxEzARBgNVBAMMCnB5dGhvbi1jd3QxIDAeBgkqhkiG9w0BCQEWEWRhamlhamlAZ21haWwuY29tMB4XDTIxMTAwMzEzMDE1MFoXDTMxMTAwMTEzMDE1MFowZDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMQ0wCwYDVQQKDAR0ZXN0MRUwEwYDVQQDDAx0ZXN0LmV4YW1wbGUxHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASg40K_VCiJqMhtxbbUOrLoSca8FO4XboZTt3LonM59ebJepO-ytE0t-hVvk8hBix2NeKL2X3WfQ2VrGwPAUxxnoxowGDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIE8DANBgkqhkiG9w0BAQsFAAOCAQEAZFfvFbaDk_DmG2cPGTwqwnFok1QnH2Tzkjk7p4vs1ycWzEDltkhyzcJxTSHoQGdykf7fG8NCrEqfi1G3hOyAtGxVIVcqsI-KIJCESp43zrNz5HsbwEY8l5rvcwohKGlE_idIFt5IuDTv7vsg_FaCIDeruw0NrXAACnLTwksawsxaCvtY12U0wsI2aC2Sb6V3HL-OLgcN6ZWzZ054L88JllckYnqJB8wCVBzzX2K2sZH3yeS39oRWZOVG6fwXsX4k0fHFx-Fn6KlrBU15pbjMLMn0ow0X3Y8e7FOgfkkph-N7e2SxceXNjrLiumOdclPm9yGSWoGsOJdId53dPvqAsQ",
          # The root certificate which is used for signing the above certificate (optional).
          "MIIDrzCCApegAwIBAgIUIK_CYzdq4BLLVXqSclNBgXy6mgswDQYJKoZIhvcNAQELBQAwZjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQKDAdkYWppYWppMRMwEQYDVQQDDApweXRob24tY3d0MSAwHgYJKoZIhvcNAQkBFhFkYWppYWppQGdtYWlsLmNvbTAgFw0yMTEwMDIyMzU0NTZaGA8yMDcxMDkyMDIzNTQ1NlowZjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQKDAdkYWppYWppMRMwEQYDVQQDDApweXRob24tY3d0MSAwHgYJKoZIhvcNAQkBFhFkYWppYWppQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANFg4sw-uPWbPBbkJuohXc89O0gaqG1H2i1wzxxka32XNKIdwrxOJvsB2eALo3q7dTqLKCgzrjdd5N07gi0KzqjoIXIXqKpV5tm0fP5gCzEOWgxySCfBJOJyyvO6WvYXdvukEBnL-48D8RSjQH9fQEju5RG0taFZE-0nQ7n3P0J-Q-OfBUEoRiHvCd8oUx0s-fBpKdfhMAbD1sGAQ9CokUFeWc49em8inNqia5xljBtSYo6_2Zx9eb7B53wvBC0EmtS4SRyksR2emlr6GxMj_EZW7hcTfZCM4V2JYXliuAEdxA0sB7q-WqLg4OvltBQxCBgTTEXRCzxj3XXZy7QyUacCAwEAAaNTMFEwHQYDVR0OBBYEFA9id2cL_Chjv6liRN3HD849TARsMB8GA1UdIwQYMBaAFA9id2cL_Chjv6liRN3HD849TARsMA8GA1UdEwEB_wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAArIej5eJN1OmD3l3ef9QzosCxKThNwqNY55CoSSC3IRl-IAXy9Lvx7cgiliwBgCv99RbXZ1ZnptTHC_1kzMzPhPg9pGKDowFP-rywaB9-NTuHTWQ4hkKDsru5dpf75ILNI5PTUi1iiBM7TdgSerpEVroUWZiOpGAdlKkmE1h4gkR6eQY9Q0IvVXwagy_PPoQ1XO1i5Hyg3aXeDZBgkE7AuW9uxtYQHzg8JG2TNko_yp497yf_Ew4t6KzGDhSa8L1euMPtclALDWFhgl6WmYsHOqAOsyZOLwpsifWa533wI9mtTvLEg8TFKMOdU0sbAoQSbrrI9m4QS7mzDLchngj3E"
        ],
        "alg": "ES256"
    })

# The recipient can specify trusted CAs as follows:
decoder = CWT.new(ca_certs="/path/to/cacerts.pem")
decoded = decoder.decode(token, public_key)
assert 1 in decoded and decoded[1] == "coaps://as.example"

CWT for EUDCC (EU Digital COVID Certificate)

Python CWT supports Electronic Health Certificate Specification and EUDCC (EU Digital COVID Certificate) compliant with Technical Specifications for Digital Green Certificates Volume 1

A following example shows how to verify an EUDCC:

import cwt
from cwt import load_pem_hcert_dsc

# A DSC(Document Signing Certificate) issued by a CSCA
# (Certificate Signing Certificate Authority) quoted from:
# https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/AT/2DCode/raw/1.json
dsc = "-----BEGIN CERTIFICATE-----\nMIIBvTCCAWOgAwIBAgIKAXk8i88OleLsuTAKBggqhkjOPQQDAjA2MRYwFAYDVQQDDA1BVCBER0MgQ1NDQSAxMQswCQYDVQQGEwJBVDEPMA0GA1UECgwGQk1TR1BLMB4XDTIxMDUwNTEyNDEwNloXDTIzMDUwNTEyNDEwNlowPTERMA8GA1UEAwwIQVQgRFNDIDExCzAJBgNVBAYTAkFUMQ8wDQYDVQQKDAZCTVNHUEsxCjAIBgNVBAUTATEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASt1Vz1rRuW1HqObUE9MDe7RzIk1gq4XW5GTyHuHTj5cFEn2Rge37+hINfCZZcozpwQKdyaporPUP1TE7UWl0F3o1IwUDAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYEFO49y1ISb6cvXshLcp8UUp9VoGLQMB8GA1UdIwQYMBaAFP7JKEOflGEvef2iMdtopsetwGGeMAoGCCqGSM49BAMCA0gAMEUCIQDG2opotWG8tJXN84ZZqT6wUBz9KF8D+z9NukYvnUEQ3QIgdBLFSTSiDt0UJaDF6St2bkUQuVHW6fQbONd731/M4nc=\n-----END CERTIFICATE-----"

