• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1Certificate Transparency
2========================
3
4.. currentmodule:: cryptography.x509.certificate_transparency
5
6`Certificate Transparency`_ is a set of protocols specified in :rfc:`6962`
7which allow X.509 certificates to be sent to append-only logs and have small
8cryptographic proofs that a certificate has been publicly logged. This allows
9for external auditing of the certificates that a certificate authority has
10issued.
11
12.. class:: SignedCertificateTimestamp
13
14    .. versionadded:: 2.0
15
16    SignedCertificateTimestamps (SCTs) are small cryptographically signed
17    assertions that the specified certificate has been submitted to a
18    Certificate Transparency Log, and that it will be part of the public log
19    within some time period, this is called the "maximum merge delay" (MMD) and
20    each log specifies its own.
21
22    .. attribute:: version
23
24        :type: :class:`~cryptography.x509.certificate_transparency.Version`
25
26        The SCT version as an enumeration. Currently only one version has been
27        specified.
28
29    .. attribute:: log_id
30
31        :type: bytes
32
33        An opaque identifier, indicating which log this SCT is from. This is
34        the SHA256 hash of the log's public key.
35
36    .. attribute:: timestamp
37
38        :type: :class:`datetime.datetime`
39
40        A naïve datetime representing the time in UTC at which the log asserts
41        the certificate had been submitted to it.
42
43    .. attribute:: entry_type
44
45        :type:
46            :class:`~cryptography.x509.certificate_transparency.LogEntryType`
47
48        The type of submission to the log that this SCT is for. Log submissions
49        can either be certificates themselves or "pre-certificates" which
50        indicate a binding-intent to issue a certificate for the same data,
51        with SCTs embedded in it.
52
53
54.. class:: Version
55
56    .. versionadded:: 2.0
57
58    An enumeration for SignedCertificateTimestamp versions.
59
60    .. attribute:: v1
61
62        For version 1 SignedCertificateTimestamps.
63
64.. class:: LogEntryType
65
66    .. versionadded:: 2.0
67
68    An enumeration for SignedCertificateTimestamp log entry types.
69
70    .. attribute:: X509_CERTIFICATE
71
72        For SCTs corresponding to X.509 certificates.
73
74    .. attribute:: PRE_CERTIFICATE
75
76        For SCTs corresponding to pre-certificates.
77
78
79.. _`Certificate Transparency`: https://www.certificate-transparency.org/
80