Merge pull request #325 from dajiaji/bump-to-v2_2_0

Bump up version to v2.2.0.

Author: dajiaji

CHANGES.rst

@@ -4,6 +4,24 @@ Changes
 Unreleased
 ----------
 
+Version 2.2.0
+-------------
+
+Released 2023-01-01
+
+- Add support for countersignatures. `#323 <https://github.com/dajiaji/python-cwt/pull/323>`__
+- Remove Python 3.7 from CI temporarilly. `#323 <https://github.com/dajiaji/python-cwt/pull/323>`__
+- Enhance COSE message validation. `#300 <https://github.com/dajiaji/python-cwt/pull/300>`__
+- Add test and sample for COSE-HPKE MAC. `#297 <https://github.com/dajiaji/python-cwt/pull/297>`__
+- Add Python 3.11 to CI. `#296 <https://github.com/dajiaji/python-cwt/pull/296>`__
+- Update dependencies.
+    - Bump cbor2 from 5.4.6. `#302 <https://github.com/dajiaji/python-cwt/pull/302>`__
+- Update dev dependencies.
+    - Bump tox to 4.1.2. `#323 <https://github.com/dajiaji/python-cwt/pull/323>`__
+    - Bump pre-commit/isort to 5.11.3. `#311 <https://github.com/dajiaji/python-cwt/pull/311>`__
+    - Bump pre-commit/black to 22.12.0. `#306 <https://github.com/dajiaji/python-cwt/pull/306>`__
+    - Bump certifi to 2022.12.7. `#303 <https://github.com/dajiaji/python-cwt/pull/303>`__
+
 Version 2.1.0
 -------------
 

README.md

@@ -9,8 +9,10 @@
 
 Python CWT is a CBOR Web Token (CWT) and CBOR Object Signing and Encryption (COSE)
 implementation compliant with:
+- [RFC9052: CBOR Object Signing and Encryption (COSE): Structures and Process](https://www.rfc-editor.org/rfc/rfc9052.html)
+- [RFC9053: CBOR Object Signing and Encryption (COSE): Initial Algorithms](https://www.rfc-editor.org/rfc/rfc9053.html)
+- [RFC9338: CBOR Object Signing and Encryption (COSE): Countersignatures](https://www.rfc-editor.org/rfc/rfc9338.html)
 - [RFC8392: CWT (CBOR Web Token)](https://tools.ietf.org/html/rfc8392)
-- [RFC8152: COSE (CBOR Object Signing and Encryption)](https://tools.ietf.org/html/rfc8152)
 - and related various specifications. See [Referenced Specifications](#referenced-specifications).
 
 It is designed to make users who already know about [JWS](https://tools.ietf.org/html/rfc7515)/[JWE](https://tools.ietf.org/html/rfc7516)/[JWT](https://tools.ietf.org/html/rfc7519)
@@ -1656,11 +1658,14 @@ See [Documentation](https://python-readthedocs.io/en/stable/algorithms.html).
 
 Python CWT is (partially) compliant with following specifications:
 
-- [RFC8152: CBOR Object Signing and Encryption (COSE)](https://tools.ietf.org/html/rfc8152)
-- [RFC8230: Using RSA Algorithms with COSE Messages](https://tools.ietf.org/html/rfc8230)
-- [RFC8392: CBOR Web Token (CWT)](https://tools.ietf.org/html/rfc8392)
-- [RFC8747: Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)](https://tools.ietf.org/html/rfc8747)
+- [RFC9052: CBOR Object Signing and Encryption (COSE): Structures and Process](https://www.rfc-editor.org/rfc/rfc9052.html)
+- [RFC9053: CBOR Object Signing and Encryption (COSE): Initial Algorithms](https://www.rfc-editor.org/rfc/rfc9053.html)
+- [RFC9338: CBOR Object Signing and Encryption (COSE): Countersignatures](https://www.rfc-editor.org/rfc/rfc9338.html)
 - [RFC8812: COSE and JOSE Registrations for Web Authentication (WebAuthn) Algorithms](https://tools.ietf.org/html/rfc8812)
+- [RFC8747: Proof-of-Possession Key Semantics for CBOR Web Tokens (CWTs)](https://tools.ietf.org/html/rfc8747)
+- [RFC8392: CWT (CBOR Web Token)](https://tools.ietf.org/html/rfc8392)
+- [RFC8230: Using RSA Algorithms with COSE Messages](https://tools.ietf.org/html/rfc8230)
+- [RFC8152: CBOR Object Signing and Encryption (COSE)](https://tools.ietf.org/html/rfc8152)
 - [Electronic Health Certificate Specification](https://github.com/ehn-dcc-development/hcert-spec/blob/main/hcert_spec.md)
 - [Technical Specifications for Digital Green Certificates Volume 1](https://ec.europa.eu/health/sites/default/files/ehealth/docs/digital-green-certificates_v1_en.pdf)
 

