• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1.. _openssl-crypto:
2
3:py:mod:`crypto` --- Generic cryptographic module
4=================================================
5
6.. py:module:: OpenSSL.crypto
7   :synopsis: Generic cryptographic module
8
9.. note::
10
11    `pyca/cryptography`_ is likely a better choice than using this module.
12    It contains a complete set of cryptographic primitives as well as a significantly better and more powerful X509 API.
13    If necessary you can convert to and from cryptography objects using the ``to_cryptography`` and ``from_cryptography`` methods on ``X509``, ``X509Req``, ``CRL``, and ``PKey``.
14
15
16Elliptic curves
17---------------
18
19.. autofunction:: get_elliptic_curves
20
21.. autofunction:: get_elliptic_curve
22
23Serialization and deserialization
24---------------------------------
25
26The following serialization functions take one of these constants to determine the format.
27
28.. py:data:: FILETYPE_PEM
29
30:data:`FILETYPE_PEM` serializes data to a Base64-encoded encoded representation of the underlying ASN.1 data structure. This representation includes delimiters that define what data structure is contained within the Base64-encoded block: for example, for a certificate, the delimiters are ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----``.
31
32.. py:data:: FILETYPE_ASN1
33
34:data:`FILETYPE_ASN1` serializes data to the underlying ASN.1 data structure. The format used by :data:`FILETYPE_ASN1` is also sometimes referred to as DER.
35
36Certificates
37~~~~~~~~~~~~
38
39.. autofunction:: dump_certificate
40
41.. autofunction:: load_certificate
42
43Certificate signing requests
44~~~~~~~~~~~~~~~~~~~~~~~~~~~~
45
46.. autofunction:: dump_certificate_request
47
48.. autofunction:: load_certificate_request
49
50Private keys
51~~~~~~~~~~~~
52
53.. autofunction:: dump_privatekey
54
55.. autofunction:: load_privatekey
56
57Public keys
58~~~~~~~~~~~
59
60.. autofunction:: dump_publickey
61
62.. autofunction:: load_publickey
63
64Certificate revocation lists
65~~~~~~~~~~~~~~~~~~~~~~~~~~~~
66
67.. autofunction:: dump_crl
68
69.. autofunction:: load_crl
70
71.. autofunction:: load_pkcs7_data
72
73.. autofunction:: load_pkcs12
74
75Signing and verifying signatures
76--------------------------------
77
78.. autofunction:: sign
79
80.. autofunction:: verify
81
82
83.. _openssl-x509:
84
85X509 objects
86------------
87
88.. autoclass:: X509
89               :members:
90
91.. _openssl-x509name:
92
93X509Name objects
94----------------
95
96.. autoclass:: X509Name
97               :members:
98               :special-members:
99               :exclude-members: __repr__, __getattr__, __weakref__
100
101.. _openssl-x509req:
102
103X509Req objects
104---------------
105
106.. autoclass:: X509Req
107               :members:
108               :special-members:
109               :exclude-members: __weakref__
110
111.. _openssl-x509store:
112
113X509Store objects
114-----------------
115
116.. autoclass:: X509Store
117               :members:
118
119.. _openssl-x509storecontexterror:
120
121X509StoreContextError objects
122-----------------------------
123
124.. autoclass:: X509StoreContextError
125               :members:
126
127.. _openssl-x509storecontext:
128
129X509StoreContext objects
130------------------------
131
132.. autoclass:: X509StoreContext
133               :members:
134
135.. _openssl-pkey:
136
137X509StoreFlags constants
138------------------------
139
140.. autoclass:: X509StoreFlags
141
142    .. data:: CRL_CHECK
143    .. data:: CRL_CHECK_ALL
144    .. data:: IGNORE_CRITICAL
145    .. data:: X509_STRICT
146    .. data:: ALLOW_PROXY_CERTS
147    .. data:: POLICY_CHECK
148    .. data:: EXPLICIT_POLICY
149    .. data:: INHIBIT_MAP
150    .. data:: NOTIFY_POLICY
151    .. data:: CHECK_SS_SIGNATURE
152    .. data:: CB_ISSUER_CHECK
153
154.. _openssl-x509storeflags:
155
156PKey objects
157------------
158
159.. autoclass:: PKey
160               :members:
161
162.. _openssl-pkcs7:
163
164.. py:data:: TYPE_RSA
165             TYPE_DSA
166
167    Key type constants.
168
169PKCS7 objects
170-------------
171
172PKCS7 objects have the following methods:
173
174.. autoclass:: PKCS7
175               :members:
176
177.. _openssl-pkcs12:
178
179PKCS12 objects
180--------------
181
182.. autoclass:: PKCS12
183               :members:
184
185.. _openssl-509ext:
186
187X509Extension objects
188---------------------
189
190.. autoclass:: X509Extension
191               :members:
192               :special-members:
193               :exclude-members: __weakref__
194
195.. _openssl-netscape-spki:
196
197NetscapeSPKI objects
198--------------------
199
200.. autoclass:: NetscapeSPKI
201               :members:
202               :special-members:
203               :exclude-members: __weakref__
204
205.. _crl:
206
207CRL objects
208-----------
209
210.. autoclass:: CRL
211               :members:
212               :special-members:
213               :exclude-members: __weakref__
214
215.. _revoked:
216
217Revoked objects
218---------------
219
220.. autoclass:: Revoked
221               :members:
222
223Exceptions
224----------
225
226.. py:exception:: Error
227
228    Generic exception used in the :py:mod:`.crypto` module.
229
230
231Digest names
232------------
233
234Several of the functions and methods in this module take a digest name.
235These must be strings describing a digest algorithm supported by OpenSSL (by ``EVP_get_digestbyname``, specifically).
236For example, :const:`b"sha256"` or :const:`b"sha384"`.
237
238More information and a list of these digest names can be found in the ``EVP_DigestInit(3)`` man page of your OpenSSL installation.
239This page can be found online for the latest version of OpenSSL:
240https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html
241
242.. _`pyca/cryptography`:  https://cryptography.io
243