1. Forum
  2. Newsgroups
  3. comp.lang.python.announce

  • [Python-announce] PyCA cryptography 43.0.0 released

    From Paul Kehrer@paul.l.kehrer@gmail.com to comp.lang.python.announce on Sat Jul 20 09:40:06 2024
    From Newsgroup: comp.lang.python.announce

    PyCA cryptography 43.0.0 has been released to PyPI. cryptography
    includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric
    algorithms, message digests, X.509, key derivation functions, and much
    more. We support Python 3.7+, and PyPy3 7.3.10+.
    Changelog (https://cryptography.io/en/latest/changelog/#v43-0-0)
    * BACKWARDS INCOMPATIBLE: Support for OpenSSL less than 1.1.1e has
    been removed. Users on older version of OpenSSL will need to upgrade.
    * BACKWARDS INCOMPATIBLE: Dropped support for LibreSSL < 3.8.
    * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.1.
    * Updated the minimum supported Rust version (MSRV) to 1.65.0, from 1.63.0.
    * generate_private_key() now enforces a minimum RSA key size of
    1024-bit. Note that 1024-bit is still considered insecure, users
    should generally use a key size of 2048-bits.
    * serialize_certificates() now emits ASN.1 that more closely follows
    the recommendations in RFC 2315.
    * Added new Decrepit cryptography module which contains outdated and
    insecure cryptographic primitives. CAST5, SEED, IDEA, and Blowfish,
    which were deprecated in 37.0.0, have been added to this module. They
    will be removed from the cipher module in 45.0.0.
    * Moved TripleDES and ARC4 into Decrepit cryptography and deprecated
    them in the cipher module. They will be removed from the cipher module
    in 48.0.0.
    * Added support for deterministic ECDSA (RFC 6979)
    * Added support for client certificate verification to the X.509 path validation APIs in the form of ClientVerifier, VerifiedClient, and PolicyBuilder build_client_verifier().
    * Added Certificate public_key_algorithm_oid and Certificate Signing
    Request public_key_algorithm_oid to determine the
    PublicKeyAlgorithmOID Object Identifier of the public key found inside
    the certificate.
    * Added invalidity_date_utc, a timezone-aware alternative to the naïve datetime attribute invalidity_date.
    * Added support for parsing empty DN string in from_rfc4514_string().
    * Added the following properties that return timezone-aware datetime
    objects: produced_at_utc(), revocation_time_utc(), this_update_utc(), next_update_utc(), revocation_time_utc(), this_update_utc(),
    next_update_utc(), These are timezone-aware variants of existing
    properties that return naïve datetime objects.
    * Added rsa_recover_private_exponent()
    * Added reset_nonce() for altering the nonce of a cipher context
    without initializing a new instance. See the docs for additional
    restrictions.
    * NameAttribute now raises an exception when attempting to create a
    common name whose length is shorter or longer than RFC 5280 permits.
    * Added basic support for PKCS7 encryption (including SMIME) via PKCS7EnvelopeBuilder.
    -Paul Kehrer (reaperhulk)
    --- Synchronet 3.20a-Linux NewsLink 1.114