3.1 crypto -- Generic cryptographic module

3.1 `crypto` -- Generic cryptographic module

X509Type: See X509.

class X509(): A class representing X.509 certificates.

X509NameType: See X509Name.

class X509Name(x509name): A class representing X.509 Distinguished Names.
This constructor creates a copy of x509name which should be an instance of X509Name.

X509ReqType: See X509Req.

class X509Req(): A class representing X.509 certificate requests.

X509StoreType: A Python type object representing the X509Store object type.

PKeyType: See PKey.

class PKey(): A class representing DSA or RSA keys.

PKCS7Type: A Python type object representing the PKCS7 object type.

PKCS12Type: A Python type object representing the PKCS12 object type.

X509ExtensionType: See X509Extension.

class X509Extension(typename, critical, value[, subject][, issuer]): A class representing an X.509 v3 certificate extensions. See http://openssl.org/docs/apps/x509v3_config.html#STANDARD_EXTENSIONSfor typename strings and their options. Optional parameters subject and issuer must be X509 objects.

NetscapeSPKIType: See NetscapeSPKI.

class NetscapeSPKI([enc]): A class representing Netscape SPKI objects.
If the enc argument is present, it should be a base64-encoded string representing a NetscapeSPKI object, as returned by the b64_encode method.

class CRL(): A class representing Certifcate Revocation List objects.

class Revoked(): A class representing Revocation objects of CRL.

FILETYPE_PEM
FILETYPE_ASN1: File type constants.

TYPE_RSA
TYPE_DSA: Key type constants.

exception Error: Generic exception used in the crypto module.

dump_certificate(type, cert): Dump the certificate cert into a buffer string encoded with the type type.

dump_certificate_request(type, req): Dump the certificate request req into a buffer string encoded with the type type.

dump_privatekey(type, pkey[, cipher, passphrase]): Dump the private key pkey into a buffer string encoded with the type type, optionally (if type is FILETYPE_PEM) encrypting it using cipher and passphrase.
passphrase must be either a string or a callback for providing the pass phrase.

load_certificate(type, buffer): Load a certificate (X509) from the string buffer encoded with the type type.

load_certificate_request(type, buffer): Load a certificate request (X509Req) from the string buffer encoded with the type type.

load_privatekey(type, buffer[, passphrase]): Load a private key (PKey) from the string buffer encoded with the type type (must be one of FILETYPE_PEM and FILETYPE_ASN1).
passphrase must be either a string or a callback for providing the pass phrase.

load_crl(type, buffer): Load Certificate Revocation List (CRL) data from a string buffer. buffer encoded with the type type. The type type must either FILETYPE_PEM or FILETYPE_ASN1).

load_pkcs7_data(type, buffer): Load pkcs7 data from the string buffer encoded with the type type.

load_pkcs12(buffer[, passphrase]): Load pkcs12 data from the string buffer. If the pkcs12 structure is encrypted, a passphrase must be included. The MAC is always checked and thus required.
See also the man page for the C function PKCS12_parse.

sign(key, data, digest): Sign a data string using the given key and message digest.
key is a PKey instance. data is a str instance. digest is a str naming a supported message digest type, for example ``sha1''. New in version 0.11.

verify(certificate, signature, data, digest): Verify the signature for a data string.
certificate is a X509 instance corresponding to the private key which generated the signature. signature is a str instance giving the signature itself. data is a str instance giving the data to which the signature applies. digest is a str instance naming the message digest type of the signature, for example ``sha1''. New in version 0.11.

Subsections