M2Crypto Package¶
M2Crypto
Package¶
ASN1
Module¶
-
class
M2Crypto.ASN1.
ASN1_Integer
(asn1int: M2Crypto.ASN1.ASN1_Integer, _pyfree: int = 0)[source]¶ Bases:
object
-
m2_asn1_integer_free
()¶
-
-
class
M2Crypto.ASN1.
ASN1_Object
(asn1obj: M2Crypto.ASN1.ASN1_Object, _pyfree: int = 0)[source]¶ Bases:
object
-
m2_asn1_object_free
()¶
-
-
class
M2Crypto.ASN1.
ASN1_String
(asn1str: M2Crypto.ASN1.ASN1_String, _pyfree: int = 0)[source]¶ Bases:
object
-
as_text
(flags: int = 0) → str[source]¶ Output an ASN1_STRING structure according to the set flags.
- Parameters
flags – determine the format of the output by using predetermined constants, see ASN1_STRING_print_ex(3) manpage for their meaning.
- Returns
output an ASN1_STRING structure.
-
m2_asn1_string_free
()¶
-
-
class
M2Crypto.ASN1.
ASN1_TIME
(asn1_time: Optional[M2Crypto.ASN1.ASN1_TIME] = None, _pyfree: Optional[int] = 0, asn1_utctime: Optional[M2Crypto.ASN1.ASN1_TIME] = None)[source]¶ Bases:
object
-
get_datetime
() → M2Crypto.ASN1.ASN1_TIME[source]¶
-
m2_asn1_time_free
()¶
-
set_datetime
(date: datetime.datetime) → M2Crypto.ASN1.ASN1_TIME[source]¶
-
set_time
(time: int) → M2Crypto.ASN1.ASN1_TIME[source]¶ Set time from seconds since epoch (int).
-
-
M2Crypto.ASN1.
ASN1_UTCTIME
¶ alias of
M2Crypto.ASN1.ASN1_TIME
AuthCookie
Module¶
-
class
M2Crypto.AuthCookie.
AuthCookie
(expiry: float, data: str, dough: str, mac: str)[source]¶ Bases:
object
-
class
M2Crypto.AuthCookie.
AuthCookieJar
[source]¶ Bases:
object
-
isGoodCookie
(cookie: M2Crypto.AuthCookie.AuthCookie) → Union[bool, int][source]¶
-
isGoodCookieString
(cookie_str: Union[dict, bytes], _debug: bool = False) → Union[bool, int][source]¶
-
makeCookie
(expiry: float, data: str) → M2Crypto.AuthCookie.AuthCookie[source]¶ Make a cookie
- Parameters
expiry – expiration time (float in seconds)
data – cookie content
- Returns
AuthCookie object
-
-
M2Crypto.AuthCookie.
mix
(expiry: float, data: AnyStr, format: str = 'exp=%f&data=%s&digest=') → AnyStr[source]¶
BIO
Module¶
-
class
M2Crypto.BIO.
BIO
(bio: Optional[M2Crypto.BIO.BIO] = None, _pyfree: int = 0, _close_cb: Optional[Callable] = None)[source]¶ Bases:
object
Abstract object interface to the BIO API.
-
bio_ptr
()¶
-
m2_bio_free
()¶
-
reset
() → int[source]¶ Set the bio to its initial state.
- Returns
1 for success, and 0 or -1 for failure
-
should_retry
() → int[source]¶ Can the call be attempted again, or was there an error ie do_handshake
-
-
class
M2Crypto.BIO.
CipherStream
(obio: M2Crypto.BIO.BIO)[source]¶ Bases:
M2Crypto.BIO.BIO
Object interface to BIO_f_cipher.
-
SALT_LEN
= 8¶
-
m2_bio_free
()¶
-
m2_bio_pop
()¶
-
-
class
M2Crypto.BIO.
File
(pyfile: Union[_io.BytesIO, AnyStr], close_pyfile: int = 1, mode: AnyStr = 'rb')[source]¶ Bases:
M2Crypto.BIO.BIO
Object interface to BIO_s_pyfd.
This class interfaces Python to OpenSSL functions that expect BIO. For general file manipulation in Python, use Python’s builtin file object.
-
class
M2Crypto.BIO.
IOBuffer
(under_bio: M2Crypto.BIO.BIO, mode: str = 'rwb', _pyfree: int = 1)[source]¶ Bases:
M2Crypto.BIO.BIO
Object interface to BIO_f_buffer.
Its principal function is to be BIO_push()’ed on top of a BIO_f_ssl, so that makefile() of said underlying SSL socket works.
-
m2_bio_free
()¶
-
m2_bio_pop
()¶
-
-
class
M2Crypto.BIO.
MemoryBuffer
(data: Optional[bytes] = None)[source]¶ Bases:
M2Crypto.BIO.BIO
Object interface to BIO_s_mem.
Empirical testing suggests that this class performs less well than cStringIO, because cStringIO is implemented in C, whereas this class is implemented in Python. Thus, the recommended practice is to use cStringIO for regular work and convert said cStringIO object to a MemoryBuffer object only when necessary.
-
close
() → None¶
-
getvalue
(size: int = 0) → bytes¶
-
read_all
(size: int = 0) → bytes¶
-
-
class
M2Crypto.BIO.
SSLBio
(_pyfree: int = 1)[source]¶ Bases:
M2Crypto.BIO.BIO
Object interface to BIO_f_ssl.
-
M2Crypto.BIO.
openfile
(filename: AnyStr, mode: AnyStr = 'rb') → M2Crypto.BIO.File[source]¶
BN
Module¶
-
M2Crypto.BN.
rand
(bits: int, top: int = - 1, bottom: int = 0) → Optional[int][source]¶ Generate cryptographically strong random number.
- Parameters
bits – Length of random number in bits.
top – If -1, the most significant bit can be 0. If 0, the most significant bit is 1, and if 1, the two most significant bits will be 1.
bottom – If bottom is true, the number will be odd.
DH
Module¶
-
class
M2Crypto.DH.
DH
(dh: bytes, _pyfree: int = 0)[source]¶ Bases:
object
Object interface to the Diffie-Hellman key exchange protocol.
-
m2_dh_free
()¶
-
print_params
(bio: M2Crypto.BIO.BIO) → int[source]¶
-
-
M2Crypto.DH.
gen_params
(plen: int, g: int, callback: Optional[Callable] = <function genparam_callback>) → M2Crypto.DH.DH[source]¶
-
M2Crypto.DH.
load_params
(file: AnyStr) → M2Crypto.DH.DH[source]¶
-
M2Crypto.DH.
load_params_bio
(bio: M2Crypto.BIO.BIO) → M2Crypto.DH.DH[source]¶
-
M2Crypto.DH.
set_params
(p: bytes, g: bytes) → M2Crypto.DH.DH[source]¶
DSA
Module¶
-
class
M2Crypto.DSA.
DSA
(dsa: bytes, _pyfree: int = 0)[source]¶ Bases:
object
This class is a context supporting DSA key and parameter values, signing and verifying.
