1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
|
.. _openssl-crypto:
:py:mod:`crypto` --- Generic cryptographic module
=================================================
.. py:module:: OpenSSL.crypto
:synopsis: Generic cryptographic module
.. danger::
**This module is pending deprecation, use pyca/cryptography instead.**
`pyca/cryptography`_ is likely a better choice than using this module.
It contains a complete set of cryptographic primitives as well as a significantly better and more powerful X509 API.
If necessary you can convert to and from cryptography objects using the ``to_cryptography`` and ``from_cryptography`` methods on ``X509``, ``X509Req``, ``CRL``, and ``PKey``.
Elliptic curves
---------------
.. autofunction:: get_elliptic_curves
.. autofunction:: get_elliptic_curve
Serialization and deserialization
---------------------------------
The following serialization functions take one of these constants to determine the format.
.. py:data:: FILETYPE_PEM
:data:`FILETYPE_PEM` serializes data to a Base64-encoded encoded representation of the underlying ASN.1 data structure. This representation includes delimiters that define what data structure is contained within the Base64-encoded block: for example, for a certificate, the delimiters are ``-----BEGIN CERTIFICATE-----`` and ``-----END CERTIFICATE-----``.
.. py:data:: FILETYPE_ASN1
:data:`FILETYPE_ASN1` serializes data to the underlying ASN.1 data structure. The format used by :data:`FILETYPE_ASN1` is also sometimes referred to as DER.
Certificates
~~~~~~~~~~~~
.. autofunction:: dump_certificate
.. autofunction:: load_certificate
Certificate signing requests
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. autofunction:: dump_certificate_request
.. autofunction:: load_certificate_request
Private keys
~~~~~~~~~~~~
.. autofunction:: dump_privatekey
.. autofunction:: load_privatekey
Public keys
~~~~~~~~~~~
.. autofunction:: dump_publickey
.. autofunction:: load_publickey
.. _openssl-x509:
X509 objects
------------
.. autoclass:: X509
:members:
.. _openssl-x509name:
X509Name objects
----------------
.. autoclass:: X509Name
:members:
:special-members:
:exclude-members: __repr__, __getattr__, __weakref__
.. _openssl-x509req:
X509Req objects
---------------
.. autoclass:: X509Req
:members:
:special-members:
:exclude-members: __weakref__
.. _openssl-x509store:
X509Store objects
-----------------
.. autoclass:: X509Store
:members:
.. _openssl-x509storecontexterror:
X509StoreContextError objects
-----------------------------
.. autoclass:: X509StoreContextError
:members:
.. _openssl-x509storecontext:
X509StoreContext objects
------------------------
.. autoclass:: X509StoreContext
:members:
.. _openssl-pkey:
X509StoreFlags constants
------------------------
.. autoclass:: X509StoreFlags
.. data:: CRL_CHECK
.. data:: CRL_CHECK_ALL
.. data:: IGNORE_CRITICAL
.. data:: X509_STRICT
.. data:: ALLOW_PROXY_CERTS
.. data:: POLICY_CHECK
.. data:: EXPLICIT_POLICY
.. data:: INHIBIT_MAP
.. data:: NOTIFY_POLICY
.. data:: CHECK_SS_SIGNATURE
.. data:: PARTIAL_CHAIN
.. _openssl-x509storeflags:
PKey objects
------------
.. autoclass:: PKey
:members:
.. py:data:: TYPE_RSA
TYPE_DSA
Key type constants.
.. _openssl-509ext:
X509Extension objects
---------------------
.. autoclass:: X509Extension
:members:
:special-members:
:exclude-members: __weakref__
Exceptions
----------
.. py:exception:: Error
Generic exception used in the :py:mod:`.crypto` module.
Digest names
------------
Several of the functions and methods in this module take a digest name.
These must be strings describing a digest algorithm supported by OpenSSL (by ``EVP_get_digestbyname``, specifically).
For example, :const:`b"sha256"` or :const:`b"sha384"`.
More information and a list of these digest names can be found in the ``EVP_DigestInit(3)`` man page of your OpenSSL installation.
This page can be found online for the latest version of OpenSSL:
https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html
.. _`pyca/cryptography`: https://cryptography.io
|