# An EUDCC (EU Digital COVID Certificate) quoted from:
# https://github.com/eu-digital-green-certificates/dgc-testdata/blob/main/AT/2DCode/raw/1.json
eudcc = bytes.fromhex(
    "d2844da20448d919375fc1e7b6b20126a0590133a4041a61817ca0061a60942ea001624154390103a101a4617681aa62646e01626d616d4f52472d3130303033303231356276706a313131393334393030376264746a323032312d30322d313862636f624154626369783155524e3a555643493a30313a41543a31303830373834334639344145453045453530393346424332353442443831332342626d706c45552f312f32302f31353238626973781b4d696e6973747279206f66204865616c74682c20417573747269616273640262746769383430353339303036636e616da463666e74754d5553544552465241553c474f455353494e47455262666e754d7573746572667261752d47c3b6c39f696e67657263676e74684741425249454c4562676e684761627269656c656376657265312e302e3063646f626a313939382d30322d323658405812fce67cb84c3911d78e3f61f890d0c80eb9675806aebed66aa2d0d0c91d1fc98d7bcb80bf00e181806a9502e11b071325901bd0d2c1b6438747b8cc50f521"
)

public_key = load_pem_hcert_dsc(dsc)
decoded = cwt.decode(eudcc, keys=[public_key])
claims = Claims.new(decoded)
# claims.hcert[1] ==
# {
#     'v': [
#         {
#             'dn': 1,
#             'ma': 'ORG-100030215',
#             'vp': '1119349007',
#             'dt': '2021-02-18',
#             'co': 'AT',
#             'ci': 'URN:UVCI:01:AT:10807843F94AEE0EE5093FBC254BD813#B',
#             'mp': 'EU/1/20/1528',
#             'is': 'Ministry of Health, Austria',
#             'sd': 2,
#             'tg': '840539006',
#         }
#     ],
#     'nam': {
#         'fnt': 'MUSTERFRAU<GOESSINGER',
#         'fn': 'Musterfrau-Gößinger',
#         'gnt': 'GABRIELE',
#         'gn': 'Gabriele',
#     },
#     'ver': '1.0.0',
#     'dob': '1998-02-26',
# }

COSE Usage Examples

Followings are typical and basic examples which create various types of COSE messages, verify and decode them.

See API Reference and COSE Usage Examples on document for more details.

COSE MAC0

Create a COSE MAC0 message, verify and decode it as follows:

from cwt import COSE, COSEKey

mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
encoded = ctx.encode_and_mac(b"Hello world!", mac_key)
assert b"Hello world!" == ctx.decode(encoded, mac_key)

Following two samples are other ways of writing the above example:

from cwt import COSE, COSEKey

mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
ctx = COSE.new()
encoded = ctx.encode_and_mac(
    b"Hello world!",
    mac_key,
    protected={"alg": "HS256"},
    unprotected={"kid": "01"},
)
assert b"Hello world!" == ctx.decode(encoded, mac_key)
from cwt import COSE, COSEKey

mac_key = COSEKey.from_symmetric_key(alg="HS256", kid="01")
ctx = COSE.new()
encoded = ctx.encode_and_mac(
    b"Hello world!",
    mac_key,
    protected={1: 5},
    unprotected={4: b"01"},
)
assert b"Hello world!" == ctx.decode(encoded, mac_key)

COSE MAC

Direct Key Distribution for MAC

The direct key distribution shares a MAC key between the sender and the recipient that is used directly. The follwing example shows the simplest way to make a COSE MAC message, verify and decode it with the direct key distribution method.

from cwt import COSE, COSEKey, Recipient

# The sender makes a COSE MAC message as follows:
mac_key = COSEKey.from_symmetric_key(alg="HS512", kid="01")
r = Recipient.from_jwk({"alg": "direct"})
r.apply(mac_key)
ctx = COSE.new()
encoded = ctx.encode_and_mac(b"Hello world!", mac_key, recipients=[r])

# The recipient has the same MAC key and can verify and decode it:
assert b"Hello world!" == ctx.decode(encoded, mac_key)

Direct Key with KDF for MAC

from secrets import token_bytes
from cwt import COSE, COSEKey, Recipient

shared_material = token_bytes(32)
shared_key = COSEKey.from_symmetric_key(shared_material, kid="01")

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "oct",
        "alg": "direct+HKDF-SHA-256",
    },
)
mac_key = r.apply(shared_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
    b"Hello world!",
    key=mac_key,
    recipients=[r],
)

# The recipient side:
assert b"Hello world!" == ctx.decode(encoded, shared_key, context={"alg": "HS256"})

AES Key Wrap for MAC

The AES key wrap algorithm can be used to wrap a MAC key as follows:

from cwt import COSE, COSEKey, Recipient

# The sender side:
mac_key = COSEKey.from_symmetric_key(alg="HS512")
r = Recipient.from_jwk(
    {
        "kid": "01",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",  # A shared wrapping key
    },
)
r.apply(mac_key)
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(b"Hello world!", key=mac_key, recipients=[r])

# The recipient side:
shared_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "oct",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",
    },
)
assert b"Hello world!" == ctx.decode(encoded, shared_key)

Direct Key Agreement for MAC

The direct key agreement methods can be used to create a shared secret. A KDF (Key Distribution Function) is then applied to the shared secret to derive a key to be used to protect the data. The follwing example shows a simple way to make a COSE Encrypt message, verify and decode it with the direct key agreement methods (ECDH-ES+HKDF-256 with various curves).

from cwt import COSE, COSEKey, Recipient

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "EC",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "P-256",
    },
)
# The following key is provided by the recipient in advance.
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
    }
)
mac_key = r.apply(recipient_key=pub_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
    b"Hello world!",
    key=mac_key,
    recipients=[r],
)

# The recipient side:
# The following key is the private key of the above pub_key.
priv_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
    }
)
# The enc_key will be derived in decode() with priv_key and
# the sender's public key which is conveyed as the recipient
# information structure in the COSE Encrypt message (encoded).
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "HS256"})

