output an ASN1_STRING structure according to the set flags.
Parameters: | flags – determine the format of the output by using predetermined constants, see ASN1_STRING_print_ex(3) manpage for their meaning. |
---|---|
Returns: | output an ASN1_STRING structure. |
Bases: object
Abstract object interface to the BIO API.
Returns whether the cause of the condition is the bio should write more data
Bases: M2Crypto.BIO.BIO
Object interface to BIO_f_cipher.
Bases: M2Crypto.BIO.BIO
Object interface to BIO_s_pyfd
This class interfaces Python to OpenSSL functions that expect BIO *. For general file manipulation in Python, use Python’s builtin file object.
Bases: M2Crypto.BIO.BIO
Object interface to BIO_f_buffer.
Its principal function is to be BIO_push()’ed on top of a BIO_f_ssl, so that makefile() of said underlying SSL socket works.
Bases: M2Crypto.BIO.BIO
Object interface to BIO_s_mem.
Empirical testing suggests that this class performs less well than cStringIO, because cStringIO is implemented in C, whereas this class is implemented in Python. Thus, the recommended practice is to use cStringIO for regular work and convert said cStringIO object to a MemoryBuffer object only when necessary.
Bases: M2Crypto.BIO.BIO
Object interface to BIO_f_ssl
Generate cryptographically strong random number.
Parameters: |
|
---|
This class is a context supporting DSA key and parameter values, signing and verifying.
Simple example:
from M2Crypto import EVP, DSA, util
message = 'Kilroy was here!'
md = EVP.MessageDigest('sha1')
md.update(message)
digest = md.final()
dsa = DSA.gen_params(1024)
dsa.gen_key()
r, s = dsa.sign(digest)
good = dsa.verify(digest, r, s)
if good:
print(' ** success **')
else:
print(' ** verification failed **')
Check to be sure the DSA object has a valid private key.
Returns: | 1 (true) if a valid private key |
---|
Save the DSA key pair to a file.
Parameters: |
|
---|---|
Returns: | 1 (true) if successful |
Save DSA key pair to a BIO object.
Parameters: |
|
---|---|
Returns: | 1 (true) if successful |
Save the DSA parameters to a file.
Parameters: | filename – Save the DSA parameters to this file. |
---|---|
Returns: | 1 (true) if successful |
Save DSA parameters to a BIO object.
Parameters: | bio – Save DSA parameters to this object. |
---|---|
Returns: | 1 (true) if successful |
Save the DSA public key (with parameters) to a file.
Parameters: | filename – Save DSA public key (with parameters) to this file. |
---|---|
Returns: | 1 (true) if successful |
Save DSA public key (with parameters) to a BIO object.
Parameters: | bio – Save DSA public key (with parameters) to this object. |
---|---|
Returns: | 1 (true) if successful |
Set new parameters.
Parameters: |
|
---|
Sign the digest.
Parameters: | digest – SHA-1 hash of message (same as output from MessageDigest, a “byte string”) |
---|---|
Returns: | DSA signature, a tuple of two values, r and s, both “byte strings”. |
Verify a newly calculated digest against the signature values r and s.
Parameters: |
|
---|---|
Returns: | 1 (true) if verify succeeded, 0 if failed |
Bases: M2Crypto.DSA.DSA
This class is a DSA context that only supports a public key and verification. It does NOT support a private key or signing.
Save the DSA public key (with parameters) to a file.
Parameters: | filename – Save DSA public key (with parameters) to this file. |
---|---|
Returns: | 1 (true) if successful |
Save DSA public key (with parameters) to a BIO object.
Parameters: | bio – Save DSA public key (with parameters) to this object. |
---|---|
Returns: | 1 (true) if successful |
Factory function that generates DSA parameters and instantiates a DSA object from the output.
Parameters: |
|
---|---|
Returns: | instance of DSA. |
Factory function that instantiates a DSA object from a PEM encoded DSA key pair.
Parameters: |
|
---|---|
Returns: | instance of DSA. |
Factory function that instantiates a DSA object from a PEM encoded DSA key pair.
Parameters: |
|
---|---|
Returns: | instance of DSA. |
Factory function that instantiates a DSA object with DSA parameters from a file.
Parameters: |
|
---|---|
Returns: | instance of DSA. |
Factory function that instantiates a DSA object with DSA parameters from a M2Crypto.BIO object.
Parameters: |
|
---|---|
Returns: | instance of DSA. |
Factory function that instantiates a DSA_pub object using a DSA public key contained in PEM file. The PEM file must contain the parameters in addition to the public key.
