Note
pyca/cryptography is likely a better choice than using this module. It contains a complete set of cryptographic primitives as well as a significantly better and more powerful X509 API. If necessary you can convert to and from cryptography objects using the to_cryptography
and from_cryptography
methods on X509
, X509Req
, CRL
, and PKey
.
get_elliptic_curves
get_elliptic_curve
The following serialization functions take one of these constants to determine the format.
FILETYPE_PEM
serializes data to a Base64-encoded encoded representation of the underlying ASN.1 data structure. This representation includes delimiters that define what data structure is contained within the Base64-encoded block: for example, for a certificate, the delimiters are -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
.
FILETYPE_ASN1
serializes data to the underlying ASN.1 data structure. The format used by FILETYPE_ASN1
is also sometimes referred to as DER.
dump_certificate
load_certificate
dump_certificate_request
load_certificate_request
dump_privatekey
load_privatekey
dump_publickey
load_publickey
dump_crl
load_crl
load_pkcs7_data
load_pkcs12
sign
verify
X509
X509Name
X509Req
X509Store
X509StoreContextError
X509StoreContext
X509StoreFlags
CRL_CHECK
CRL_CHECK_ALL
IGNORE_CRITICAL
X509_STRICT
ALLOW_PROXY_CERTS
POLICY_CHECK
EXPLICIT_POLICY
INHIBIT_MAP
NOTIFY_POLICY
CHECK_SS_SIGNATURE
PARTIAL_CHAIN
PKey
Key type constants.
PKCS7 objects have the following methods:
PKCS7
PKCS12
X509Extension
NetscapeSPKI
CRL
Revoked
Several of the functions and methods in this module take a digest name. These must be strings describing a digest algorithm supported by OpenSSL (by EVP_get_digestbyname
, specifically). For example, b"sha256"
or b"sha384"
.
More information and a list of these digest names can be found in the EVP_DigestInit(3)
man page of your OpenSSL installation. This page can be found online for the latest version of OpenSSL: https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html