Simple example:
from M2Crypto import EVP, DSA, util message = 'Kilroy was here!' md = EVP.MessageDigest('sha1') md.update(message) digest = md.final() dsa = DSA.gen_params(1024) dsa.gen_key() r, s = dsa.sign(digest) good = dsa.verify(digest, r, s) if good: print(' ** success **') else: print(' ** verification failed **')
-
check_key
()[source]¶ Check to be sure the DSA object has a valid private key.
- Returns
1 (true) if a valid private key
-
m2_dsa_free
()¶
-
save_key
(filename: AnyStr, cipher: str = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶ Save the DSA key pair to a file.
- Parameters
filename – Save the DSA key pair to this file.
cipher – name of symmetric key algorithm and mode to encrypt the private key.
- Returns
1 (true) if successful
-
save_key_bio
(bio: M2Crypto.BIO.BIO, cipher: str = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶ Save DSA key pair to a BIO object.
- Parameters
bio – Save DSA parameters to this object.
cipher – name of symmetric key algorithm and mode to encrypt the private key.
- Returns
1 (true) if successful
-
save_params
(filename: AnyStr) → int[source]¶ Save the DSA parameters to a file.
- Parameters
filename – Save the DSA parameters to this file.
- Returns
1 (true) if successful
-
save_params_bio
(bio: M2Crypto.BIO.BIO) → int[source]¶ Save DSA parameters to a BIO object.
- Parameters
bio – Save DSA parameters to this object.
- Returns
1 (true) if successful
-
save_pub_key
(filename: AnyStr) → int[source]¶ Save the DSA public key (with parameters) to a file.
- Parameters
filename – Save DSA public key (with parameters) to this file.
- Returns
1 (true) if successful
-
save_pub_key_bio
(bio: M2Crypto.BIO.BIO) → int[source]¶ Save DSA public key (with parameters) to a BIO object.
- Parameters
bio – Save DSA public key (with parameters) to this object.
- Returns
1 (true) if successful
-
set_params
(p: bytes, q: bytes, g: bytes) → None[source]¶ Set new parameters.
- Parameters
p – MPI binary representation … format that consists of the number’s length in bytes represented as a 4-byte big-endian number, and the number itself in big-endian format, where the most significant bit signals a negative number (the representation of numbers with the MSB set is prefixed with null byte).
q – ditto
g – ditto
- @warning: This does not change the private key, so it may be
unsafe to use this method. It is better to use gen_params function to create a new DSA object.
-
sign
(digest: bytes) → Tuple[bytes, bytes][source]¶ Sign the digest.
- Parameters
digest – SHA-1 hash of message (same as output from MessageDigest, a “byte string”)
- Returns
DSA signature, a tuple of two values, r and s, both “byte strings”.
-
verify
(digest: bytes, r: bytes, s: bytes) → int[source]¶ Verify a newly calculated digest against the signature values r and s.
- Parameters
digest – SHA-1 hash of message (same as output from MessageDigest, a “byte string”)
r – r value of the signature, a “byte string”
s – s value of the signature, a “byte string”
- Returns
1 (true) if verify succeeded, 0 if failed
-
-
class
M2Crypto.DSA.
DSA_pub
(dsa: bytes, _pyfree: int = 0)[source]¶ Bases:
M2Crypto.DSA.DSA
This class is a DSA context that only supports a public key and verification. It does NOT support a private key or signing.
-
save_key
(filename: AnyStr) → int¶ Save the DSA public key (with parameters) to a file.
- Parameters
filename – Save DSA public key (with parameters) to this file.
- Returns
1 (true) if successful
-
save_key_bio
(bio: M2Crypto.BIO.BIO) → int¶ Save DSA public key (with parameters) to a BIO object.
- Parameters
bio – Save DSA public key (with parameters) to this object.
- Returns
1 (true) if successful
-
sign
(*argv: Any) → None[source]¶ Sign the digest.
- Parameters
digest – SHA-1 hash of message (same as output from MessageDigest, a “byte string”)
- Returns
DSA signature, a tuple of two values, r and s, both “byte strings”.
-
sign_asn1
(*argv: Any) → None¶ Sign the digest.
- Parameters
digest – SHA-1 hash of message (same as output from MessageDigest, a “byte string”)
- Returns
DSA signature, a tuple of two values, r and s, both “byte strings”.
-
-
M2Crypto.DSA.
gen_params
(bits: int, callback: Callable = <function genparam_callback>) → M2Crypto.DSA.DSA[source]¶ Factory function that generates DSA parameters and instantiates a DSA object from the output.
- Parameters
bits – The length of the prime to be generated. If ‘bits’ < 512, it is set to 512.
callback – A Python callback object that will be invoked during parameter generation; it usual purpose is to provide visual feedback.
- Returns
instance of DSA.
-
M2Crypto.DSA.
load_key
(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.DSA.DSA[source]¶ Factory function that instantiates a DSA object from a PEM encoded DSA key pair.
- Parameters
file – Names the file (a path) that contains the PEM representation of the DSA key pair.
callback – A Python callback object that will be invoked if the DSA key pair is passphrase-protected.
- Returns
instance of DSA.
-
M2Crypto.DSA.
load_key_bio
(bio: M2Crypto.BIO.BIO, callback: Callable = <function passphrase_callback>) → M2Crypto.DSA.DSA[source]¶ Factory function that instantiates a DSA object from a PEM encoded DSA key pair.
- Parameters
bio – Contains the PEM representation of the DSA key pair.
callback – A Python callback object that will be invoked if the DSA key pair is passphrase-protected.
- Returns
instance of DSA.
-
M2Crypto.DSA.
load_params
(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.DSA.DSA[source]¶ Factory function that instantiates a DSA object with DSA parameters from a file.
- Parameters
file – Names the file (a path) that contains the PEM representation of the DSA parameters.
callback – A Python callback object that will be invoked if the DSA parameters file is passphrase-protected.
- Returns
instance of DSA.
-
M2Crypto.DSA.
load_params_bio
(bio: M2Crypto.BIO.BIO, callback: Callable = <function passphrase_callback>) → M2Crypto.DSA.DSA[source]¶ Factory function that instantiates a DSA object with DSA parameters from a M2Crypto.BIO object.
- Parameters
bio – Contains the PEM representation of the DSA parameters.
callback – A Python callback object that will be invoked if the DSA parameters file is passphrase-protected.
- Returns
instance of DSA.
-
M2Crypto.DSA.
load_pub_key
(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.DSA.DSA_pub[source]¶ Factory function that instantiates a DSA_pub object using a DSA public key contained in PEM file. The PEM file must contain the parameters in addition to the public key.
- Parameters
file – Names the file (a path) that contains the PEM representation of the DSA public key.
callback – A Python callback object that will be invoked should the DSA public key be passphrase-protected.
- Returns
instance of DSA_pub.
-
M2Crypto.DSA.
load_pub_key_bio
(bio: M2Crypto.BIO.BIO, callback: Callable = <function passphrase_callback>) → M2Crypto.DSA.DSA_pub[source]¶ Factory function that instantiates a DSA_pub object using a DSA public key contained in PEM format. The PEM must contain the parameters in addition to the public key.
