Metadata-Version: 2.4
Name: securesystemslib
Version: 0.30.0
Summary: A library that provides cryptographic and general-purpose routines for Secure Systems Lab projects at NYU
Project-URL: Homepage, https://github.com/secure-systems-lab/securesystemslib
Project-URL: Source, https://github.com/secure-systems-lab/securesystemslib
Project-URL: Issues, https://github.com/secure-systems-lab/securesystemslib/issues
Author-email: "https://www.updateframework.com" <theupdateframework@googlegroups.com>
License: MIT
License-File: LICENSE
Keywords: cryptography,ecdsa,ed25519,keys,rsa,signatures
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Natural Language :: English
Classifier: Operating System :: MacOS :: MacOS X
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX
Classifier: Operating System :: POSIX :: Linux
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Topic :: Security
Classifier: Topic :: Software Development
Requires-Python: ~=3.8
Provides-Extra: awskms
Requires-Dist: boto3; extra == 'awskms'
Requires-Dist: botocore; extra == 'awskms'
Requires-Dist: cryptography>=40.0.0; extra == 'awskms'
Provides-Extra: azurekms
Requires-Dist: azure-identity; extra == 'azurekms'
Requires-Dist: azure-keyvault-keys; extra == 'azurekms'
Requires-Dist: cryptography>=40.0.0; extra == 'azurekms'
Provides-Extra: crypto
Requires-Dist: cryptography>=40.0.0; extra == 'crypto'
Provides-Extra: gcpkms
Requires-Dist: cryptography>=40.0.0; extra == 'gcpkms'
Requires-Dist: google-cloud-kms; extra == 'gcpkms'
Provides-Extra: hsm
Requires-Dist: asn1crypto; extra == 'hsm'
Requires-Dist: cryptography>=40.0.0; extra == 'hsm'
Requires-Dist: pykcs11; extra == 'hsm'
Provides-Extra: pynacl
Requires-Dist: pynacl>1.2.0; extra == 'pynacl'
Provides-Extra: pyspx
Requires-Dist: pyspx>=0.5.0; extra == 'pyspx'
Provides-Extra: sigstore
Requires-Dist: sigstore~=2.0; extra == 'sigstore'
Description-Content-Type: text/markdown

# securesystemslib

[![CI](https://github.com/secure-systems-lab/securesystemslib/workflows/Run%20Securesystemslib%20tests/badge.svg)](https://github.com/secure-systems-lab/securesystemslib/actions?query=workflow%3A%22Run+Securesystemslib+tests%22+branch%3Amain)
[![Documentation Status](https://readthedocs.org/projects/python-securesystemslib/badge/?version=latest)](https://python-securesystemslib.readthedocs.io/en/latest/?badge=latest)

Securesystemslib is a cryptography interface for signing and verifying digital
signatures. It is developed for the [TUF](https://theupdateframework.io) and
[in-toto](https://in-toto.io) projects: the key and signature containers are
compatible with metadata formats from those projects.

Under the hood, Securesystemslib can use various digital signing systems
(e.g. [cryptography](https://pypi.org/project/cryptography/), PIV hardware keys
and multiple cloud-based key management systems).

## Installation

The default installation supports [pure-Python `ed25519` signature
verification](https://github.com/pyca/ed25519) only. To enable other schemes and
signature creation, `securesystemslib` can be installed with *extras*. See
[pyproject.toml](pyproject.toml) for available *optional dependencies*.

```bash
# Install with ed25519, RSA, ECDSA sign and verify support
pip install securesystemslib[crypto]
```

```bash
# ...or with HSM (e.g. Yubikey) support
pip install securesystemslib[hsm]
```

## Usage
[python-securesystemslib.readthedocs.io](https://python-securesystemslib.readthedocs.io)

## Contact
- Questions and discussions:
  [`#securesystemslib-python`](https://cloud-native.slack.com/archives/C05PF3GA7AL)
  on [CNCF Slack](https://communityinviter.com/apps/cloud-native/cncf)
- Security issues: [*Report a vulnerability*](https://github.com/secure-systems-lab/securesystemslib/security/advisories/new)
- Other issues and requests: [*Open a new
  issue*](https://github.com/secure-systems-lab/securesystemslib/issues/new)

## Testing
`tox` is used for testing. It can be installed via
[pip](https://tox.wiki/en/4.9.0/installation.html#via-pip) and executed from the
command line in the root of the repository.

```bash
tox
```
