1. Forum
  2. Usenet
  3. COMP.LANG.PYTHON.ANNOUNCE

  • PyCA cryptography 3.0 released

    From Paul Kehrer@21:1/5 to All on Mon Jul 20 17:40:00 2020
    PyCA cryptography 3.0 has been released to PyPI. cryptography includes
    both high level recipes and low level interfaces to common
    cryptographic algorithms such as symmetric ciphers, asymmetric
    algorithms, message digests, X509, key derivation functions, and much
    more. We support Python 2.7, Python 3.5+, and PyPy.

    Changelog (https://cryptography.io/en/latest/changelog/#v3-0):
    * BACKWARDS INCOMPATIBLE: Removed support for passing an Extension
    instance to from_issuer_subject_key_identifier(), as per our
    deprecation policy.
    * BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0
    has been removed (2.9.1+ is still supported).
    * BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.9, macOS users
    must upgrade to 10.10 or newer.
    * BACKWARDS INCOMPATIBLE: RSA generate_private_key() no longer accepts public_exponent values except 65537 and 3 (the latter for legacy
    purposes).
    * BACKWARDS INCOMPATIBLE: X.509 certificate parsing now enforces that
    the version field contains a valid value, rather than deferring this
    check until version is accessed.
    * Deprecated support for Python 2. At the time there is no time table
    for actually dropping support, however we strongly encourage all users
    to upgrade their Python, as Python 2 no longer receives support from
    the Python core team.
    * Added support for OpenSSH serialization format for ec, ed25519, rsa
    and dsa private keys: load_ssh_private_key() for loading and OpenSSH
    for writing.
    * Added support for OpenSSH certificates to load_ssh_public_key().
    * Added encrypt_at_time() and decrypt_at_time() to Fernet.
    * Added support for the SubjectInformationAccess X.509 extension.
    * Added support for parsing SignedCertificateTimestamps in OCSP responses.
    * Added support for parsing attributes in certificate signing requests viaget_attribute_for_oid().
    * Added support for encoding attributes in certificate signing
    requests via add_attribute().
    * On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s
    built-in CSPRNG instead of its own OS random engine because these
    versions of OpenSSL properly reseed on fork.
    * Added initial support for creating PKCS12 files with serialize_key_and_certificates().

    -Paul Kehrer (reaperhulk)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)