- Parameters
bio – Contains the PEM representation of the DSA public key (with params).
callback – A Python callback object that will be invoked should the DSA public key be passphrase-protected.
- Returns
instance of DSA_pub.
-
M2Crypto.DSA.
pub_key_from_params
(p: bytes, q: bytes, g: bytes, pub: bytes) → M2Crypto.DSA.DSA_pub[source]¶ Factory function that instantiates a DSA_pub object using the parameters and public key specified.
- Parameters
p – value of p
q – value of q
g – value of g
pub – value of the public key
- Returns
instance of DSA_pub.
-
M2Crypto.DSA.
set_params
(p: bytes, q: bytes, g: bytes) → M2Crypto.DSA.DSA[source]¶ Factory function that instantiates a DSA object with DSA parameters.
- Parameters
p – value of p, a “byte string”
q – value of q, a “byte string”
g – value of g, a “byte string”
- Returns
instance of DSA.
EC
Module¶
-
class
M2Crypto.EC.
EC
(ec: M2Crypto.EC.EC, _pyfree: int = 0)[source]¶ Bases:
object
Object interface to a EC key pair.
-
as_pem
(cipher='aes_128_cbc', callback=<function passphrase_callback>)[source]¶ Returns the key(pair) as a string in PEM format. If no password is passed and the cipher is set it exits with error
-
compute_dh_key
(pub_key: M2Crypto.EC.EC) → Optional[bytes][source]¶ Compute the ECDH shared key of this key pair and the given public key object. They must both use the same curve. Returns the shared key in binary as a buffer object. No Key Derivation Function is applied.
-
gen_key
() → int[source]¶ Generates the key pair from its parameters. Use:
keypair = EC.gen_params(curve) keypair.gen_key()
to create an EC key pair.
-
m2_ec_key_free
()¶
-
pub
() → M2Crypto.EC.EC_pub[source]¶
-
save_key
(file: AnyStr, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶ Save the key pair to a file in PEM format.
- Parameters
file – Name of filename to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.
-
save_key_bio
(bio: M2Crypto.BIO.BIO, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶ Save the key pair to an M2Crypto.BIO.BIO object in PEM format.
- Parameters
bio – M2Crypto.BIO.BIO object to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.
-
save_pub_key
(file: AnyStr) → int[source]¶ Save the public key to a filename in PEM format.
- Parameters
file – Name of filename to save key to.
-
save_pub_key_bio
(bio: M2Crypto.BIO.BIO) → int[source]¶ Save the public key to an M2Crypto.BIO.BIO object in PEM format.
- Parameters
bio – M2Crypto.BIO.BIO object to save key to.
-
sign_dsa
(digest: bytes) → Tuple[bytes, bytes][source]¶ Sign the given digest using ECDSA. Returns a tuple (r,s), the two ECDSA signature parameters.
-
-
class
M2Crypto.EC.
EC_pub
(ec: M2Crypto.EC.EC, _pyfree: int = 0)[source]¶ Bases:
M2Crypto.EC.EC
Object interface to an EC public key. ((don’t like this implementation inheritance))
-
save_key
(file: AnyStr) → int¶ Save the public key to a filename in PEM format.
- Parameters
file – Name of filename to save key to.
-
save_key_bio
(bio: M2Crypto.BIO.BIO) → int¶ Save the public key to an M2Crypto.BIO.BIO object in PEM format.
- Parameters
bio – M2Crypto.BIO.BIO object to save key to.
-
-
M2Crypto.EC.
ec_error
() → M2Crypto.EC.ECError[source]¶
-
M2Crypto.EC.
gen_params
(curve: int) → M2Crypto.EC.EC[source]¶ Factory function that generates EC parameters and instantiates a EC object from the output.
- Parameters
curve – This is the OpenSSL nid of the curve to use.
-
M2Crypto.EC.
load_key
(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.EC.EC[source]¶ Factory function that instantiates a EC object.
- Parameters
file – Names the filename that contains the PEM representation of the EC key pair.
callback – Python callback object that will be invoked if the EC key pair is passphrase-protected.
-
M2Crypto.EC.
load_key_bio
(bio: M2Crypto.BIO.BIO, callback: Callable = <function passphrase_callback>) → M2Crypto.EC.EC[source]¶ Factory function that instantiates a EC object.
- Parameters
bio – M2Crypto.BIO object that contains the PEM representation of the EC key pair.
callback – Python callback object that will be invoked if the EC key pair is passphrase-protected.
-
M2Crypto.EC.
load_key_string
(string: str, callback: Callable = <function passphrase_callback>) → M2Crypto.EC.EC[source]¶ Load an EC key pair from a string.
- Parameters
string – String containing EC key pair in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback.
- Returns
M2Crypto.EC.EC object.
-
M2Crypto.EC.
load_key_string_pubkey
(string: str, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey[source]¶ Load an M2Crypto.EC.PKey from a public key as a string.
- Parameters
string – String containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.
- Returns
M2Crypto.EC.PKey object.
-
M2Crypto.EC.
load_pub_key
(file: AnyStr) → M2Crypto.EC.EC_pub[source]¶ Load an EC public key from filename.
- Parameters
file – Name of filename containing EC public key in PEM format.
- Returns
M2Crypto.EC.EC_pub object.
-
M2Crypto.EC.
load_pub_key_bio
(bio: M2Crypto.BIO.BIO) → M2Crypto.EC.EC_pub[source]¶ Load an EC public key from an M2Crypto.BIO.BIO object.
- Parameters
bio – M2Crypto.BIO.BIO object containing EC public key in PEM format.
- Returns
M2Crypto.EC.EC_pub object.
-
M2Crypto.EC.
pub_key_from_der
(der: bytes) → M2Crypto.EC.EC_pub[source]¶ Create EC_pub from DER.
-
M2Crypto.EC.
pub_key_from_params
(curve: bytes, bytes: bytes) → M2Crypto.EC.EC_pub[source]¶ Create EC_pub from curve name and octet string.
EVP
Module¶
-
class
M2Crypto.EVP.
Cipher
(alg: str, key: bytes, iv: bytes, op: object, key_as_bytes: int = 0, d: str = 'md5', salt: bytes = b'12345678', i: int = 1, padding: int = 1)[source]¶ Bases:
object
-
m2_cipher_ctx_free
()¶
-
-
class
M2Crypto.EVP.
HMAC
(key: bytes, algo: str = 'sha1')[source]¶ Bases:
object
-
digest
() → bytes¶
-
m2_hmac_ctx_free
()¶
-
-
class
M2Crypto.EVP.
MessageDigest
(algo: str)[source]¶ Bases:
object
Message Digest
-
digest
()¶
-
m2_md_ctx_free
()¶
-
-
class
M2Crypto.EVP.
PKey
(pkey: Optional[bytes] = None, _pyfree: int = 0, md: str = 'sha1')[source]¶ Bases:
object
Public Key
-
as_pem
(cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → bytes[source]¶ Return key in PEM format in a string.
- Parameters
cipher – Symmetric cipher to protect the key. The default cipher is
'aes_128_cbc'
. If cipher is None, then the key is saved in the clear.callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.