Key Agreement with Key Wrap for MAC

from cwt import COSE, COSEKey, Recipient

# The sender side:
mac_key = COSEKey.from_symmetric_key(alg="HS256")
r = Recipient.from_jwk(
    {
        "kty": "EC",
        "alg": "ECDH-SS+A128KW",
        "crv": "P-256",
        "x": "7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
        "y": "DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
        "d": "Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
    }
)
pub_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
    }
)
r.apply(mac_key, recipient_key=pub_key, context={"alg": "HS256"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_mac(
    b"Hello world!",
    key=mac_key,
    recipients=[r],
)

# The recipient side:
priv_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "crv": "P-256",
        "alg": "ECDH-SS+A128KW",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
    }
)
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "HS256"})

COSE Encrypt0

Create a COSE Encrypt0 message, verify and decode it as follows:

from cwt import COSE, COSEKey

enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")
ctx = COSE.new(alg_auto_inclusion=True, kid_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(b"Hello world!", enc_key)
decoded = ctx.decode(encoded, enc_key)

COSE Encrypt

Direct Key Distribution for encryption

The direct key distribution shares a MAC key between the sender and the recipient that is used directly. The follwing example shows the simplest way to make a COSE MAC message, verify and decode it with the direct key distribution method.

from cwt import COSE, COSEKey, Recipient

enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305", kid="01")

# The sender side:
nonce = enc_key.generate_nonce()
r = Recipient.from_jwk({"alg": "direct"})
r.apply(enc_key)
ctx = COSE.new()
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    enc_key,
    nonce=nonce,
    recipients=[r],
)

# The recipient side:
assert b"Hello world!" == ctx.decode(encoded, enc_key)

Direct Key with KDF for encryption

from cwt import COSE, COSEKey, Recipient

shared_material = token_bytes(32)
shared_key = COSEKey.from_symmetric_key(shared_material, kid="01")

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "oct",
        "alg": "direct+HKDF-SHA-256",
    },
)
enc_key = r.apply(shared_key, context={"alg": "A256GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    key=enc_key,
    recipients=[r],
)
# The recipient side:
assert b"Hello world!" == ctx.decode(encoded, shared_key, context={"alg": "A256GCM"})

AES Key Wrap for encryption

The AES key wrap algorithm can be used to wrap a MAC key as follows:

from cwt import COSE, COSEKey, Recipient

# The sender side:
r = Recipient.from_jwk(
    {
        "kid": "01",
        "kty": "oct",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",  # A shared wrapping key
    },
)
enc_key = COSEKey.from_symmetric_key(alg="ChaCha20/Poly1305")
r.apply(enc_key)
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(b"Hello world!", key=enc_key, recipients=[r])

# The recipient side:
shared_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "oct",
        "alg": "A128KW",
        "k": "hJtXIZ2uSN5kbQfbtTNWbg",
    },
)
assert b"Hello world!" == ctx.decode(encoded, shared_key)

Direct Key Agreement for encryption

The direct key agreement methods can be used to create a shared secret. A KDF (Key Distribution Function) is then applied to the shared secret to derive a key to be used to protect the data. The follwing example shows a simple way to make a COSE Encrypt message, verify and decode it with the direct key agreement methods (ECDH-ES+HKDF-256 with various curves).

from cwt import COSE, COSEKey, Recipient

# The sender side:
r = Recipient.from_jwk(
    {
        "kty": "OKP",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "X25519",
    },
)
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "OKP",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "X25519",
        "x": "y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
    }
)
enc_key = r.apply(recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    key=enc_key,
    recipients=[r],
)

# The recipient side:
priv_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "OKP",
        "alg": "ECDH-ES+HKDF-256",
        "crv": "X25519",
        "x": "y3wJq3uXPHeoCO4FubvTc7VcBuqpvUrSvU6ZMbHDTCI",
        "d": "vsJ1oX5NNi0IGdwGldiac75r-Utmq3Jq4LGv48Q_Qc4",
    }
)
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})

Key Agreement with Key Wrap for encryption

from cwt import COSE, COSEKey, Recipient

# The sender side:
enc_key = COSEKey.from_symmetric_key(alg="A128GCM")
nonce = enc_key.generate_nonce()
r = Recipient.from_jwk(
    {
        "kty": "EC",
        "alg": "ECDH-SS+A128KW",
        "crv": "P-256",
        "x": "7cvYCcdU22WCwW1tZXR8iuzJLWGcd46xfxO1XJs-SPU",
        "y": "DzhJXgz9RI6TseNmwEfLoNVns8UmvONsPzQDop2dKoo",
        "d": "Uqr4fay_qYQykwcNCB2efj_NFaQRRQ-6fHZm763jt5w",
    }
)
pub_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
    }
)
r.apply(enc_key, recipient_key=pub_key, context={"alg": "A128GCM"})
ctx = COSE.new(alg_auto_inclusion=True)
encoded = ctx.encode_and_encrypt(
    b"Hello world!",
    key=enc_key,
    nonce=nonce,
    recipients=[r],
)

# The recipient side:
priv_key = COSEKey.from_jwk(
    {
        "kid": "[email protected]",
        "kty": "EC",
        "alg": "ECDH-SS+A128KW",
        "crv": "P-256",
        "x": "Ze2loSV3wrroKUN_4zhwGhCqo3Xhu1td4QjeQ5wIVR0",
        "y": "HlLtdXARY_f55A3fnzQbPcm6hgr34Mp8p-nuzQCE0Zw",
        "d": "r_kHyZ-a06rmxM3yESK84r1otSg-aQcVStkRhA-iCM8",
    }
)
assert b"Hello world!" == ctx.decode(encoded, priv_key, context={"alg": "A128GCM"})

COSE Signature1

Create a COSE Signature1 message, verify and decode it as follows:

from cwt import COSE, COSEKey, Signer

# The sender side:
signer = Signer.new(
    cose_key=COSEKey.from_jwk(
        {
            "kid": "01",
            "kty": "EC",
            "crv": "P-256",
            "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
            "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
            "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM",
        }
    ),
    protected={"alg": "ES256"},
    unprotected={"kid": "01"},
)
ctx = COSE.new()
encoded = ctx.encode_and_sign(b"Hello world!", signers=[signer])

# The recipient side:
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "crv": "P-256",
        "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
        "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
    }
)
assert b"Hello world!" == ctx.decode(encoded, pub_key)