Parameters: |
|
---|---|
Returns: | instance of DSA_pub. |
Factory function that instantiates a DSA_pub object using a DSA public key contained in PEM format. The PEM must contain the parameters in addition to the public key.
Parameters: |
|
---|---|
Returns: | instance of DSA_pub. |
Object interface to a EC key pair.
Returns the key(pair) as a string in PEM format. If no password is passed and the cipher is set it exits with error
Compute the ECDH shared key of this key pair and the given public key object. They must both use the same curve. Returns the shared key in binary as a buffer object. No Key Derivation Function is applied.
Generates the key pair from its parameters. Use:
keypair = EC.gen_params(curve)
keypair.gen_key()
to create an EC key pair.
Save the key pair to a file in PEM format.
Parameters: |
|
---|
Save the key pair to an M2Crypto.BIO.BIO object in PEM format.
Parameters: |
|
---|
Save the public key to a filename in PEM format.
Parameters: | file – Name of filename to save key to. |
---|
Save the public key to an M2Crypto.BIO.BIO object in PEM format.
Parameters: | bio – M2Crypto.BIO.BIO object to save key to. |
---|
Sign the given digest using ECDSA. Returns a tuple (r,s), the two ECDSA signature parameters.
Bases: M2Crypto.EC.EC
Object interface to an EC public key. ((don’t like this implementation inheritance))
Save the public key to a filename in PEM format.
Parameters: | file – Name of filename to save key to. |
---|
Save the public key to an M2Crypto.BIO.BIO object in PEM format.
Parameters: | bio – M2Crypto.BIO.BIO object to save key to. |
---|
Factory function that generates EC parameters and instantiates a EC object from the output.
Parameters: | curve – This is the OpenSSL nid of the curve to use. |
---|
Factory function that instantiates a EC object.
Parameters: |
|
---|
Factory function that instantiates a EC object.
Parameters: |
|
---|
Load an EC key pair from a string.
Parameters: |
|
---|---|
Returns: | M2Crypto.EC.EC object. |
Load an M2Crypto.EC.PKey from a public key as a string.
Parameters: |
|
---|---|
Returns: | M2Crypto.EC.PKey object. |
Load an EC public key from filename.
Parameters: | file – Name of filename containing EC public key in PEM format. |
---|---|
Returns: | M2Crypto.EC.EC_pub object. |
Public Key
Return key in PEM format in a string.
Parameters: |
|
---|
Assign the RSA key pair to self.
Parameters: |
|
---|---|
Returns: | Return 1 for success and 0 for failure. |
Return signature.
Returns: | The signature. |
---|
Reset internal message digest context.
Parameters: | md – The message digest algorithm. |
---|
Save the key pair to a file in PEM format.
Parameters: |
|
---|
Save the key pair to the M2Crypto.BIO object ‘bio’ in PEM format.
Parameters: |
|
---|
Feed data to signing operation.
Parameters: | data – Data to be signed. |
---|
Load an M2Crypto.EVP.PKey from file.
Parameters: |
|
---|---|
Returns: | M2Crypto.EVP.PKey object. |
Load an M2Crypto.EVP.PKey from an M2Crypto.BIO object.
Parameters: |
|
---|---|
Returns: | M2Crypto.EVP.PKey object. |
Load an M2Crypto.EVP.PKey from a public key as a M2Crypto.BIO object.
Parameters: |
|
---|---|
Returns: | M2Crypto.EVP.PKey object. |
Load an M2Crypto.EVP.PKey from a string.
Parameters: |
|
---|---|
Returns: | M2Crypto.EVP.PKey object. |
Load an M2Crypto.EVP.PKey from a public key as a string.
Parameters: |
|
---|---|
Returns: | M2Crypto.EVP.PKey object. |
M2Crypto wrapper for OpenSSL ENGINE API.
Pavel Shramov IMEC MSU
Wrapper for ENGINE object.
Obtain a functional reference to the engine.
Returns: | 0 on error, non-zero on success. |
---|
Load certificate from engine (e.g from smartcard). NOTE: This function may be not implemented by engine!
Load private key with engine methods (e.g from smartcard). If pin is not set it will be asked
If you load any engines, you need to clean up after your application is finished with the engines.
RSA Key Pair.
Returns the key(pair) as a string in PEM format.
Returns: | returns 1 if rsa is a valid RSA key, and 0 otherwise. -1 is returned if an error occurs while checking the key. If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3). |
---|
Save the key pair to a file in PEM format.
Parameters: |
|
---|
Save the key pair to an M2Crypto.BIO.BIO object in PEM format.
Parameters: |
|
---|
Save the key pair to a file in DER format.
Parameters: | file – Filename to save key to |
---|
Save the key pair to an M2Crypto.BIO.BIO object in DER format.
