1.. hazmat:: 2 3Backend interfaces 4================== 5 6.. currentmodule:: cryptography.hazmat.backends.interfaces 7 8 9Backend implementations may provide a number of interfaces to support 10operations such as :doc:`/hazmat/primitives/symmetric-encryption`, 11:doc:`/hazmat/primitives/cryptographic-hashes`, and 12:doc:`/hazmat/primitives/mac/hmac`. 13 14A specific ``backend`` may provide one or more of these interfaces. 15 16 17.. class:: CipherBackend 18 19 A backend that provides methods for using ciphers for encryption 20 and decryption. 21 22 The following backends implement this interface: 23 24 * :doc:`/hazmat/backends/openssl` 25 26 .. method:: cipher_supported(cipher, mode) 27 28 Check if a ``cipher`` and ``mode`` combination is supported by 29 this backend. 30 31 :param cipher: An instance of 32 :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`. 33 34 :param mode: An instance of 35 :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`. 36 37 :returns: ``True`` if the specified ``cipher`` and ``mode`` combination 38 is supported by this backend, otherwise ``False`` 39 40 41 .. method:: create_symmetric_encryption_ctx(cipher, mode) 42 43 Create a 44 :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` that 45 can be used for encrypting data with the symmetric ``cipher`` using 46 the given ``mode``. 47 48 :param cipher: An instance of 49 :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`. 50 51 :param mode: An instance of 52 :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`. 53 54 :returns: 55 :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` 56 57 :raises ValueError: When tag is not None in an AEAD mode 58 59 60 .. method:: create_symmetric_decryption_ctx(cipher, mode) 61 62 Create a 63 :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` that 64 can be used for decrypting data with the symmetric ``cipher`` using 65 the given ``mode``. 66 67 :param cipher: An instance of 68 :class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm`. 69 70 :param mode: An instance of 71 :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`. 72 73 :returns: 74 :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` 75 76 :raises ValueError: When tag is None in an AEAD mode 77 78 79.. class:: HashBackend 80 81 A backend with methods for using cryptographic hash functions. 82 83 The following backends implement this interface: 84 85 * :doc:`/hazmat/backends/openssl` 86 87 .. method:: hash_supported(algorithm) 88 89 Check if the specified ``algorithm`` is supported by this backend. 90 91 :param algorithm: An instance of 92 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. 93 94 :returns: ``True`` if the specified ``algorithm`` is supported by this 95 backend, otherwise ``False``. 96 97 98 .. method:: create_hash_ctx(algorithm) 99 100 Create a 101 :class:`~cryptography.hazmat.primitives.hashes.HashContext` that 102 uses the specified ``algorithm`` to calculate a message digest. 103 104 :param algorithm: An instance of 105 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. 106 107 :returns: 108 :class:`~cryptography.hazmat.primitives.hashes.HashContext` 109 110 111.. class:: HMACBackend 112 113 A backend with methods for using cryptographic hash functions as message 114 authentication codes. 115 116 The following backends implement this interface: 117 118 * :doc:`/hazmat/backends/openssl` 119 120 .. method:: hmac_supported(algorithm) 121 122 Check if the specified ``algorithm`` is supported by this backend. 123 124 :param algorithm: An instance of 125 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. 126 127 :returns: ``True`` if the specified ``algorithm`` is supported for HMAC 128 by this backend, otherwise ``False``. 129 130 .. method:: create_hmac_ctx(key, algorithm) 131 132 Create a 133 :class:`~cryptography.hazmat.primitives.hashes.HashContext` that 134 uses the specified ``algorithm`` to calculate a hash-based message 135 authentication code. 136 137 :param bytes key: Secret key as ``bytes``. 138 139 :param algorithm: An instance of 140 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. 141 142 :returns: 143 :class:`~cryptography.hazmat.primitives.hashes.HashContext` 144 145 146.. class:: CMACBackend 147 148 .. versionadded:: 0.4 149 150 A backend with methods for using CMAC 151 152 .. method:: cmac_algorithm_supported(algorithm) 153 154 :param algorithm: An instance of 155 :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`. 