COSE Signature

Create a COSE Signature message, verify and decode it as follows:

from cwt import COSE, COSEKey, Signer

# The sender side:
signer = Signer.new(
    cose_key=COSEKey.from_jwk(
        {
            "kid": "01",
            "kty": "EC",
            "crv": "P-256",
            "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
            "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
            "d": "V8kgd2ZBRuh2dgyVINBUqpPDr7BOMGcF22CQMIUHtNM",
        }
    ),
    protected={1: -7},
    unprotected={4: b"01"},
)
ctx = COSE.new()
encoded = ctx.encode_and_sign(b"Hello world!", signers=[signer])

# The recipient side:
pub_key = COSEKey.from_jwk(
    {
        "kid": "01",
        "kty": "EC",
        "crv": "P-256",
        "x": "usWxHK2PmfnHKwXPS54m0kTcGJ90UiglWiGahtagnv8",
        "y": "IBOL-C3BttVivg-lSreASjpkttcsz-1rb7btKLv8EX4",
    }
)
assert b"Hello world!" == ctx.decode(encoded, pub_key)

API Reference

See Documentation.

Supported CWT Claims

See Documentation.

Supported COSE Algorithms

See Documentation.

Referenced Specifications

Python CWT is (partially) compliant with following specifications:

Tests

You can run tests from the project root after cloning with:

$ tox

Contributing

We welcome all kind of contributions, filing issues, suggesting new features or sending PRs.

Comments
  • Some EUDCC certificates can't be decoded

    Some EUDCC certificates can't be decoded

    Hi,

    I've got issues with some RSA type public keys for EUDCC decoding. I've tried the same certificate with https://github.com/panzi/verify-ehc, and it decodes the swiss certificate properly using the given certificate. Bildschirmfoto vom 2021-12-13 23-47-26

    python-cwt returns a validation error for the RSA key. Most other keys seem to work.

    The following is the offending key.

    	"Ll3NP03zOxY=": {
    		"serialNumber": "1479dce89e848ba6077c57b16f925eca",
    		"subject": "C=CH, ST=Bern, L=Köniz, 2.5.4.15=Government Entity, 2.5.4.97=NTRCH-CHE-467.023.568, O=Bundesamt für Gesundheit (BAG), OU=GE-0220-BAG, OU=Taskforce BAG Covid-19, CN=COVID-certificate-CH-21-05",
    		"issuer": "C=CH, 2.5.4.97=VATCH-CHE-221.032.573, O=Bundesamt fuer Informatik und Telekommunikation (BIT), OU=Swiss Government PKI, CN=Swiss Government Regulated CA 02",
    		"notBefore": "2021-05-20T10:04:31.000Z",
    		"notAfter": "2024-05-20T10:04:31.000Z",
    		"signatureAlgorithm": "RSASSA-PKCS1-v1_5",
    		"fingerprint": "a572445c2c1d3ced7689963caf2c0e763778c024",
    		"publicKeyAlgorithm": {
    			"hash": {
    				"name": "SHA-256"
    			},
    			"name": "RSASSA-PKCS1-v1_5",
    			"publicExponent": {
    				"0": 1,
    				"1": 0,
    				"2": 1
    			},
    			"modulusLength": 2048
    		},
    		"publicKeyPem": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtk/51stJXU48RqD2lh4IdsxFrjlJfmTCrLr3cQNEXkrEoI3OEV8NnotE1RjVmQrqLTT04oxpWlcbMolXtJBtu3rOiLNwQvyVEbj/xSc6KT84Tp7GBo1P/kkunY+Vmab6HUCV/oGZYmsdiUP/OnTPX6Wy6delDhnrgHIDti73/TSsG7Zl1V6km7+KIkjAkVCEDkkUD7uffd4G+GBZ0B9F1KOT0IcFQNvDm0zlROVoGFlmPS8DWlrLHuIdMbB281uiDjcN+kNUt7rUyyj6TFgX9WCgEB/5mQBMRaaXK1zeDTaNkmC2S7IWxhMQsMBXJyAdbD9AnQOZc6XRjBauO7gz0wIDAQAB"
    	},
    
    opened by merlinschumacher 7
  • Bump tox from 4.0.14 to 4.0.15

    Bump tox from 4.0.14 to 4.0.15

    Bumps tox from 4.0.14 to 4.0.15.

    Release notes

    Sourced from tox's releases.

    4.0.15

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.14...4.0.15

    Changelog

    Sourced from tox's changelog.

    v4.0.15 (2022-12-19)

    Bugfixes - 4.0.15

    - Fix tox auto-provisioning not working and relax :ref:`min_version` default from ``4.0`` to no version constraint
      - by user:`gaborbernat`. (:issue:`2634`)
    - Fix assertion in ``test_result_json_sequential`` when interpreter ``_base_executable`` is a hardlink (macOS homebrew)
      - by user:`masenf`. (:issue:`2720`)
    - Complex negative factor filters not working  - by user:`gaborbernat`. (:issue:`2747`)
    
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 4.0.8 to 4.0.9

    Bump tox from 4.0.8 to 4.0.9

    Bumps tox from 4.0.8 to 4.0.9.

    Release notes

    Sourced from tox's releases.

    4.0.9

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.8...4.0.9

    Changelog

    Sourced from tox's changelog.

    v4.0.9 (2022-12-13)

    Features - 4.0.9

    - Add :meth:`tox_on_install <tox.plugin.spec.tox_on_install>` and
      :meth:`tox_env_teardown <tox.plugin.spec.tox_env_teardown>` plugin hooks - by :user:`gaborbernat`. (:issue:`2687`)
    - Add ``PKG_CONFIG_PATH`` to the default pass through environment list for python tox environments -
      by :user:`gaborbernat`. (:issue:`2700`)
    
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 3.27.1 to 4.0.3

    Bump tox from 3.27.1 to 4.0.3

    Bumps tox from 3.27.1 to 4.0.3.

    Release notes

    Sourced from tox's releases.

