Initial support for DSA private keys.

CHANGELOG.rst

@@ -26,7 +26,9 @@ Deprecations:
 Changes:
 ^^^^^^^^
 
-*none*
+- Add support for DSA private keys.
+  This is also the OpenSSH legacy PEM format
+  (BEGIN DSA PRIVATE).
 
 
 ----

docs/api.rst

@@ -33,6 +33,7 @@ The following objects can be returned by the parsing functions.
 .. autoclass:: RSAPrivateKey(PrivateKey)
 .. autoclass:: RSAPublicKey(PublicKey)
 .. autoclass:: ECPrivateKey(PrivateKey)
+.. autoclass:: DSAPrivateKey(PrivateKey)
 .. autoclass:: OpenSSHPrivateKey(PrivateKey)
 .. autoclass:: DHParameters(AbstractPEMObject)
 .. autoclass:: CertificateRequest(AbstractPEMObject)

src/pem/__init__.py

@@ -6,6 +6,7 @@
     CertificateRequest,
     CertificateRevocationList,
     DHParameters,
+    DSAPrivateKey,
     ECPrivateKey,
     Key,
     OpenSSHPrivateKey,
@@ -39,6 +40,7 @@
     "CertificateRequest",
     "CertificateRevocationList",
     "DHParameters",
+    "DSAPrivateKey",
     "ECPrivateKey",
     "Key",
     "OpenSSHPrivateKey",

src/pem/_core.py

@@ -170,6 +170,16 @@ class ECPrivateKey(PrivateKey):
     """
 
 
+class DSAPrivateKey(PrivateKey):
+    """
+    A private DSA key.
+
+    Also private DSA key in OpenSSH legacy PEM format.
+
+    .. versionadded:: 21.1.0
+    """
+
+
 class DHParameters(AbstractPEMObject):
     """
     Diffie-Hellman parameters for DHE.
@@ -190,6 +200,7 @@ class OpenSSHPrivateKey(PrivateKey):
     b"PUBLIC KEY": PublicKey,
     b"ENCRYPTED PRIVATE KEY": PrivateKey,
     b"OPENSSH PRIVATE KEY": OpenSSHPrivateKey,
+    b"DSA PRIVATE KEY": DSAPrivateKey,
     b"RSA PRIVATE KEY": RSAPrivateKey,
     b"RSA PUBLIC KEY": RSAPublicKey,
     b"EC PRIVATE KEY": ECPrivateKey,

tests/data.py

@@ -226,6 +226,7 @@
 
 # generated with:
 # openssl ecparam -name secp256k1 -genkey -noout -out key.pem
+# Documented at https://tools.ietf.org/html/rfc5915
 KEY_PEM_EC_PRIVATE = b"""\
 -----BEGIN EC PRIVATE KEY-----
 MHQCAQEEIGTpm0NjJRU5dYDrRPh+C9agdudJvCGSBd1hah5jnMYPoAcGBSuBBAAK
@@ -245,3 +246,21 @@
 MAAAAhAMP/HkDnx5kbDXrh2EMYhj5FFAB2jbwXRVvJqeM6jD09AAAAHmJ1ZGR5QEJ1ZGR5
 cy1NYWNCb29rLVByby5sb2NhbAE=
 -----END OPENSSH PRIVATE KEY-----"""
+
+# OpenSSH legacy PEM private key format:
+# ssh-keygen -t dsa -m PEM
+# OpenSSL DSA key.
+# openssl dsaparam -out key.pem -genkey 1024:
+KEY_PEM_DSA_PRIVATE = b"""\
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCMaLmHH3HlQwVVp2mJq2Peblj+rjeLfN20fFHNm5LecTP0XIO9
+48chkzea4Ma2lv/hGTkYLlA0dQwYoAFO9rwrZo9HU+CXpx3A9BYVk3IWif7rSXZP
+3HCmQ0vN7nZhzW32Us6LM8MW5ZW1tJYQLPsDpGKgNVdKLZt+nhzJ3MxF3QIVAJKB
+6g66zmFYO+SN6zFYkco0wrNHAoGABZ0tQnYYj6uQoTK0mE90jsnUA3WpXenZDKBt
+TcryHe0ijwr4hzqGRJNmxBKgCX7mhYP2j5Kyd91BQDDNc9K41xeH3ikTal6O2b4J
+ckkxAyjhZccxwkvBKJVXC/g9I5ePbWGDheq3TO76sJNOcHHt0/KTGKb0Zy5rtgOn
+CSJ5eD0CgYBX0u5FjDreCn+4vqIwQyPgIvIIsq4S2WNWMEp1JvxA5OB+2BZh83Ua
+Qrb0riZLOXc966m9uXkBJE+Eimh+Jed/qfbwNuTZbxVz9rmsnbGHj8kvJT4c3J27
+NRrjPxY+c3X65vSaThscOQ0SHm5bRhX2YNRhgnZPznUnMXfE8yRLdgIUUS6kFIid
+HhSy7IHLTHWGoNdmwLo=
+-----END DSA PRIVATE KEY-----"""

tests/test_core.py

@@ -21,6 +21,7 @@
     CERT_PEMS_NO_NEW_LINE,
     CRL_PEMS,
     DH_PEM,
+    KEY_PEM_DSA_PRIVATE,
     KEY_PEM_EC_PRIVATE,
     KEY_PEM_OPENSSH,
     KEY_PEM_PKCS5_ENCRYPTED,
@@ -548,3 +549,12 @@ def test_openshh_private_key(self):
         (key,) = pem.parse(KEY_PEM_OPENSSH)
 
         assert isinstance(key, pem.OpenSSHPrivateKey)
+
+    def test_dsa_private_key(self):
+        """
+        Detects and loads private DSA keys.
+        This is also the legacy OpenSSH private key format.
+        """
+        (key,) = pem.parse(KEY_PEM_DSA_PRIVATE)
+
+        assert isinstance(key, pem.DSAPrivateKey)