-
assign_rsa
(rsa: M2Crypto.RSA.RSA, capture: int = 1) → int[source]¶ Assign the RSA key pair to self.
- Parameters
rsa – M2Crypto.RSA.RSA object to be assigned to self.
capture – If true (default), this PKey object will own the RSA object, meaning that once the PKey object gets deleted it is no longer safe to use the RSA object.
- Returns
Return 1 for success and 0 for failure.
-
digest_sign_update
(data: bytes) → None[source]¶ Feed data to digest signing operation.
- Parameters
data – Data to be signed.
-
digest_verify
()[source]¶ Return result of verification.
- Parameters
sign – Signature to use for verification
data – Data to be verified.
- Returns
Result of verification: 1 for success, 0 for failure, -1 on other error.
-
digest_verify_final
(sign: bytes) → int[source]¶ Feed data to digest verification operation.
- Parameters
sign – Signature to use for verification
- Returns
Result of verification: 1 for success, 0 for failure, -1 on other error.
-
digest_verify_update
(data: bytes) → int[source]¶ Feed data to verification operation.
- Parameters
data – Data to be verified.
- Returns
-1 on Python error, 1 for success, 0 for OpenSSL error
-
final
() → bytes¶ Return signature.
- Returns
The signature.
-
get_rsa
() → M2Crypto.RSA.RSA_pub[source]¶ Return the underlying RSA key if that is what the EVP instance is holding.
-
m2_md_ctx_free
()¶
-
m2_pkey_free
()¶
-
reset_context
(md: str = 'sha1') → None[source]¶ Reset internal message digest context.
- Parameters
md – The message digest algorithm.
-
save_key
(file: AnyStr, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶ Save the key pair to a file in PEM format.
- Parameters
file – Name of file to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.
-
save_key_bio
(bio: M2Crypto.BIO.BIO, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶ Save the key pair to the M2Crypto.BIO object ‘bio’ in PEM format.
- Parameters
bio – M2Crypto.BIO object to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.
-
sign_update
(data: bytes) → None[source]¶ Feed data to signing operation.
- Parameters
data – Data to be signed.
-
update
(data: bytes) → None¶ Feed data to signing operation.
- Parameters
data – Data to be signed.
-
-
M2Crypto.EVP.
load_key
(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey[source]¶ Load an M2Crypto.EVP.PKey from file.
- Parameters
file – Name of file containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.
- Returns
M2Crypto.EVP.PKey object.
-
M2Crypto.EVP.
load_key_bio
(bio: M2Crypto.BIO.BIO, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey[source]¶ Load an M2Crypto.EVP.PKey from an M2Crypto.BIO object.
- Parameters
bio – M2Crypto.BIO object containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.
- Returns
M2Crypto.EVP.PKey object.
-
M2Crypto.EVP.
load_key_bio_pubkey
(bio: M2Crypto.BIO.BIO, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey[source]¶ Load an M2Crypto.EVP.PKey from a public key as a M2Crypto.BIO object.
- Parameters
bio – M2Crypto.BIO object containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.
- Returns
M2Crypto.EVP.PKey object.
-
M2Crypto.EVP.
load_key_pubkey
(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey[source]¶ Load an M2Crypto.EVP.PKey from a public key as a file.
- Parameters
file – Name of file containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.
- Returns
M2Crypto.EVP.PKey object.
-
M2Crypto.EVP.
load_key_string
(string: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey[source]¶ Load an M2Crypto.EVP.PKey from a string.
- Parameters
string – String containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.
- Returns
M2Crypto.EVP.PKey object.
-
M2Crypto.EVP.
load_key_string_pubkey
(string: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey[source]¶ Load an M2Crypto.EVP.PKey from a public key as a string.
- Parameters
string – String containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.
- Returns
M2Crypto.EVP.PKey object.
-
M2Crypto.EVP.
pbkdf2
(password: bytes, salt: bytes, iter: int, keylen: int) → bytes[source]¶ Derive a key from password using PBKDF2 algorithm specified in RFC 2898.
- Parameters
password – Derive the key from this password.
salt – Salt.
iter – Number of iterations to perform.
keylen – Length of key to produce.
- Returns
Key.
Engine
Module¶
-
class
M2Crypto.Engine.
Engine
(id: Optional[bytes] = None, _ptr: Optional[bytes] = None, _pyfree: int = 1)[source]¶ Bases:
object
Wrapper for ENGINE object.
-
ctrl_cmd_string
(cmd: AnyStr, arg: Optional[AnyStr], optional: int = 0) → None[source]¶ Call ENGINE_ctrl_cmd_string
-
init
() → int[source]¶ Obtain a functional reference to the engine.
- Returns
0 on error, non-zero on success.
-
load_certificate
(name: bytes) → M2Crypto.X509.X509[source]¶ Load certificate from engine (e.g from smartcard). NOTE: This function may be not implemented by engine!
-
load_private_key
(name: bytes, pin: Optional[bytes] = None) → M2Crypto.X509.X509[source]¶ Load private key with engine methods (e.g from smartcard). If pin is not set it will be asked
-
load_public_key
(name: bytes, pin: Optional[bytes] = None) → M2Crypto.EVP.PKey[source]¶ Load public key with engine methods (e.g from smartcard).
-
m2_engine_free
()¶
-
-
M2Crypto.Engine.
cleanup
() → None[source]¶ If you load any engines, you need to clean up after your application is finished with the engines.
-
M2Crypto.Engine.
load_dynamic_engine
(id: bytes, sopath: AnyStr) → M2Crypto.Engine.Engine[source]¶ Load and return dymanic engine from sopath and assign id to it
Err
Module¶
RC4
Module¶
RSA
Module¶
-
class
M2Crypto.RSA.
RSA
(rsa: bytes, _pyfree: int = 0)[source]¶ Bases:
object
RSA Key Pair.
-
as_pem
(cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → bytes[source]¶ Returns the key(pair) as a string in PEM format.
-
check_key
() → int[source]¶ Validate RSA keys.
It checks that p and q are in fact prime, and that n = p*q.
- Returns
returns 1 if rsa is a valid RSA key, and 0 otherwise. -1 is returned if an error occurs while checking the key. If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).
-
m2_rsa_free
()¶
-
save_key
(file: AnyStr, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶ Save the key pair to a file in PEM format.
- Parameters
file – Name of file to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.
-
save_key_bio
(bio: M2Crypto.BIO.BIO, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶ Save the key pair to an M2Crypto.BIO.BIO object in PEM format.
- Parameters
bio – M2Crypto.BIO.BIO object to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.
-
save_key_der
(file: AnyStr) → int[source]¶ Save the key pair to a file in DER format.
- Parameters
file – Filename to save key to
-
save_key_der_bio
(bio: M2Crypto.BIO.BIO) → int[source]¶ Save the key pair to an M2Crypto.BIO.BIO object in DER format.
- Parameters
bio – M2Crypto.BIO.BIO object to save key to.
-
save_pem
(file: AnyStr, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int¶ Save the key pair to a file in PEM format.
- Parameters
file – Name of file to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.
-
save_pub_key
(file: AnyStr) → int[source]¶ Save the public key to a file in PEM format.