    4.0.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.2...4.0.3

    4.0.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.1...4.0.2

    4.0.1

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0...4.0.1

    4.0.0

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc4...4.0.0

    4.0.0rc4

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc3...4.0.0rc4

    4.0.0rc3

    What's Changed

    ... (truncated)

    Changelog

    Sourced from tox's changelog.

    v4.0.3 (2022-12-08)

    Bugfixes - 4.0.3

    - Always set environment variable ``PYTHONIOENCODING`` to ``utf-8`` to ensure tox works under Windows custom encodings
      - by :user:`gaborbernat`. (:issue:`2422`)
    - Ensure :ref:`change_dir` is created if does not exist before executing :ref:`commands` - by :user:`gaborbernat`. (:issue:`2620`)
    - Pass through ``NUMBER_OF_PROCESSORS`` on Windows as is needed for ``multiprocessing.cpu_count`` -
      by :user:`gaborbernat`. (:issue:`2629`)
    - The core tox configuration now contains ``host_python`` key showing the host python executable path -
      by :user:`gaborbernat`. (:issue:`2630`)
    

    Improved Documentation - 4.0.3

    • Document that space separator is no longer valid for the :ref:passenv and instead one should use comma - by :user:gaborbernat. (:issue:2615)
    • Document necessity to escape # within INI configuration - by :user:jugmac00. (:issue:2617)

    v4.0.2 (2022-12-07)

    Bugfixes - 4.0.2

    - Unescaped comma in substitution should not be replaced during INI expansion - by :user:`gaborbernat`. (:issue:`2616`)
    - ``tox --showconfig -e py311`` reports tox section, though it should not - by :user:`gaborbernat`. (:issue:`2624`)
    

    v4.0.1 (2022-12-07)

    Bugfixes - 4.0.1

    • Create session views of the build wheel/sdist into the :ref:temp_dir folder - by :user:gaborbernat. (:issue:2612)
    • Default tox min_version to 4.0 instead of current tox version - by :user:gaborbernat. (:issue:2613)

    v4.0.0 (2022-12-07)

    Bugfixes - 4.0.0

    - The temporary folder within the tox environment was named ``.temp`` instead of ``.tmp`` - by :user:`gaborbernat`. (:issue:`2608`)
    

    Improved Documentation - 4.0.0

    • Enumerate breaking changes of tox 4 in the FAQ, and also list major new improvements - by :user:gaborbernat. (:issue:2587)
    • Document in the FAQ that tox 4 will raise a warning when finding conflicting environment names - by :user:gaborbernat. (:issue:2602)

    ... (truncated)

    Commits
    • 95084f2 release 4.0.3
    • 8894ee9 Pass through NUMBER_OF_PROCESSORS on Windows (#2647)
    • a9bfef3 Set always PYTHONIOENCODING to utf-8 (#2646)
    • ab5ea45 Show host python under core section as constant (#2644)
    • 31ad830 Ensure change_dir is created before running commands (#2643)
    • 267d327 Document necessity to escape # sign used in commands (#2621)
    • 4c485f8 Merge pull request #2627 from tox-dev/release-4.0.2
    • 5c0863c release 4.0.2
    • 98830e4 Unescaped comma in substitution should not be replaced during INI expansion (...
    • 3661b94 tox --showconfig -e py shows core configs (#2625)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 3.27.1 to 4.0.2

    Bump tox from 3.27.1 to 4.0.2

    Bumps tox from 3.27.1 to 4.0.2.

    Release notes

    Sourced from tox's releases.

    4.0.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.1...4.0.2

    4.0.1

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0...4.0.1

    4.0.0

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc4...4.0.0

    4.0.0rc4

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc3...4.0.0rc4

    4.0.0rc3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.0rc2...4.0.0rc3

    4.0.0rc2

    What's Changed

    ... (truncated)

    Changelog

    Sourced from tox's changelog.

    v4.0.2 (2022-12-07)

    Bugfixes - 4.0.2

    - Unescaped comma in substitution should not be replaced during INI expansion - by :user:`gaborbernat`. (:issue:`2616`)
    - ``tox --showconfig -e py311`` reports tox section, though it should not - by :user:`gaborbernat`. (:issue:`2624`)
    

    v4.0.1 (2022-12-07)

    Bugfixes - 4.0.1

    • Create session views of the build wheel/sdist into the :ref:temp_dir folder - by :user:gaborbernat. (:issue:2612)
    • Default tox min_version to 4.0 instead of current tox version - by :user:gaborbernat. (:issue:2613)

    v4.0.0 (2022-12-07)

    Bugfixes - 4.0.0

    - The temporary folder within the tox environment was named ``.temp`` instead of ``.tmp`` - by :user:`gaborbernat`. (:issue:`2608`)
    

    Improved Documentation - 4.0.0

    • Enumerate breaking changes of tox 4 in the FAQ, and also list major new improvements - by :user:gaborbernat. (:issue:2587)
    • Document in the FAQ that tox 4 will raise a warning when finding conflicting environment names - by :user:gaborbernat. (:issue:2602)

    v4.0.0rc4 (2022-12-06)

    Bugfixes - 4.0.0rc4

    - Fix extras not being kept for install dependencies - by :user:`gaborbernat`. (:issue:`2603`)
    

    Deprecations and Removals - 4.0.0rc4

    • Remove deprecated configuration option whitelist_externals which was replaced by allowlist_externals - by :user:jugmac00. (:issue:2599)

    v4.0.0rc3 (2022-12-05)

    Features - 4.0.0rc3

    - Add ``--exit-and-dump-after`` flag that allows automatically killing tox if does not finish within the passed seconds,
      and dump the thread stacks (useful to debug tox when it seemingly hangs) - by :user:`gaborbernat`. (:issue:`2595`)
    </tr></table> 
    

    ... (truncated)

    Commits
    • 5c0863c release 4.0.2
    • 98830e4 Unescaped comma in substitution should not be replaced during INI expansion (...
    • 3661b94 tox --showconfig -e py shows core configs (#2625)
    • 871d091 Merge pull request #2623 from tox-dev/release-4.0.1
    • cc2ff1d release 4.0.1
    • 2476e95 Create session views of the build wheel/sdist into temp_dir (#2614)
    • 6305d9a Default tox min_version to 4.0 instead of current tox version (#2613)
    • 554bd0a Update faq.rst
    • 60d4e25 Merge pull request #2609 from tox-dev/release-4.0.0
    • c63ee4a release 4.0.0
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 3.27.0 to 3.27.1

    Bump tox from 3.27.0 to 3.27.1

    Bumps tox from 3.27.0 to 3.27.1.

    Release notes

    Sourced from tox's releases.