Parameters: | bio – M2Crypto.BIO.BIO object to save key to. |
---|
Save the key pair to a file in PEM format.
Parameters: |
|
---|
Save the public key to a file in PEM format.
Parameters: | file – Name of file to save key to. |
---|
Save the public key to an M2Crypto.BIO.BIO object in PEM format.
Parameters: | bio – M2Crypto.BIO.BIO object to save key to. |
---|
Signs a digest with the private key
Parameters: |
|
---|---|
Returns: | a string which is the signature |
Signs a digest with the private key using RSASSA-PSS
Parameters: |
|
---|---|
Returns: | a string which is the signature |
Verifies the signature with the public key
Parameters: |
|
---|---|
Returns: | 1 or 0, depending on whether the signature was verified or not. |
Verifies the signature RSASSA-PSS
Parameters: |
|
---|---|
Returns: | 1 or 0, depending on whether the signature was verified or not. |
Bases: M2Crypto.RSA.RSA
Object interface to an RSA public key.
Generate an RSA key pair.
Parameters: |
|
---|---|
Returns: | M2Crypto.RSA.RSA object. |
Default callback for gen_key().
Load an RSA key pair from file.
Parameters: |
|
---|---|
Returns: | M2Crypto.RSA.RSA object. |
Load an RSA key pair from an M2Crypto.BIO.BIO object.
Parameters: |
|
---|---|
Returns: | M2Crypto.RSA.RSA object. |
Load an RSA key pair from a string.
Parameters: |
|
---|---|
Returns: | M2Crypto.RSA.RSA object. |
Load an RSA public key from file.
Parameters: | file – Name of file containing RSA public key in PEM format. |
---|---|
Returns: | M2Crypto.RSA.RSA_pub object. |
Load an RSA public key from an M2Crypto.BIO.BIO object.
Parameters: | bio – M2Crypto.BIO.BIO object containing RSA public key in PEM format. |
---|---|
Returns: | M2Crypto.RSA.RSA_pub object. |
Instantiate an RSA_pub object from an (e, n) tuple.
Parameters: |
|
---|---|
Returns: | M2Crypto.RSA.RSA_pub object. |
Object interface to EVP_CIPHER without all the frills of M2Crypto.EVP.Cipher.
X509 Certificate Revocation List
Return CRL in PEM format in a string.
Returns: | String containing the CRL in PEM format. |
---|
X509 Certificate Request.
Add X509 extensions to this request.
Parameters: | ext_stack – Stack of extensions to add. |
---|---|
Returns: | 1 for success and 0 for failure |
Saves X.509 certificate request to a file. Default output format is PEM.
Parameters: |
|
---|---|
Returns: | 1 for success, 0 for failure. The error code can be obtained by ERR_get_error. |
Set the public key for the request.
Parameters: | pkey – Public key |
---|---|
Returns: | Return 1 for success and 0 for failure. |
Set subject name.
Parameters: | name – subjectName field. |
---|---|
Returns: | 1 for success and 0 for failure |
Set subject name.
Parameters: | name – subjectName field. |
---|---|
Returns: | 1 for success and 0 for failure |
Set version.
Parameters: | version – Version number. |
---|---|
Returns: | Returns 0 on failure. |
X.509 Certificate
Add X509 extension to this certificate.
Parameters: | ext – Extension |
---|
:return 1 for success and 0 for failure
Check if the certificate is a Certificate Authority (CA) certificate.
Returns: | 0 if the certificate is not CA, nonzero otherwise. |
---|---|
Requires : | OpenSSL 0.9.8 or newer |
Check if the certificate’s purpose matches the asked purpose.
Parameters: |
|
---|---|
Returns: | 0 if the certificate purpose does not match, nonzero otherwise. |
Get X509 extension by name.
Parameters: | name – Name of the extension |
---|---|
Returns: | X509_Extension |
Get X509 extension by index.
Parameters: | index – Name of the extension |
---|---|
Returns: | X509_Extension |
Get the fingerprint of the certificate.
Parameters: | md – Message digest algorithm to use. |
---|---|
Returns: | String containing the fingerprint in hex format. |
Saves X.509 certificate to a file. Default output format is PEM.
Parameters: |
|
---|---|
Returns: | 1 for success or 0 for failure |
Parameters: | filename – name of the file to be loaded |
---|---|
Returns: | 1 for success or 0 for failure |
Set issuer name.
Parameters: | name – subjectName field. |
---|
:return 1 for success and 0 for failure
Set the public key for the certificate
Parameters: | pkey – Public key |
---|
:return 1 for success and 0 for failure
Set serial number.