- Parameters
file – Name of file to save key to.
-
save_pub_key_bio
(bio: M2Crypto.BIO.BIO) → int[source]¶ Save the public key to an M2Crypto.BIO.BIO object in PEM format.
- Parameters
bio – M2Crypto.BIO.BIO object to save key to.
-
sign
(digest: bytes, algo: str = 'sha1') → bytes[source]¶ Signs a digest with the private key
- Parameters
digest – A digest created by using the digest method
algo – The method that created the digest. Legal values like ‘sha1’,’sha224’, ‘sha256’, ‘ripemd160’, and ‘md5’.
- Returns
a string which is the signature
-
sign_rsassa_pss
(digest: bytes, algo: str = 'sha1', salt_length: int = 20) → bytes[source]¶ Signs a digest with the private key using RSASSA-PSS
- Parameters
digest – A digest created by using the digest method
salt_length – The length of the salt to use
algo – The hash algorithm to use Legal values like ‘sha1’,’sha224’, ‘sha256’, ‘ripemd160’, and ‘md5’.
- Returns
a string which is the signature
-
verify
(data: bytes, signature: bytes, algo: str = 'sha1') → int[source]¶ Verifies the signature with the public key
- Parameters
data – Data that has been signed
signature – The signature signed with the private key
algo – The method use to create digest from the data before it was signed. Legal values like ‘sha1’,’sha224’, ‘sha256’, ‘ripemd160’, and ‘md5’.
- Returns
1 or 0, depending on whether the signature was verified or not.
-
verify_rsassa_pss
(data: bytes, signature: bytes, algo: str = 'sha1', salt_length: int = 20) → int[source]¶ Verifies the signature RSASSA-PSS
- Parameters
data – Data that has been signed
signature – The signature signed with RSASSA-PSS
salt_length – The length of the salt that was used
algo – The hash algorithm to use Legal values are for example ‘sha1’,’sha224’, ‘sha256’, ‘ripemd160’, and ‘md5’.
- Returns
1 or 0, depending on whether the signature was verified or not.
-
-
class
M2Crypto.RSA.
RSA_pub
(rsa: bytes, _pyfree: int = 0)[source]¶ Bases:
M2Crypto.RSA.RSA
Object interface to an RSA public key.
-
check_key
() → int[source]¶ Validate RSA keys.
It checks that p and q are in fact prime, and that n = p*q.
- Returns
returns 1 if rsa is a valid RSA key, and 0 otherwise. -1 is returned if an error occurs while checking the key. If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).
-
save_key_bio
(bio: M2Crypto.BIO.BIO, *args: Any, **kw: Any) → int[source]¶ Save public key to BIO.
-
-
M2Crypto.RSA.
gen_key
(bits: int, e: int, callback: Callable = <function keygen_callback>) → M2Crypto.RSA.RSA[source]¶ Generate an RSA key pair.
- Parameters
bits – Key length, in bits.
e – The RSA public exponent.
callback – A Python callable object that is invoked during key generation; its usual purpose is to provide visual feedback. The default callback is keygen_callback.
- Returns
M2Crypto.RSA.RSA object.
-
M2Crypto.RSA.
keygen_callback
(p: int, n: Any, out: IO[str] = <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>) → None[source]¶ Default callback for gen_key().
-
M2Crypto.RSA.
load_key
(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.RSA.RSA[source]¶ Load an RSA key pair from file.
- Parameters
file – Name of file containing RSA public key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback.
- Returns
M2Crypto.RSA.RSA object.
-
M2Crypto.RSA.
load_key_bio
(bio: M2Crypto.BIO.BIO, callback: Callable = <function passphrase_callback>) → M2Crypto.RSA.RSA[source]¶ Load an RSA key pair from an M2Crypto.BIO.BIO object.
- Parameters
bio – M2Crypto.BIO.BIO object containing RSA key pair in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback.
- Returns
M2Crypto.RSA.RSA object.
-
M2Crypto.RSA.
load_key_string
(string: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.RSA.RSA[source]¶ Load an RSA key pair from a string.
- Parameters
string – String containing RSA key pair in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback.
- Returns
M2Crypto.RSA.RSA object.
-
M2Crypto.RSA.
load_pub_key
(file: AnyStr) → M2Crypto.RSA.RSA_pub[source]¶ Load an RSA public key from file.
- Parameters
file – Name of file containing RSA public key in PEM format.
- Returns
M2Crypto.RSA.RSA_pub object.
-
M2Crypto.RSA.
load_pub_key_bio
(bio: M2Crypto.BIO.BIO) → M2Crypto.RSA.RSA_pub[source]¶ Load an RSA public key from an M2Crypto.BIO.BIO object.
- Parameters
bio – M2Crypto.BIO.BIO object containing RSA public key in PEM format.
- Returns
M2Crypto.RSA.RSA_pub object.
-
M2Crypto.RSA.
new_pub_key
(e_n: Tuple[bytes, bytes]) → M2Crypto.RSA.RSA_pub[source]¶ Instantiate an RSA_pub object from an (e, n) tuple.
- Parameters
e – The RSA public exponent; it is a string in OpenSSL’s MPINT format - 4-byte big-endian bit-count followed by the appropriate number of bits.
n – The RSA composite of primes; it is a string in OpenSSL’s MPINT format - 4-byte big-endian bit-count followed by the appropriate number of bits.
- Returns
M2Crypto.RSA.RSA_pub object.
Rand
Module¶
M2Crypto wrapper for OpenSSL PRNG. Requires OpenSSL 0.9.5 and above.
Copyright (c) 1999-2003 Ng Pheng Siong. All rights reserved. Copyright (c) 2014-2017 Matej Cepl. All rights reserved.
See LICENCE for the license information.
-
M2Crypto.Rand.
load_file
(filename: AnyStr, max_bytes: int) → int[source]¶ Read a number of bytes from file filename and adds them to the PRNG.
If max_bytes is non-negative, up to to max_bytes are read; starting with OpenSSL 0.9.5, if max_bytes is -1, the complete file is read.
- Parameters
filename –
max_bytes –
- Returns
the number of bytes read.
-
M2Crypto.Rand.
rand_add
(blob: bytes, entropy: float) → None[source]¶ Mixes blob into the PRNG state.
- Parameters
blob – added data
entropy – (the lower bound of) an estimate of how much randomness is contained in blob, measured in bytes.
Thus, if the data at buf are unpredictable to an adversary, this increases the uncertainty about the state and makes the PRNG output less predictable. Suitable input comes from user interaction (random key presses, mouse movements) and certain hardware events.
Details about sources of randomness and how to estimate their entropy can be found in the literature, e.g. RFC 1750.
-
M2Crypto.Rand.
rand_bytes
(num: int) → bytes[source]¶ Return n cryptographically strong pseudo-random bytes.
An error occurs if the PRNG has not been seeded with enough randomness to ensure an unpredictable byte sequence.
- Parameters
num – number of bytes to be returned
- Returns
random bytes
-
M2Crypto.Rand.
rand_file_name
() → str[source]¶ Generate a default path for the random seed file.
- Returns
string with the filename. The seed file is $RANDFILE if that environment variable is set, $HOME/.rnd otherwise. If $HOME is not set either, an error occurs.