    3.27.1

    What's Changed

    New Contributors

    Full Changelog: https://github.com/tox-dev/tox/compare/3.27.0...3.27.1

    Changelog

    Sourced from tox's changelog.

    v3.27.1 (2022-11-13)

    Bugfixes ^^^^^^^^

    • Replaced deprecated license_file key with license_files in setup.cfg -- by :user:mgorny. [#2521](https://github.com/tox-dev/tox/issues/2521) <https://github.com/tox-dev/tox/issues/2521>_
    • Add env cleanup to envreport - fix PYTHONPATH leak into "envreport" -- by :user:f3flight. [#2528](https://github.com/tox-dev/tox/issues/2528) <https://github.com/tox-dev/tox/issues/2528>_
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump sphinx from 5.2.3 to 5.3.0

    Bump sphinx from 5.2.3 to 5.3.0

    Bumps sphinx from 5.2.3 to 5.3.0.

    Release notes

    Sourced from sphinx's releases.

    v5.3.0

    Changelog: https://www.sphinx-doc.org/en/master/changes.html

    Changelog

    Sourced from sphinx's changelog.

    Release 5.3.0 (released Oct 16, 2022)

    • #10759: LaTeX: add :confval:latex_table_style and support the 'booktabs', 'borderless', and 'colorrows' styles. (thanks to Stefan Wiehler for initial pull requests #6666, #6671)
    • #10840: One can cross-reference including an option value like :option:`--module=foobar```, :option:--module[=foobar]``` or ``:option:--module foobar```. Patch by Martin Liska.
    • #10881: autosectionlabel: Record the generated section label to the debug log.
    • #10268: Correctly URI-escape image filenames.
    • #10887: domains: Allow sections in all the content of all object description directives (e.g. :rst:dir:py:function). Patch by Adam Turner
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump cryptography from 37.0.4 to 38.0.0

    Bump cryptography from 37.0.4 to 38.0.0

    Bumps cryptography from 37.0.4 to 38.0.0.

    Changelog

    Sourced from cryptography's changelog.

    38.0.0 - 2022-09-06

    
    * Final deprecation of OpenSSL 1.1.0. The next release of ``cryptography``
      will drop support.
    * We no longer ship ``manylinux2010`` wheels. Users should upgrade to the
      latest ``pip`` to ensure this doesn't cause issues downloading wheels on
      their platform. We now ship ``manylinux_2_28`` wheels for users on new
      enough platforms.
    * Updated the minimum supported Rust version (MSRV) to 1.48.0, from 1.41.0.
      Users with the latest ``pip`` will typically get a wheel and not need Rust
      installed, but check :doc:`/installation` for documentation on installing a
      newer ``rustc`` if required.
    * :meth:`~cryptography.fernet.Fernet.decrypt` and related methods now accept
      both ``str`` and ``bytes`` tokens.
    * Parsing ``CertificateSigningRequest`` restores the behavior of enforcing
      that the ``Extension`` ``critical`` field must be correctly encoded DER. See
      `the issue <https://github.com/pyca/cryptography/issues/6368>`_ for complete
      details.
    * Added two new OpenSSL functions to the bindings to support an upcoming
      ``pyOpenSSL`` release.
    * When parsing :class:`~cryptography.x509.CertificateRevocationList` and
      :class:`~cryptography.x509.CertificateSigningRequest` values, it is now
      enforced that the ``version`` value in the input must be valid according to
      the rules of :rfc:`2986` and :rfc:`5280`.
    * Using MD5 or SHA1 in :class:`~cryptography.x509.CertificateBuilder` and
      other X.509 builders is deprecated and support will be removed in the next
      version.
    * Added additional APIs to
      :class:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp`, including
      :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_hash_algorithm`,
      :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature_algorithm`,
      :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.signature`, and
      :attr:`~cryptography.x509.certificate_transparency.SignedCertificateTimestamp.extension_bytes`.
    * Added :attr:`~cryptography.x509.Certificate.tbs_precertificate_bytes`, allowing
      users to access the to-be-signed pre-certificate data needed for signed
      certificate timestamp verification.
    * :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFHMAC` and
      :class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC` now support
      :attr:`~cryptography.hazmat.primitives.kdf.kbkdf.CounterLocation.MiddleFixed`
      counter location.
    * Fixed :rfc:`4514` name parsing to reverse the order of the RDNs according
      to the section 2.1 of the RFC, affecting method
      :meth:`~cryptography.x509.Name.from_rfc4514_string`.
    * It is now possible to customize some aspects of encryption when serializing
      private keys, using
      :meth:`~cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder`.
    * Removed several legacy symbols from our OpenSSL bindings. Users of pyOpenSSL
      versions older than 22.0 will need to upgrade.
    * Added
    </tr></table> 
    

    ... (truncated)

    Commits
    • 52d6f1a version bump for 38 release (#7567)
    • 8c687e6 Bump rust-asn1 to 0.12.1 (#7564)
    • aca4b10 Bump rust-asn1 to 0.12.0 (#7563)
    • 1742975 support setting more PKCS12 serialization encryption options (#7560)
    • abb1f54 Bump once_cell from 1.13.1 to 1.14.0 in /src/rust (#7559)
    • 01a0e3b Bump BoringSSL version to 8462a367bb57e9524c3d8eca9c62733c63a63cf4 (#7558)
    • 35a965f Bump ouroboros from 0.15.3 to 0.15.4 in /src/rust (#7557)
    • 9a208e1 Bump BoringSSL version to 19009c51bff0706362e824f66a0b189326a1c27d (#7555)
    • b342224 Bump iana-time-zone from 0.1.46 to 0.1.47 in /src/rust (#7552)
    • edd1e69 attempt to fix josepy tests by pinning poetry (#7553)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump asn1crypto from 1.4.0 to 1.5.0

    Bump asn1crypto from 1.4.0 to 1.5.0

    Bumps asn1crypto from 1.4.0 to 1.5.0.

    Changelog

    Sourced from asn1crypto's changelog.