156 157 :return: Returns True if the block cipher is supported for CMAC by this backend 158 159 .. method:: create_cmac_ctx(algorithm) 160 161 Create a 162 context that 163 uses the specified ``algorithm`` to calculate a message authentication code. 164 165 :param algorithm: An instance of 166 :class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`. 167 168 :returns: CMAC object. 169 170 171.. class:: PBKDF2HMACBackend 172 173 .. versionadded:: 0.2 174 175 A backend with methods for using PBKDF2 using HMAC as a PRF. 176 177 The following backends implement this interface: 178 179 * :doc:`/hazmat/backends/openssl` 180 181 .. method:: pbkdf2_hmac_supported(algorithm) 182 183 Check if the specified ``algorithm`` is supported by this backend. 184 185 :param algorithm: An instance of 186 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. 187 188 :returns: ``True`` if the specified ``algorithm`` is supported for 189 PBKDF2 HMAC by this backend, otherwise ``False``. 190 191 .. method:: derive_pbkdf2_hmac(self, algorithm, length, salt, iterations, key_material) 192 193 :param algorithm: An instance of 194 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. 195 196 :param int length: The desired length of the derived key. Maximum is 197 (2\ :sup:`32` - 1) * ``algorithm.digest_size`` 198 199 :param bytes salt: A salt. 200 201 :param int iterations: The number of iterations to perform of the hash 202 function. This can be used to control the length of time the 203 operation takes. Higher numbers help mitigate brute force attacks 204 against derived keys. 205 206 :param bytes key_material: The key material to use as a basis for 207 the derived key. This is typically a password. 208 209 :return bytes: Derived key. 210 211 212.. class:: RSABackend 213 214 .. versionadded:: 0.2 215 216 A backend with methods for using RSA. 217 218 .. method:: generate_rsa_private_key(public_exponent, key_size) 219 220 :param int public_exponent: The public exponent of the new key. 221 Often one of the small Fermat primes 3, 5, 17, 257 or 65537. 222 223 :param int key_size: The length in bits of the modulus. Should be 224 at least 2048. 225 226 :return: A new instance of 227 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`. 228 229 :raises ValueError: If the public_exponent is not valid. 230 231 .. method:: rsa_padding_supported(padding) 232 233 Check if the specified ``padding`` is supported by the backend. 234 235 :param padding: An instance of 236 :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`. 237 238 :returns: ``True`` if the specified ``padding`` is supported by this 239 backend, otherwise ``False``. 240 241 .. method:: generate_rsa_parameters_supported(public_exponent, key_size) 242 243 Check if the specified parameters are supported for key generation by 244 the backend. 245 246 :param int public_exponent: The public exponent. 247 248 :param int key_size: The bit length of the generated modulus. 249 250 .. method:: load_rsa_private_numbers(numbers) 251 252 :param numbers: An instance of 253 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`. 254 255 :returns: An instance of 256 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`. 257 258 :raises ValueError: This is raised when the values of ``p``, ``q``, 259 ``private_exponent``, ``public_exponent``, or ``modulus`` do not 260 match the bounds specified in :rfc:`3447`. 261 262 :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised 263 when any backend specific criteria are not met. 264 265 .. method:: load_rsa_public_numbers(numbers) 266 267 :param numbers: An instance of 268 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`. 269 270 :returns: An instance of 271 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`. 272 273 :raises ValueError: This is raised when the values of 274 ``public_exponent`` or ``modulus`` do not match the bounds 275 specified in :rfc:`3447`. 276 277 :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised 278 when any backend specific criteria are not met. 279 280 281.. class:: DSABackend 282 283 .. versionadded:: 0.4 284 285 A backend with methods for using DSA. 286 287 .. method:: generate_dsa_parameters(key_size) 288 289 :param int key_size: The length of the modulus in bits. It should be 290 either 1024, 2048 or 3072. For keys generated in 2015 this should 291 be at least 2048. 292 Note that some applications (such as SSH) have not yet gained 293 support for larger key sizes specified in FIPS 186-3 and are still 294 restricted to only the 1024-bit keys specified in FIPS 186-2. 295 296 :return: A new instance of 297 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`. 298 299 .. method:: generate_dsa_private_key(parameters) 300 301 :param parameters: An instance of 302 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`. 