-
M2Crypto.Rand.
rand_pseudo_bytes
(num: int) → Tuple[bytes, int][source]¶ Return num pseudo-random bytes into buf.
Pseudo-random byte sequences generated by this method will be unique if they are of sufficient length, but are not necessarily unpredictable. They can be used for non-cryptographic purposes and for certain purposes in cryptographic protocols, but usually not for key generation etc.
Output of the function is mixed into the entropy pool before retrieving the new pseudo-random bytes unless disabled at compile time (see FAQ).
- Parameters
num – number of bytes to be returned
- Returns
random bytes
-
M2Crypto.Rand.
rand_seed
(seed: bytes) → None[source]¶ Equivalent to rand_add() when len(seed) == entropy.
- Parameters
seed – added data (see description at rand_add)
-
M2Crypto.Rand.
rand_status
() → int[source]¶ Check whether there is enough entropy in PRNG.
- Returns
1 if the PRNG has been seeded with enough data, 0 otherwise.
-
M2Crypto.Rand.
save_file
(filename: AnyStr) → int[source]¶ Write a number of random bytes (currently 1024) to file.
The file then can be used to initialize the PRNG by calling load_file() in a later session.
- Parameters
filename –
- Returns
returns the number of bytes written, and -1 if the bytes written were generated without appropriate seed.
SMIME
Module¶
-
class
M2Crypto.SMIME.
Cipher
(algo: str)[source]¶ Bases:
object
Object interface to EVP_CIPHER without all the frills of M2Crypto.EVP.Cipher.
-
class
M2Crypto.SMIME.
PKCS7
(pkcs7: Optional[bytes] = None, _pyfree: int = 0)[source]¶ Bases:
object
-
get0_signers
(certs: M2Crypto.X509.X509_Stack, flags: int = 0) → M2Crypto.X509.X509_Stack[source]¶
-
m2_pkcs7_free
()¶
-
write
(bio: M2Crypto.BIO.BIO) → int[source]¶
-
write_der
(bio: M2Crypto.BIO.BIO) → int[source]¶
-
-
class
M2Crypto.SMIME.
SMIME
[source]¶ Bases:
object
-
decrypt
(pkcs7: M2Crypto.SMIME.PKCS7, flags: int = 0) → Optional[bytes][source]¶
-
encrypt
(data_bio: M2Crypto.BIO.BIO, flags: int = 0) → M2Crypto.SMIME.PKCS7[source]¶
-
load_key
(keyfile: AnyStr, certfile: Optional[AnyStr] = None, callback: Callable = <function passphrase_callback>) → None[source]¶
-
load_key_bio
(keybio: M2Crypto.BIO.BIO, certbio: Optional[M2Crypto.BIO.BIO] = None, callback: Callable = <function passphrase_callback>) → None[source]¶
-
set_cipher
(cipher: M2Crypto.SMIME.Cipher) → None[source]¶
-
set_x509_stack
(stack: M2Crypto.X509.X509_Stack) → None[source]¶
-
set_x509_store
(store: M2Crypto.X509.X509_Store) → None[source]¶
-
sign
(data_bio: M2Crypto.BIO.BIO, flags: int = 0, algo: Optional[str] = 'sha1') → M2Crypto.SMIME.PKCS7[source]¶
-
verify
(pkcs7: M2Crypto.SMIME.PKCS7, data_bio: Optional[M2Crypto.BIO.BIO] = None, flags: int = 0) → Optional[bytes][source]¶
-
write
(out_bio: M2Crypto.BIO.BIO, pkcs7: M2Crypto.SMIME.PKCS7, data_bio: Optional[M2Crypto.BIO.BIO] = None, flags: int = 0) → int[source]¶
-
-
M2Crypto.SMIME.
load_pkcs7
(p7file: AnyStr) → M2Crypto.SMIME.PKCS7[source]¶
-
M2Crypto.SMIME.
load_pkcs7_bio
(p7_bio: M2Crypto.BIO.BIO) → M2Crypto.SMIME.PKCS7[source]¶
-
M2Crypto.SMIME.
load_pkcs7_bio_der
(p7_bio: M2Crypto.BIO.BIO) → M2Crypto.SMIME.PKCS7[source]¶
-
M2Crypto.SMIME.
load_pkcs7_der
(p7file: AnyStr) → M2Crypto.SMIME.PKCS7[source]¶
-
M2Crypto.SMIME.
smime_load_pkcs7
(p7file: AnyStr) → M2Crypto.SMIME.PKCS7[source]¶
-
M2Crypto.SMIME.
smime_load_pkcs7_bio
(p7_bio: M2Crypto.BIO.BIO) → M2Crypto.SMIME.PKCS7[source]¶
-
M2Crypto.SMIME.
text_crlf_bio
(bio_in: M2Crypto.BIO.BIO) → M2Crypto.BIO.BIO[source]¶
X509
Module¶
-
class
M2Crypto.X509.
CRL
(crl: Optional[bytes] = None, _pyfree: int = 0)[source]¶ Bases:
object
X509 Certificate Revocation List
-
as_text
() → str[source]¶ Return CRL in PEM format in a string.
- Returns
String containing the CRL in PEM format.
-
m2_x509_crl_free
()¶
-
-
class
M2Crypto.X509.
Request
(req: Optional[int] = None, _pyfree: int = 0)[source]¶ Bases:
object
X509 Certificate Request.
-
add_extensions
(ext_stack: M2Crypto.X509.X509_Extension_Stack) → int[source]¶ Add X509 extensions to this request.
- Parameters
ext_stack – Stack of extensions to add.
- Returns
1 for success and 0 for failure
-
get_pubkey
() → M2Crypto.EVP.PKey[source]¶ Get the public key for the request.
- Returns
Public key from the request.
-
get_subject
() → M2Crypto.X509.X509_Name[source]¶
-
m2_x509_req_free
()¶
-
save
(filename: AnyStr, format: int = 1) → int[source]¶ Saves X.509 certificate request to a file. Default output format is PEM.
- Parameters
filename – Name of the file the request will be saved to.
format – Controls what output format is used to save the request. Either FORMAT_PEM or FORMAT_DER to save in PEM or DER format. Raises ValueError if an unknown format is used.
- Returns
1 for success, 0 for failure. The error code can be obtained by ERR_get_error.
-
set_pubkey
(pkey: M2Crypto.EVP.PKey) → int[source]¶ Set the public key for the request.
- Parameters
pkey – Public key
- Returns
Return 1 for success and 0 for failure.
-
set_subject
(name: M2Crypto.X509.X509_Name) → int¶ Set subject name.
- Parameters
name – subjectName field.
- Returns
1 for success and 0 for failure
-
set_subject_name
(name: M2Crypto.X509.X509_Name) → int[source]¶ Set subject name.
- Parameters
name – subjectName field.
- Returns
1 for success and 0 for failure
-
set_version
(version: int) → int[source]¶ Set version.
- Parameters
version – Version number.
- Returns
Returns 0 on failure.