    1.5.0

    • Fix tsp.TimeStampAndCRL to be a core.Sequence instead of a core.SequenceOf via @​joernheissler
    • Added OIDs for Edwards curves from RFC 8410 - via @​MatthiasValvekens
    • Fixed convenience attributes on algos.EncryptionAlgorithm when the algorithm is RC2 via @​joernheissler
    • Added Microsoft OIDs microsoft_enrollment_csp_provider (1.3.6.1.4.1.311.13.2.2), microsoft_os_version (1.3.6.1.4.1.311.13.2.3) and microsoft_request_client_info (1.3.6.1.4.1.311.21.20) to csr.CSRAttributeType along with supporting extension structures via @​qha
    • Added Microsoft OID microsoft_enroll_certtype (1.3.6.1.4.1.311.20.2) to x509.ExtensionId via @​qha
    • Fixed a few bugs with parsing indefinite-length encodings via @​davidben
    • Added various bounds checks to parsing engine via @​davidben
    • Fixed a bug with tags not always being minimally encoded via @​davidben
    • Fixed cms.RoleSyntax, cms.SecurityCategory and cms.AttCertIssuer to have explicit instead of implicit tagging via @​MatthiasValvekens
    • Fixed tagging of, and default value for fields in cms.Clearance via @​MatthiasValvekens
    • Fixed calling .dump(force=True) when the value has undefined/unknown core.Sequence fields. Previously the value would be truncated, now the existing encoding is preserved.
    • Added sMIME capabilities (1.2.840.113549.1.9.15) support from RFC 2633 to cms.CMSAttribute via Hellzed
    Commits
    • 47f7588 Version 1.5.0
    • 9e067d2 Fix dev/deps.py to work on Python 3.10
    • 557a900 Update copyright year in license
    • 6bad16e Add Python 3.10 to CI and docs
    • 4791c1e Update SMIMECapabilityIdentifier to use EncryptionAlgorithmId
    • 976dbba Add support for rfc2633 sMIME capabilities signed attr (#215)
    • 5a24aed Fix calling .dump(force=True) on a core.Sequence() with no field info
    • 6cffd3d Merge pull request #221 from isidroas/patch-1
    • 6250ee4 Merge pull request #220 from MatthiasValvekens/bugfix/attcertissuer-tagging-fix
    • f9133f0 Merge branch 'master' into bugfix/attcertissuer-tagging-fix
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump sphinx-autodoc-typehints from 1.19.5 to 1.20.0

    Bump sphinx-autodoc-typehints from 1.19.5 to 1.20.0

    Bumps sphinx-autodoc-typehints from 1.19.5 to 1.20.0.

    Release notes

    Sourced from sphinx-autodoc-typehints's releases.

    1.20.0

    What's Changed

    New Contributors

    Full Changelog: https://github.com/tox-dev/sphinx-autodoc-typehints/compare/1.19.5...1.20.0

    Changelog

    Sourced from sphinx-autodoc-typehints's changelog.

    Changelog

    1.20

    • Use hatchling instead of setuptools
    • Add support for typing.ParamSpec
    • Allow star prefixes for parameter names in docstring

    1.19.2

    • Fix incorrect domain used for collections.abc.Callable.

    1.19.1

    • Fix bug for recursive type alias.

    1.19.0

    1.18.3

    • Support and require nptyping>=2.1.2

    1.18.2

    • Support and require nptyping>=2.1.1

    1.18.1

    • Fix mocked module import not working when used as guarded import

    1.18.0

    • Support and require nptyping>=2
    • Handle UnionType

    1.17.1

    • Mark it as requiring nptyping<2

    1.17.0

    • Add typehints_use_rtype option
    • Handles TypeError when getting source code via inspect

    1.16.0

    • Add support for type subscriptions with multiple elements, where one or more elements are tuples; e.g.,

    ... (truncated)

    Commits
    • 32dc422 Added options to retain original typehints in signatures (#278)
    • 477c438 Bump pypa/gh-action-pypi-publish from 1.6.1 to 1.6.4 (#273)
    • 7ec1a6c Bump pypa/gh-action-pypi-publish from 1.5.2 to 1.6.1 (#271)
    • c61094f Bump pypa/gh-action-pypi-publish from 1.5.1 to 1.5.2 (#270)
    • 7e467a1 [pre-commit.ci] pre-commit autoupdate (#268)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.2.3 to 4.2.4

    Bump tox from 4.2.3 to 4.2.4

    Bumps tox from 4.2.3 to 4.2.4.

    Release notes

    Sourced from tox's releases.

    4.2.4

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.3...4.2.4

    Changelog

    Sourced from tox's changelog.

    v4.2.4 (2023-01-05)

    Bugfixes - 4.2.4

    - Setting ``[testenv] basepython = python3`` will no longer override the Python interpreter version requested by a factor,
      such as ``py311`` - by :user:`stephenfin`. (:issue:`2754`)
    - Also accept tab after colon before factor filter expansion - by :user:`pdecat`. (:issue:`2823`)
    
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump sphinx-autodoc-typehints from 1.20.0 to 1.20.1

    Bump sphinx-autodoc-typehints from 1.20.0 to 1.20.1

    Bumps sphinx-autodoc-typehints from 1.20.0 to 1.20.1.

    Release notes

    Sourced from sphinx-autodoc-typehints's releases.

    1.20.1

    What's Changed

    Full Changelog: https://github.com/tox-dev/sphinx-autodoc-typehints/compare/1.20.0...1.20.1

    Changelog

    Sourced from sphinx-autodoc-typehints's changelog.

    1.20.1

    • Fixed default options not displaying for parameters without type hints.

    1.20

    • Use hatchling instead of setuptools
    • Add support for typing.ParamSpec
    • Allow star prefixes for parameter names in docstring

    1.19.2

    • Fix incorrect domain used for collections.abc.Callable.

    1.19.1

    • Fix bug for recursive type alias.

    1.19.0

    1.18.3

    • Support and require nptyping>=2.1.2

    1.18.2

    • Support and require nptyping>=2.1.1

    1.18.1

    • Fix mocked module import not working when used as guarded import

    1.18.0

    • Support and require nptyping>=2
    • Handle UnionType

    1.17.1

    • Mark it as requiring nptyping<2

    1.17.0

    • Add typehints_use_rtype option
    • Handles TypeError when getting source code via inspect

    1.16.0

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.2.4 to 4.2.6

    Bump tox from 4.2.4 to 4.2.6

    Bumps tox from 4.2.4 to 4.2.6.

    Release notes

    Sourced from tox's releases.