303 304 :return: A new instance of 305 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. 306 307 :raises ValueError: This is raised if the key size is not one of 1024, 308 2048, or 3072. 309 310 .. method:: generate_dsa_private_key_and_parameters(key_size) 311 312 :param int key_size: The length of the modulus in bits. It should be 313 either 1024, 2048 or 3072. For keys generated in 2015 this should 314 be at least 2048. 315 Note that some applications (such as SSH) have not yet gained 316 support for larger key sizes specified in FIPS 186-3 and are still 317 restricted to only the 1024-bit keys specified in FIPS 186-2. 318 319 :return: A new instance of 320 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. 321 322 :raises ValueError: This is raised if the key size is not supported 323 by the backend. 324 325 .. method:: dsa_hash_supported(algorithm) 326 327 :param algorithm: An instance of 328 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`. 329 330 :returns: ``True`` if the specified ``algorithm`` is supported by this 331 backend, otherwise ``False``. 332 333 .. method:: dsa_parameters_supported(p, q, g) 334 335 :param int p: The p value of a DSA key. 336 337 :param int q: The q value of a DSA key. 338 339 :param int g: The g value of a DSA key. 340 341 :returns: ``True`` if the given values of ``p``, ``q``, and ``g`` are 342 supported by this backend, otherwise ``False``. 343 344 .. method:: load_dsa_parameter_numbers(numbers) 345 346 :param numbers: An instance of 347 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameterNumbers`. 348 349 :returns: An instance of 350 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`. 351 352 :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised 353 when any backend specific criteria are not met. 354 355 .. method:: load_dsa_private_numbers(numbers) 356 357 :param numbers: An instance of 358 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateNumbers`. 359 360 :returns: An instance of 361 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`. 362 363 :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised 364 when any backend specific criteria are not met. 365 366 .. method:: load_dsa_public_numbers(numbers) 367 368 :param numbers: An instance of 369 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicNumbers`. 370 371 :returns: An instance of 372 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`. 373 374 :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised 375 when any backend specific criteria are not met. 376 377 378.. class:: EllipticCurveBackend 379 380 .. versionadded:: 0.5 381 382 .. method:: elliptic_curve_supported(curve) 383 384 :param curve: An instance of 385 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`. 386 387 :returns: True if the elliptic curve is supported by this backend. 388 389 .. method:: elliptic_curve_signature_algorithm_supported(signature_algorithm, curve) 390 391 :param signature_algorithm: An instance of 392 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm`. 393 394 :param curve: An instance of 395 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`. 396 397 :returns: True if the signature algorithm and curve are supported by this backend. 398 399 .. method:: generate_elliptic_curve_private_key(curve) 400 401 :param curve: An instance of 402 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`. 403 404 .. method:: load_elliptic_curve_private_numbers(numbers) 405 406 :param numbers: An instance of 407 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateNumbers`. 408 409 :returns: An instance of 410 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`. 411 412 .. method:: load_elliptic_curve_public_numbers(numbers) 413 414 :param numbers: An instance of 415 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers`. 416 417 :returns: An instance of 418 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`. 419 420 .. method:: derive_elliptic_curve_private_key(private_value, curve) 421 422 :param private_value: A secret scalar value. 423 424 :param curve: An instance of 425 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve`. 426 427 :returns: An instance of 428 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`. 429 430.. class:: PEMSerializationBackend 431 432 .. versionadded:: 0.6 433 434 A backend with methods for working with any PEM encoded keys. 435 436 .. method:: load_pem_private_key(data, password) 437 438 :param bytes data: PEM data to load. 439 :param bytes password: The password to use if the data is encrypted. 