Metadata-Version: 2.3
Name: spakky-cryptography
Version: 6.6.0
Summary: Cryptography and auth snapshot provider plugin for Spakky framework
Author: Spakky
Author-email: Spakky <sejong418@icloud.com>
License: MIT
Requires-Dist: argon2-cffi>=25.1.0
Requires-Dist: bcrypt>=5.0.0
Requires-Dist: pycryptodome>=3.23.0
Requires-Dist: spakky>=6.6.0
Requires-Dist: spakky-auth>=6.6.0
Requires-Python: >=3.12
Description-Content-Type: text/markdown

# spakky-cryptography

`spakky-cryptography` provides cryptographic utilities and the auth provider
capabilities required by signed
`AuthContextSnapshot` propagation and password hash verification.

## Retained Utilities

- `Key`, `Base64Encoder`, `Hash`, `HMAC`
- `ICryptor`, `ISigner`
- `Aes`, `Gcm`, `Rsa`, `AsymmetricKey`
- `Argon2PasswordEncoder`, `BcryptPasswordEncoder`, `Pbkdf2PasswordEncoder`, `ScryptPasswordEncoder`

JWT/OIDC token validation remains outside this package.

## Auth Provider Capabilities

The plugin registers `CryptographyAuthProvider`, which implements:

- `AuthCapability.SNAPSHOT_SIGN`
- `AuthCapability.SNAPSHOT_VERIFY`
- `AuthCapability.PASSWORD_HASH`
- `AuthCapability.PASSWORD_VERIFY`

Snapshot verification maps missing, invalid, and expired envelopes to
`CHALLENGE` decisions. Provider-unavailable conditions map to `ERROR`.
