:py:mod:`crypto` --- Generic cryptographic module
.. py:module:: OpenSSL.crypto :synopsis: Generic cryptographic module
Note
pyca/cryptography is likely a better choice than using this module.
It contains a complete set of cryptographic primitives as well as a significantly better and more powerful X509 API.
If necessary you can convert to and from cryptography objects using the to_cryptography
and from_cryptography
methods on X509
, X509Req
, CRL
, and PKey
.
.. autofunction:: get_elliptic_curves
.. autofunction:: get_elliptic_curve
The following serialization functions take one of these constants to determine the format.
.. py:data:: FILETYPE_PEM
:data:`FILETYPE_PEM` serializes data to a Base64-encoded encoded representation of the underlying ASN.1 data structure. This representation includes delimiters that define what data structure is contained within the Base64-encoded block: for example, for a certificate, the delimiters are -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
.
.. py:data:: FILETYPE_ASN1
:data:`FILETYPE_ASN1` serializes data to the underlying ASN.1 data structure. The format used by :data:`FILETYPE_ASN1` is also sometimes referred to as DER.
.. autofunction:: dump_certificate
.. autofunction:: load_certificate
.. autofunction:: dump_certificate_request
.. autofunction:: load_certificate_request
.. autofunction:: dump_privatekey
.. autofunction:: load_privatekey
.. autofunction:: dump_publickey
.. autofunction:: load_publickey
.. autofunction:: dump_crl
.. autofunction:: load_crl
.. autofunction:: load_pkcs7_data
.. autofunction:: load_pkcs12
.. autofunction:: sign
.. autofunction:: verify
.. autoclass:: X509 :members:
.. autoclass:: X509Name :members: :special-members: :exclude-members: __repr__, __getattr__, __weakref__
.. autoclass:: X509Req :members: :special-members: :exclude-members: __weakref__
.. autoclass:: X509Store :members:
.. autoclass:: X509StoreContextError :members:
.. autoclass:: X509StoreContext :members:
.. autoclass:: X509StoreFlags .. data:: CRL_CHECK .. data:: CRL_CHECK_ALL .. data:: IGNORE_CRITICAL .. data:: X509_STRICT .. data:: ALLOW_PROXY_CERTS .. data:: POLICY_CHECK .. data:: EXPLICIT_POLICY .. data:: INHIBIT_MAP .. data:: NOTIFY_POLICY .. data:: CHECK_SS_SIGNATURE .. data:: PARTIAL_CHAIN
.. autoclass:: PKey :members:
.. py:data:: TYPE_RSA TYPE_DSA Key type constants.
PKCS7 objects have the following methods:
.. autoclass:: PKCS7 :members:
.. autoclass:: PKCS12 :members:
.. autoclass:: X509Extension :members: :special-members: :exclude-members: __weakref__
.. autoclass:: NetscapeSPKI :members: :special-members: :exclude-members: __weakref__
.. autoclass:: CRL :members: :special-members: :exclude-members: __weakref__
.. autoclass:: Revoked :members:
.. py:exception:: Error Generic exception used in the :py:mod:`.crypto` module.
Several of the functions and methods in this module take a digest name.
These must be strings describing a digest algorithm supported by OpenSSL (by EVP_get_digestbyname
, specifically).
For example, :const:`b"sha256"` or :const:`b"sha384"`.
More information and a list of these digest names can be found in the EVP_DigestInit(3)
man page of your OpenSSL installation.
This page can be found online for the latest version of OpenSSL:
https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html