Parameters: | serial – Serial number. |
---|
:return 1 for success and 0 for failure.
Set subject name.
Parameters: | name – subjectName field. |
---|
:return 1 for success and 0 for failure
Set version of the certificate.
Parameters: | version – Version number. |
---|---|
Returns: | Returns 0 on failure. |
X509 Extension
Return whether or not this is a critical extension.
Returns: | Nonzero if this is a critical extension. |
---|
Get the extension value, for example ‘DNS:www.example.com‘.
Parameters: |
|
---|
X509 Extension Stack
Warning : | Do not modify the underlying OpenSSL stack except through this interface, or use any OpenSSL functions that do so indirectly. Doing so will get the OpenSSL stack and the internal pystack of this class out of sync, leading to python memory leaks, exceptions or even python crashes! |
---|
X509 Name
Add X509_Name field whose name is identified by its name.
Parameters: |
|
---|
The loc and set parameters determine where a new entry should be added. For almost all applications loc can be set to -1 and set to 0. This adds a new entry to the end of name as a single valued RelativeDistinguishedName (RDN).
Parameters: |
|
---|---|
Returns: | 1 for success of 0 if an error occurred. |
as_text returns the name as a string.
Parameters: |
|
---|
Retrieve the next index matching nid.
Parameters: | nid – name of the entry (as m2.NID* constants) |
---|---|
Returns: | list of X509_Name_Entry items |
X509 Name Entry
X509 Stack
Warning : | Do not modify the underlying OpenSSL stack except through this interface, or use any OpenSSL functions that do so indirectly. Doing so will get the OpenSSL stack and the internal pystack of this class out of sync, leading to python memory leaks, exceptions or even python crashes! |
---|
X509 Store
Parameters: | file – filename |
---|---|
Returns: | 1 on success, 0 on failure |
Set callback which will be called when the store is verified. Wrapper over OpenSSL X509_STORE_set_verify_cb().
Parameters: | callback – Callable to specify verification options. Type of the callable must be: (int, X509_Store_Context) -> int. If None: set the standard options. |
---|---|
Note : | compile-time or run-time errors in the callback would result in mysterious errors during verification, which could be hard to trace. |
Note : | Python exceptions raised in callbacks do not propagate to verify() call. |
Returns: | None |
X509 Store Context
Get certificate chain.
Returns: | Reference counted (i.e. safe to use even after the store context goes away) stack of certificates in the chain. |
---|
Get current X.509 certificate.
Warning : | The returned certificate is NOT refcounted, so you can not rely on it being valid once the store context goes away or is modified. |
---|
Load certificate from file.
Parameters: |
|
---|---|
Returns: | M2Crypto.X509.X509 object. |
Load certificate from a bio.
Parameters: |
|
---|---|
Returns: | M2Crypto.X509.X509 object. |
Load certificate from a string.
Parameters: | string – String containing a certificate in DER format. |
---|---|
Returns: | M2Crypto.X509.X509 object. |
Load certificate from a string.
Parameters: |
|
---|---|
Returns: | M2Crypto.X509.X509 object. |
Load CRL from file.
Parameters: | file – Name of file containing CRL in PEM format. |
---|---|
Returns: | M2Crypto.X509.CRL object. |
Load certificate request from file.
Parameters: |
|
---|---|
Returns: | Request object. |
Load certificate request from a bio.
Parameters: |
|
---|---|
Returns: | M2Crypto.X509.Request object. |
Load certificate request from a string.
Parameters: | string – String containing a certificate request in DER format. |
---|---|
Returns: | M2Crypto.X509.Request object. |
Load certificate request from a string.
Parameters: |
|
---|---|
Returns: | M2Crypto.X509.Request object. |
Create new X509_Extension instance.
Bases: httplib.HTTPConnection
This class allows communication via SSL using M2Crypto.
Bases: M2Crypto.httpslib.HTTPSConnection
An HTTPS Connection that uses a proxy and the CONNECT request.
When the connection is initiated, CONNECT is first sent to the proxy (along with authorization headers, if supplied). If successful, an SSL connection will be established over the socket through the proxy and to the target host.
Finally, the actual request is sent over the SSL connection tunneling through the proxy.
Bases: urllib2.AbstractHTTPHandler
Return an addinfourl object for the request, using http_class.
http_class must implement the HTTPConnection API from httplib. The addinfourl return value is a file-like object. It also has methods and attributes including:
- info(): return a mimetools.Message object for the headers
- geturl(): return the original request URL
- code: HTTP status code
Create an opener object from a list of handlers.
The opener will use several default handlers, including support for HTTP and FTP.
If any of the handlers passed as arguments are subclasses of the default handlers, the default handlers will not be used.