440 Should be ``None`` if the data is not encrypted. 441 :return: A new instance of the appropriate type of private key that the 442 serialized data contains. 443 :raises ValueError: If the data could not be deserialized. 444 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is 445 encrypted with an unsupported algorithm. 446 447 .. method:: load_pem_public_key(data) 448 449 :param bytes data: PEM data to load. 450 :return: A new instance of the appropriate type of public key 451 serialized data contains. 452 :raises ValueError: If the data could not be deserialized. 453 454 .. method:: load_pem_parameters(data) 455 456 .. versionadded:: 2.0 457 458 :param bytes data: PEM data to load. 459 :return: A new instance of the appropriate type of asymmetric 460 parameters the serialized data contains. 461 :raises ValueError: If the data could not be deserialized. 462 463.. class:: DERSerializationBackend 464 465 .. versionadded:: 0.8 466 467 A backend with methods for working with DER encoded keys. 468 469 .. method:: load_der_private_key(data, password) 470 471 :param bytes data: DER data to load. 472 :param bytes password: The password to use if the data is encrypted. 473 Should be ``None`` if the data is not encrypted. 474 :return: A new instance of the appropriate type of private key that the 475 serialized data contains. 476 :raises ValueError: If the data could not be deserialized. 477 :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is 478 encrypted with an unsupported algorithm. 479 480 .. method:: load_der_public_key(data) 481 482 :param bytes data: DER data to load. 483 :return: A new instance of the appropriate type of public key 484 serialized data contains. 485 :raises ValueError: If the data could not be deserialized. 486 487 .. method:: load_der_parameters(data) 488 489 .. versionadded:: 2.0 490 491 :param bytes data: DER data to load. 492 :return: A new instance of the appropriate type of asymmetric 493 parameters the serialized data contains. 494 :raises ValueError: If the data could not be deserialized. 495 496 497.. class:: X509Backend 498 499 .. versionadded:: 0.7 500 501 A backend with methods for working with X.509 objects. 502 503 .. method:: load_pem_x509_certificate(data) 504 505 :param bytes data: PEM formatted certificate data. 506 507 :returns: An instance of :class:`~cryptography.x509.Certificate`. 508 509 .. method:: load_der_x509_certificate(data) 510 511 :param bytes data: DER formatted certificate data. 512 513 :returns: An instance of :class:`~cryptography.x509.Certificate`. 514 515 .. method:: load_pem_x509_csr(data) 516 517 .. versionadded:: 0.9 518 519 :param bytes data: PEM formatted certificate signing request data. 520 521 :returns: An instance of 522 :class:`~cryptography.x509.CertificateSigningRequest`. 523 524 .. method:: load_der_x509_csr(data) 525 526 .. versionadded:: 0.9 527 528 :param bytes data: DER formatted certificate signing request data. 529 530 :returns: An instance of 531 :class:`~cryptography.x509.CertificateSigningRequest`. 532 533 .. method:: create_x509_csr(builder, private_key, algorithm) 534 535 .. versionadded:: 1.0 536 537 :param builder: An instance of 538 :class:`~cryptography.x509.CertificateSigningRequestBuilder`. 539 540 :param private_key: The 541 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, 542 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` or 543 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` 544 that will be used to sign the request. When the request is 545 signed by a certificate authority, the private key's associated 546 public key will be stored in the resulting certificate. 547 548 :param algorithm: The 549 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` 550 that will be used to generate the request signature. 551 552 :returns: A new instance of 553 :class:`~cryptography.x509.CertificateSigningRequest`. 554 555 .. method:: create_x509_certificate(builder, private_key, algorithm) 556 557 .. versionadded:: 1.0 558 559 :param builder: An instance of 560 :class:`~cryptography.x509.CertificateBuilder`. 561 562 :param private_key: The 563 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, 564 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` or 565 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` 566 that will be used to sign the certificate. 567 568 :param algorithm: The 569 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` 570 that will be used to generate the certificate signature. 571 572 :returns: A new instance of :class:`~cryptography.x509.Certificate`. 