    4.2.6

    What's Changed

    • Handle properly pip --no-binary / --only-binary options in requirements.txt format files. by @​q0w in tox-dev/tox#2834

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.5...4.2.6

    4.2.5

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.4...4.2.5

    Changelog

    Sourced from tox's changelog.

    v4.2.6 (2023-01-06)

    Bugfixes - 4.2.6

    - Handle properly pip ``--no-binary`` / ``--only-binary`` options in requirements.txt format files. (:issue:`2814`)
    

    v4.2.5 (2023-01-06)

    Bugfixes - 4.2.5

    • The combination of usedevelop = true and --skip-missing-interpreters=false will no longer fail for environments that were not invoked - by :user:stephenfin. (:issue:2811)
    • Fix an attribute error when use_develop = true is set and an unsupported interpreter version is requested - by :user:stephenfin. (:issue:2826)
    • tox returns a non-zero error code if all envs are skipped. It will now correctly do this if only a single env was requested and this was skipped - by :user:stephenfin. (:issue:2827)
    Commits
    • fd866d5 release 4.2.6
    • e9d6e63 Handle properly pip --no-binary / --only-binary options in requirements.txt f...
    • b9b4d02 release 4.2.5
    • c790c60 Fix various issues with missing interpreters (#2828)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
Releases(v2.2.0)
Owner
Ajitomi Daisuke
Software developer. My repositories are not related to the company to which I belong except for W3C activity (e.g., HTTPS in Local Network).
Ajitomi Daisuke
The (Python-based) mining software required for the Game Boy mining project.

The (Python-based) mining software required for the Game Boy mining project.

Ghidra Ninja 31 Nov 04, 2022
wdepy: Decryption and Inspection for PGP WDE Disks

This is a small python tool to inspect and decrypt disk images encrypted with PGP Whole Disk Encryption (including the Symantec-branded versions like Symantec Drive Encryption). It takes advantage of

Brendan Dolan-Gavitt 17 Oct 07, 2022
Electrum - Lightweight Vertcoin client

Electrum - Lightweight Vertcoin client Electrum-VTC is a rebase of upstream Electrum and pulls in updates regularly. Donate VTC to support this work:

Vertcoin 4 Oct 14, 2022
Active github repos of all cryptocurrencies

This repo is to maintain the list of active repositories for all cryptocurrencies that https://codemask.org uses. The active list will be automaticall

CodeMask 5 May 20, 2022
Basic Ethereum Miner Lib

EthMine ⛏ Basic Ethereum Miner Library. Developers can integrate this algorithm to mine blocks from their ethereum supported chain efficiently. Instal

Jaival Patel 1 Oct 30, 2021
😈 Shining is a tool that enables engineers to remotely pull smart contract code in multi-file situations.

👑 Shining 😈 Shining is a tool that enables engineers to remotely pull smart contract code in multi-file situations. Shining is the name of one of my

xxxeyJ 15 Jun 17, 2022
This python module can analyse cryptocurrency news for any number of coins given and return a sentiment. Can be easily integrated with a Trading bot to keep an eye on the news.

Python script that analyses news headline or body sentiment and returns the overall media sentiment of any given coin. It can take multiple coins an

185 Dec 22, 2022
gcrypter: an encryption algorithm based on bytes and their correspondent numbers to encode strings

gcrypter: an encryption algorithm based on bytes and their correspondent numbers to encode strings

Nuninha-GC 1 Jan 10, 2022
A simple Ethereum mining pool

A simple getWork pool for ethereum mining Payouts are still manual. TODO: write payouts when someone mines 10 blocks. Also, make the submit actually

93 Oct 05, 2022
Simple python crypto bot to trade crypto on Binance based on RSI. Utilizing web sockets to get real-time prices

Py Crypto Bot Using Binance WebSocket API to get real-time price data for cryptocurrencies. Using the TA-Lib library to calculate the RSI and execute

Kennedy Ngugi Mwaura 15 Jan 04, 2023
Pool funds to bootstrap a Uniswap pair

Seed liquidity A contract to pool funds which are then used to boostrap a new Uniswap liquidity pair. Specification A new SeedLiquidity contract is de

66 Dec 09, 2022
Smart-contracts - open sourcing our upcoming smart contracts for better security and transparency

Smart-contracts - open sourcing our upcoming smart contracts for better security and transparency

Rand Gallery 16 Jul 10, 2022
Tools for running airdrop and token distribution campaigns on the Solana blockchain.

Overview This repository contains some of the scripts we have used for running our airdrop campaigns and other distributions. Initially, all of these

147 Nov 17, 2022
Aza this is a text encryption software

Aza text encryptor General info Aza this is a text encryption software Help command: python aza.py --help Examples python aza.py --text "Sample text h

ToxidWorm 1 Sep 10, 2022
Recover bitcon brainwallet

Bitcoin brainwallet recovery tool If you like it give it a star Programmed in Python | PySimpleGUI How it works From seed phrase create bitcoin privat

Adrijan 20 Dec 15, 2022
Lottery by Ethereum Blockchain

Lottery by Ethereum Blockchain Set your web3 provider url in .env PROVIDER=https://mainnet.infura.io/v3/YOUR-INFURA-TOKEN Create your source file .

John Torres 3 Dec 23, 2021
DIY gravity falls cryptograms made with python

ciphers-cryptograms some diy code to implementing ciphers-cryptograms from gravity falls with python, it's fun tho Algorithm or ciphers list Caesar At

Muhammad Asthi Seta Ari Yuwana 3 Jun 26, 2022
一个关于摩斯密码解密与加密的库 / A library about encoding and decoding Morse code.

Morsecoder By Lemonix 介绍 一个关于摩斯密码解密与加密的库

Heat Studio 10 Jun 28, 2022
PyCrypter , A Tool To Encrypt/Decrypt Text/Code With Ease And Safe Using Password !

PyCrypter PyCrypter , A Tool To Encrypt/Decrypt Text/Code With Ease And Safe Using Password ! Requirements pyfiglet And colorama Usage First Clone The

1 Nov 12, 2021
Discord webhooks for alerting crypto currency price changes & historical data.

Crypto-Discord Discord Webhooks for alerting crypto currency price changes & historical data. Create virtual environment and install requirements. $ s

Филип Арсовски 1 Sep 02, 2022