Paul Kehrer

No, X509 verification is not supported in cryptography in public APIs at this time.

I believe https://github.com/pyca/cryptography/pull/6910 should provide what you need for this to work. It will be in the next release, but if you have a chance to test it before release...

I can reproduce this, but I don't understand what structure keytool is actually creating here so it's unclear how to make this work as expected.

If OpenSSL doesn't support the addition of that OID then we won't be able to add support for this right now unfortunately. At some point we may choose to implement...

The OpenSSL API doesn't appear to allow adding it either.

Fernet is unfortunately unsuitable for streaming encryption due to the requirement that the entirety of the payload be processed by HMAC before you know if any data can be used....

I'm still interested in this and have a potential spec but haven't had the bandwidth to get it reviewed by enough cryptographers to feel comfortable implementing it in a public...

I haven't reviewed this yet (and probably won't be able to until after I find the time to fix the absurdity of our CI yet again, sigh), but you may...

There is no one actively working on this, although we are happy to review code and talk about proposed APIs.

Prehashed isn’t really practical due to the design of ed25519 (pure eddsa). Take a look at the RFC (https://datatracker.ietf.org/doc/html/rfc8032#section-5.1.6) and you’ll see that it hashes the private key, uses part...