573 574 .. method:: create_x509_crl(builder, private_key, algorithm) 575 576 .. versionadded:: 1.2 577 578 :param builder: An instance of 579 :class:`~cryptography.x509.CertificateRevocationListBuilder`. 580 581 :param private_key: The 582 :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`, 583 :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` or 584 :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey` 585 that will be used to sign the CRL. 586 587 :param algorithm: The 588 :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` 589 that will be used to generate the CRL signature. 590 591 :returns: A new instance of 592 :class:`~cryptography.x509.CertificateRevocationList`. 593 594 .. method:: create_x509_revoked_certificate(builder) 595 596 .. versionadded:: 1.2 597 598 :param builder: An instance of RevokedCertificateBuilder. 599 600 :returns: A new instance of 601 :class:`~cryptography.x509.RevokedCertificate`. 602 603 .. method:: x509_name_bytes(name) 604 605 .. versionadded:: 1.6 606 607 :param name: An instance of :class:`~cryptography.x509.Name`. 608 609 :return bytes: The DER encoded bytes. 610 611.. class:: DHBackend 612 613 .. versionadded:: 0.9 614 615 A backend with methods for doing Diffie-Hellman key exchange. 616 617 .. method:: generate_dh_parameters(generator, key_size) 618 619 :param int generator: The generator to use. Often 2 or 5. 620 621 :param int key_size: The bit length of the prime modulus to generate. 622 623 :return: A new instance of 624 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`. 625 626 :raises ValueError: If ``key_size`` is not at least 512. 627 628 .. method:: generate_dh_private_key(parameters) 629 630 :param parameters: An instance of 631 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`. 632 633 :return: A new instance of 634 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`. 635 636 .. method:: generate_dh_private_key_and_parameters(generator, key_size) 637 638 :param int generator: The generator to use. Often 2 or 5. 639 640 :param int key_size: The bit length of the prime modulus to generate. 641 642 :return: A new instance of 643 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`. 644 645 :raises ValueError: If ``key_size`` is not at least 512. 646 647 .. method:: load_dh_private_numbers(numbers) 648 649 :param numbers: A 650 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateNumbers` 651 instance. 652 653 :return: A new instance of 654 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey`. 655 656 :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised 657 when any backend specific criteria are not met. 658 659 .. method:: load_dh_public_numbers(numbers) 660 661 :param numbers: A 662 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicNumbers` 663 instance. 664 665 :return: A new instance of 666 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey`. 667 668 :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised 669 when any backend specific criteria are not met. 670 671 .. method:: load_dh_parameter_numbers(numbers) 672 673 :param numbers: A 674 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameterNumbers` 675 instance. 676 677 :return: A new instance of 678 :class:`~cryptography.hazmat.primitives.asymmetric.dh.DHParameters`. 679 680 :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised 681 when any backend specific criteria are not met. 682 683 .. method:: dh_parameters_supported(p, g, q=None) 684 685 :param int p: The p value of the DH key. 686 687 :param int g: The g value of the DH key. 688 689 :param int q: The q value of the DH key. 690 691 :returns: ``True`` if the given values of ``p``, ``g`` and ``q`` 692 are supported by this backend, otherwise ``False``. 693 694 .. versionadded:: 1.8 695 696 .. method:: dh_x942_serialization_supported() 697 698 :returns: True if serialization of DH objects with 699 subgroup order (q) is supported by this backend. 700 701 702.. class:: ScryptBackend 703 704 .. versionadded:: 1.6 705 706 A backend with methods for using Scrypt. 707 708 The following backends implement this interface: 709 710 * :doc:`/hazmat/backends/openssl` 711 712 .. method:: derive_scrypt(self, key_material, salt, length, n, r, p) 713 714 :param bytes key_material: The key material to use as a basis for 715 the derived key. This is typically a password. 716 717 :param bytes salt: A salt. 718 719 :param int length: The desired length of the derived key. 720 721 :param int n: CPU/Memory cost parameter. It must be larger than 1 and be a 722 power of 2. 723 724 :param int r: Block size parameter. 725 726 :param int p: Parallelization parameter. 727 728 :return bytes: Derived key. 729 730