-
sign
(pkey: M2Crypto.EVP.PKey, md: str) → int[source]¶ - Parameters
pkey – PKey to be signed
md – used algorigthm
- Returns
1 for success and 0 for failure
-
verify
(pkey: M2Crypto.EVP.PKey) → int[source]¶ - Parameters
pkey – PKey to be verified
- Returns
1 for success and 0 for failure
-
-
class
M2Crypto.X509.
X509
(x509: Optional[bytes] = None, _pyfree: int = 0)[source]¶ Bases:
object
X.509 Certificate
-
add_ext
(ext: M2Crypto.X509.X509_Extension) → int[source]¶ Add X509 extension to this certificate.
- Parameters
ext – Extension
:return 1 for success and 0 for failure
-
check_ca
() → int[source]¶ Check if the certificate is a Certificate Authority (CA) certificate.
- Returns
0 if the certificate is not CA, nonzero otherwise.
- Requires
OpenSSL 0.9.8 or newer
-
check_purpose
(id: int, ca: int) → int[source]¶ Check if the certificate’s purpose matches the asked purpose.
- Parameters
id – Purpose id. See X509_PURPOSE_* constants.
ca – 1 if the certificate should be CA, 0 otherwise.
- Returns
0 if the certificate purpose does not match, nonzero otherwise.
-
get_ext
(name: str) → M2Crypto.X509.X509_Extension[source]¶ Get X509 extension by name.
- Parameters
name – Name of the extension
- Returns
X509_Extension
-
get_ext_at
(index: int) → M2Crypto.X509.X509_Extension[source]¶ Get X509 extension by index.
- Parameters
index – Name of the extension
- Returns
X509_Extension
-
get_fingerprint
(md: str = 'md5') → str[source]¶ Get the fingerprint of the certificate.
- Parameters
md – Message digest algorithm to use.
- Returns
String containing the fingerprint in hex format.
-
get_issuer
() → M2Crypto.X509.X509_Name[source]¶
-
get_not_after
() → M2Crypto.ASN1.ASN1_TIME[source]¶
-
get_not_before
() → M2Crypto.ASN1.ASN1_TIME[source]¶
-
get_pubkey
() → M2Crypto.EVP.PKey[source]¶
-
get_serial_number
() → M2Crypto.ASN1.ASN1_Integer[source]¶
-
get_subject
() → M2Crypto.X509.X509_Name[source]¶
-
m2_x509_free
()¶
-
save
(filename: AnyStr, format: int = 1) → int[source]¶ Saves X.509 certificate to a file. Default output format is PEM.
- Parameters
filename – Name of the file the cert will be saved to.
format – Controls what output format is used to save the cert. Either FORMAT_PEM or FORMAT_DER to save in PEM or DER format. Raises a ValueError if an unknow format is used.
- Returns
1 for success or 0 for failure
-
save_pem
(filename: AnyStr) → int[source]¶ - Parameters
filename – name of the file to be loaded
- Returns
1 for success or 0 for failure
-
set_issuer
(name: M2Crypto.X509.X509_Name) → int[source]¶ Set issuer name.
- Parameters
name – subjectName field.
:return 1 for success and 0 for failure
-
set_issuer_name
(name: M2Crypto.X509.X509_Name) → int[source]¶ - Returns
1 on success, 0 on failure
-
set_not_after
(asn1_time: M2Crypto.ASN1.ASN1_TIME) → int[source]¶ - Returns
1 on success, 0 on failure
-
set_not_before
(asn1_time: M2Crypto.ASN1.ASN1_TIME) → int[source]¶ - Returns
1 on success, 0 on failure
-
set_pubkey
(pkey: M2Crypto.EVP.PKey) → int[source]¶ Set the public key for the certificate
- Parameters
pkey – Public key
:return 1 for success and 0 for failure
-
set_serial_number
(serial: M2Crypto.ASN1.ASN1_Integer) → int[source]¶ Set serial number.
- Parameters
serial – Serial number.
:return 1 for success and 0 for failure.
-
set_subject
(name: M2Crypto.X509.X509_Name) → int[source]¶ Set subject name.
- Parameters
name – subjectName field.
:return 1 for success and 0 for failure
-
set_subject_name
(name: M2Crypto.X509.X509_Name) → int[source]¶ - Returns
1 on success, 0 on failure
-
set_version
(version: int) → int[source]¶ Set version of the certificate.
- Parameters
version – Version number.
- Returns
Returns 0 on failure.
-
sign
(pkey: M2Crypto.EVP.PKey, md: str) → int[source]¶ Sign the certificate.
- Parameters
pkey – Public key
md – Message digest algorithm to use for signing, for example ‘sha1’.
:return int
-
verify
(pkey: Optional[M2Crypto.EVP.PKey] = None) → int[source]¶
-
-
class
M2Crypto.X509.
X509_Extension
(x509_ext_ptr: Optional[bytes] = None, _pyfree: int = 1)[source]¶ Bases:
object
X509 Extension
-
get_critical
() → int[source]¶ Return whether or not this is a critical extension.
- Returns
Nonzero if this is a critical extension.
-
get_value
(flag: int = 0, indent: int = 0) → str[source]¶ Get the extension value, for example ‘DNS:www.example.com’.
- Parameters
flag – Flag to control what and how to print.
indent – How many spaces to print before actual value.
-
m2_x509_extension_free
()¶
-
set_critical
(critical: int = 1) → int[source]¶ Mark this extension critical or noncritical. By default an extension is not critical.
- Parameters
critical – Nonzero sets this extension as critical. Calling this method without arguments will set this extension to critical.
- Returns
1 for success, 0 for failure
-
-
class
M2Crypto.X509.
X509_Extension_Stack
(stack: Optional[bytes] = None, _pyfree: int = 0)[source]¶ Bases:
object
X509 Extension Stack
- Warning
Do not modify the underlying OpenSSL stack except through this interface, or use any OpenSSL functions that do so indirectly. Doing so will get the OpenSSL stack and the internal pystack of this class out of sync, leading to python memory leaks, exceptions or even python crashes!
-
m2_sk_x509_extension_free
()¶
-
pop
() → M2Crypto.X509.X509_Extension[source]¶ Pop X509_Extension object from the stack.
- Returns
X509_Extension popped
-
push
(x509_ext: M2Crypto.X509.X509_Extension) → int[source]¶ Push X509_Extension object onto the stack.
- Parameters
x509_ext – X509_Extension object to be pushed onto the stack.
- Returns
The number of extensions on the stack.
-
class
M2Crypto.X509.
X509_Name
(x509_name: Optional[bytes] = None, _pyfree: int = 0)[source]¶ Bases:
object
X509 Name
-
add_entry_by_txt
(field, type, entry, len, loc, set)[source]¶ Add X509_Name field whose name is identified by its name.
- Parameters
field – name of the entry
type – use MBSTRING_ASC or MBSTRING_UTF8 (or standard ASN1 type like V_ASN1_IA5STRING)
entry – value
len – buf_len of the entry (-1 and the length is computed automagically)
The
loc
andset
parameters determine where a new entry should be added. For almost all applications loc can be set to -1 and set to 0. This adds a new entry to the end of name as a single valued RelativeDistinguishedName (RDN).- Parameters
loc – determines the index where the new entry is inserted: if it is -1 it is appended.
set – determines how the new type is added. If it is zero a new RDN is created. If set is -1 or 1 it is added to the previous or next RDN structure respectively. This will then be a multivalued RDN: since multivalues RDNs are very seldom used set is almost always set to zero.