cwt/__init__.py

@@ -18,7 +18,7 @@
 from .recipient import Recipient
 from .signer import Signer
 
-__version__ = "2.1.0"
+__version__ = "2.2.0"
 __title__ = "cwt"
 __description__ = "A Python implementation of CWT/COSE"
 __url__ = "https://python-cwt.readthedocs.io"

docs/index.rst

@@ -7,15 +7,7 @@ Welcome to Python CWT
 =====================
 
 Python CWT is a CBOR Web Token (CWT) and CBOR Object Signing and Encryption (COSE)
-implementation compliant with:
-
-- `RFC8392: CBOR Web Token (CWT)`_
-- `RFC8152: CBOR Object Signing and Encryption (COSE)`_
-- and related various specifications. See `Referenced Specifications`_.
-
-It is designed to make users who already know about `JWS`_/`JWE`_/`JWT`_
-be able to use it in ease. Little knowledge of `CBOR`_/`COSE`_/`CWT`_
-is required to use it.
+implementation compliant with `various COSE related specifications`_.
 
 You can install Python CWT with pip:
 
@@ -26,16 +18,43 @@ You can install Python CWT with pip:
 
 And then, you can use it as follows:
 
-.. code-block:: pycon
+COSE API:
+
+.. code-block:: python
+
+    from cwt import COSE, COSEKey
+
+    mac_key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
+
+    # The sender side:
+    sender = COSE.new()
+    encoded = sender.encode(
+        b"Hello world!",
+        mac_key,
+        protected={"alg": "HS256"},
+        unprotected={"kid": "01"},
+    )
+
+    # The recipient side:
+    recipient = COSE.new()
+    assert b"Hello world!" == recipient.decode(encoded, mac_key)
+
+CWT API:
+
+.. code-block:: python
+
+    import cwt
+    from cwt import COSEKey
+
+    mac_key = COSEKey.generate_symmetric_key(alg="HS256", kid="01")
+
+    # The sender side:
+    token = encode({1: "coaps://as.example", 2: "dajiaji", 7: b"123"}, mac_key)
+
+    # The recipient side:
+    decoded = decode(token, mac_key)
+    # decoded == {1: 'coaps://as.example', 2: 'dajiaji', 7: b'123', 4: 1620088759, 5: 1620085159, 6: 1620085159}
 
-    >>> import cwt
-    >>> from cwt import COSEKey
-    >>> key = COSEKey.from_symmetric_key(alg="HS256")
-    >>> token = cwt.encode({"iss": "coaps://as.example", "sub": "dajiaji", "cti": "123"}, key)
-    >>> token.hex()
-    'd18443a10105a05835a60172636f6170733a2f2f61732e6578616d706c65026764616a69616a690743313233041a60c6a60b051a60c697fb061a60c697fb582019d4a89e141e3a8805ba1c90d81a8a2dd8261464dce379d8af8044d1cc062258'
-    >>> cwt.decode(token, key)
-    {1: 'coaps://as.example', 2: 'dajiaji', 7: b'123', 4: 1620088759, 5: 1620085159, 6: 1620085159}
 
 Index
 -----
@@ -47,15 +66,6 @@ Index
    api
    claims
    algorithms
-   specs
    changes
 
-.. _`RFC8392: CBOR Web Token (CWT)`: https://tools.ietf.org/html/rfc8392
-.. _`RFC8152: CBOR Object Signing and Encryption (COSE)`: https://tools.ietf.org/html/rfc8152
-.. _`CBOR`: https://tools.ietf.org/html/rfc7049
-.. _`COSE`: https://tools.ietf.org/html/rfc8152
-.. _`CWT`: https://tools.ietf.org/html/rfc8392
-.. _`JWS`: https://tools.ietf.org/html/rfc7515
-.. _`JWE`: https://tools.ietf.org/html/rfc7516
-.. _`JWT`: https://tools.ietf.org/html/rfc7519
-.. _`Referenced Specifications`: ./specs.html
+.. _`various COSE related specifications`: https://github.com/dajiaji/python-cwt#referenced-specifications

docs/specs.rst

@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 
 [tool.poetry]
 name = "cwt"
-version = "2.1.0"
+version = "2.2.0"
 description = "A Python implementation of CWT/COSE."
 authors = ["Ajitomi Daisuke <dajiaji@gmail.com>"]
 license = "MIT"