PyCA cryptography 1.6 has been released to PyPI. cryptography is a package
which provides cryptographic recipes and primitives to Python developers.
Our goal is for it to be your "cryptographic standard library". We support
Python 2.6-2.7, Python 3.3+, and PyPy.
- Deprecated support for OpenSSL 1.0.0. Support will be removed in
- Replaced the Python-based OpenSSL locking callbacks with a C version to
fix a potential deadlock that could occur if a garbage collection cycle
occurred while inside the lock.
- Added support for BLAKE2b and BLAKE2s when using OpenSSL 1.1.0.
- Added signature_algorithm_oid support to Certificate.
- Added signature_algorithm_oid support to CertificateSigningRequest.
- Added signature_algorithm_oid support to CertificateRevocationList.
- Added support for Scrypt when using OpenSSL 1.1.0.
- Added a workaround to improve compatibility with Python application
bundling tools like PyInstaller and cx_freeze.
- Added support for generating a random_serial_number().
- Added support for encoding IPv4Network and IPv6Network in X.509
certificates for use with NameConstraints.
- Added public_bytes() to Name.
- Added RelativeDistinguishedName
- DistributionPoint now accepts RelativeDistinguishedName for
relative_name. Deprecated use of Name as relative_name.
- Name now accepts an iterable of RelativeDistinguishedName. RDNs can be
accessed via the rdns attribute. When constructed with an iterable of
NameAttribute, each attribute becomes a single-valued RDN.
- Added derive_private_key().
- Added support for signing and verifying RSA, DSA, and ECDSA signatures
with Prehashed digests.
Due to the volume of changes in this release the switch to bundling OpenSSL
1.1.0 in the macOS and Windows wheels has been pushed back to version 1.8.
1.7 is tentatively planned to be out in the next 2-3 weeks with some large
features that didn't make the cut for this release.
-Paul Kehrer (reaperhulk)