mirror of
https://github.com/saymrwulf/cryptography.git
synced 2026-05-15 20:40:20 +00:00
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
57e0d44008
This was added in https://github.com/pyca/cryptography/pull/3546 for AIA chasing, but it doesn't seem to have ever been used. Moreover, I'm not sure this is safe for use with AIA chasing anyway. This callback replaces the built-in lookup within an X509_STORE, but certificates from an X509_STORE are "trusted" certificates: https://github.com/openssl/openssl/blob/openssl-3.2.0/crypto/x509/x509_vfy.c#L3184-L3198 While this does not automatically make it a trust anchor, it makes it eligible for being a trust anchor. Trust anchors are determined by some combination of out-of-band metadata (X509_add1_trust_object) and a "compatibility" step of whether the certificate is self-signed: https://man.openbsd.org/X509_check_trust.3 This means, if an application uses this callback to implement AIA fetching, in most configurations, if the (should be untrusted) AIA fetch returned any self-signed certificate, it would automatically be treated as a trust anchor! Remove this binding before someone inadvertently does this. |
||
|---|---|---|
| .github | ||
| docs | ||
| src | ||
| tests | ||
| vectors | ||
| .gitattributes | ||
| .gitignore | ||
| .readthedocs.yml | ||
| CHANGELOG.rst | ||
| ci-constraints-requirements.txt | ||
| CONTRIBUTING.rst | ||
| LICENSE | ||
| LICENSE.APACHE | ||
| LICENSE.BSD | ||
| MANIFEST.in | ||
| noxfile.py | ||
| pyproject.toml | ||
| README.rst | ||
| release.py | ||
pyca/cryptography
=================
.. image:: https://img.shields.io/pypi/v/cryptography.svg
:target: https://pypi.org/project/cryptography/
:alt: Latest Version
.. image:: https://readthedocs.org/projects/cryptography/badge/?version=latest
:target: https://cryptography.io
:alt: Latest Docs
.. image:: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
:target: https://github.com/pyca/cryptography/actions?query=workflow%3ACI+branch%3Amain
``cryptography`` is a package which provides cryptographic recipes and
primitives to Python developers. Our goal is for it to be your "cryptographic
standard library". It supports Python 3.7+ and PyPy3 7.3.11+.
``cryptography`` includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message digests, and
key derivation functions. For example, to encrypt something with
``cryptography``'s high level symmetric encryption recipe:
.. code-block:: pycon
>>> from cryptography.fernet import Fernet
>>> # Put this somewhere safe!
>>> key = Fernet.generate_key()
>>> f = Fernet(key)
>>> token = f.encrypt(b"A really secret message. Not for prying eyes.")
>>> token
b'...'
>>> f.decrypt(token)
b'A really secret message. Not for prying eyes.'
You can find more information in the `documentation`_.
You can install ``cryptography`` with:
.. code-block:: console
$ pip install cryptography
For full details see `the installation documentation`_.
Discussion
~~~~~~~~~~
If you run into bugs, you can file them in our `issue tracker`_.
We maintain a `cryptography-dev`_ mailing list for development discussion.
You can also join ``#pyca`` on ``irc.libera.chat`` to ask questions or get
involved.
Security
~~~~~~~~
Need to report a security issue? Please consult our `security reporting`_
documentation.
.. _`documentation`: https://cryptography.io/
.. _`the installation documentation`: https://cryptography.io/en/latest/installation/
.. _`issue tracker`: https://github.com/pyca/cryptography/issues
.. _`cryptography-dev`: https://mail.python.org/mailman/listinfo/cryptography-dev
.. _`security reporting`: https://cryptography.io/en/latest/security/