- Returns
1 for success of 0 if an error occurred.
-
as_text
(indent: int = 0, flags: int = 0) → str[source]¶ as_text returns the name as a string.
- Parameters
indent – Each line in multiline format is indented by this many spaces.
flags – Flags that control how the output should be formatted.
-
get_entries_by_nid
(nid: int) → List[M2Crypto.X509.X509_Name_Entry][source]¶ Retrieve the next index matching nid.
- Parameters
nid – name of the entry (as m2.NID* constants)
- Returns
list of X509_Name_Entry items
-
m2_x509_name_free
()¶
-
nid
= {'C': 14, 'CN': 13, 'Email': 48, 'GN': 99, 'L': 15, 'O': 17, 'OU': 18, 'SN': 100, 'SP': 16, 'ST': 16, 'commonName': 13, 'emailAddress': 48, 'givenName': 99, 'localityName': 15, 'organizationName': 17, 'organizationUnitName': 18, 'serialNumber': 105, 'stateOrProvinceName': 16, 'surname': 100}¶
-
-
class
M2Crypto.X509.
X509_Name_Entry
(x509_name_entry: bytes, _pyfree: int = 0)[source]¶ Bases:
object
X509 Name Entry
-
get_data
() → M2Crypto.ASN1.ASN1_String[source]¶
-
get_object
() → M2Crypto.ASN1.ASN1_Object[source]¶
-
m2_x509_name_entry_free
()¶
-
set_data
(data: bytes, type: int = 4097) → int[source]¶ Sets the field name to asn1obj
- Parameters
data – data in a binary form to be set
- Returns
0 on failure, 1 on success
-
set_object
(asn1obj: M2Crypto.ASN1.ASN1_Object) → int[source]¶ Sets the field name to asn1obj
- Parameters
asn1obj –
- Returns
0 on failure, 1 on success
-
-
class
M2Crypto.X509.
X509_Stack
(stack: Optional[bytes] = None, _pyfree: int = 0, _pyfree_x509: int = 0)[source]¶ Bases:
object
X509 Stack
- Warning
Do not modify the underlying OpenSSL stack except through this interface, or use any OpenSSL functions that do so indirectly. Doing so will get the OpenSSL stack and the internal pystack of this class out of sync, leading to python memory leaks, exceptions or even python crashes!
-
m2_sk_x509_free
()¶
-
pop
() → M2Crypto.X509.X509[source]¶ pop a certificate from the stack.
- Returns
X509 object that was popped, or None if there is nothing to pop.
-
push
(x509: M2Crypto.X509.X509) → int[source]¶ push an X509 certificate onto the stack.
- Parameters
x509 – X509 object.
- Returns
The number of X509 objects currently on the stack.
-
class
M2Crypto.X509.
X509_Store
(store: Optional[bytes] = None, _pyfree: int = 0)[source]¶ Bases:
object
X509 Store
-
add_cert
(x509: M2Crypto.X509.X509) → int¶
-
add_x509
(x509: M2Crypto.X509.X509) → int[source]¶
-
load_info
(file: AnyStr) → int[source]¶ - Parameters
file – filename
- Returns
1 on success, 0 on failure
-
load_locations
(file: AnyStr) → int¶ - Parameters
file – filename
- Returns
1 on success, 0 on failure
-
m2_x509_store_free
()¶
-
set_flags
(flags: int) → int[source]¶ Set the verification flags for the X509Store Wrapper over OpenSSL X509_STORE_set_flags()
- Parameters
flags – VERIFICATION FLAGS section of the X509_VERIFY_PARAM_set_flags man page has a complete description of values the flags parameter can take. Their M2Crypto equivalent is transformed following the pattern: “X509_V_FLAG_XYZ” -> lowercase(“VERIFY_XYZ”)
-
set_verify_cb
(callback: Optional[callable] = None) → None[source]¶ Set callback which will be called when the store is verified. Wrapper over OpenSSL X509_STORE_set_verify_cb().
- Parameters
callback – Callable to specify verification options. Type of the callable must be: (int, X509_Store_Context) -> int. If None: set the standard options.
- Note
compile-time or run-time errors in the callback would result in mysterious errors during verification, which could be hard to trace.
- Note
Python exceptions raised in callbacks do not propagate to verify() call.
- Returns
None
-
-
class
M2Crypto.X509.
X509_Store_Context
(x509_store_ctx: bytes, _pyfree: int = 0)[source]¶ Bases:
object
X509 Store Context
-
get1_chain
() → M2Crypto.X509.X509_Stack[source]¶ Get certificate chain.
- Returns
Reference counted (i.e. safe to use even after the store context goes away) stack of certificates in the chain.
-
get_current_cert
() → M2Crypto.X509.X509[source]¶ Get current X.509 certificate.
- Warning
The returned certificate is NOT refcounted, so you can not rely on it being valid once the store context goes away or is modified.
-
m2_x509_store_ctx_free
()¶
-
-
M2Crypto.X509.
load_cert
(file: AnyStr, format: int = 1) → M2Crypto.X509.X509[source]¶ Load certificate from file.
- Parameters
file – Name of file containing certificate in either DER or PEM format.
format – Describes the format of the file to be loaded, either PEM or DER.
- Returns
M2Crypto.X509.X509 object.
-
M2Crypto.X509.
load_cert_bio
(bio: M2Crypto.BIO.BIO, format: int = 1) → M2Crypto.X509.X509[source]¶ Load certificate from a bio.
- Parameters
bio – BIO pointing at a certificate in either DER or PEM format.
format – Describes the format of the cert to be loaded, either PEM or DER (via constants FORMAT_PEM and FORMAT_FORMAT_DER)
- Returns
M2Crypto.X509.X509 object.
-
M2Crypto.X509.
load_cert_der_string
(string: AnyStr) → M2Crypto.X509.X509[source]¶ Load certificate from a string.
- Parameters
string – String containing a certificate in DER format.
- Returns
M2Crypto.X509.X509 object.
-
M2Crypto.X509.
load_cert_string
(string: AnyStr, format: int = 1) → M2Crypto.X509.X509[source]¶ Load certificate from a string.
- Parameters
string – String containing a certificate in either DER or PEM format.
format – Describes the format of the cert to be loaded, either PEM or DER (via constants FORMAT_PEM and FORMAT_FORMAT_DER)
- Returns
M2Crypto.X509.X509 object.
-
M2Crypto.X509.
load_crl
(file: AnyStr) → M2Crypto.X509.CRL[source]¶ Load CRL from file.
- Parameters
file – Name of file containing CRL in PEM format.
- Returns
M2Crypto.X509.CRL object.
-
M2Crypto.X509.
load_request
(file: AnyStr, format: int = 1) → M2Crypto.X509.Request[source]¶ Load certificate request from file.
- Parameters
file – Name of file containing certificate request in either PEM or DER format.
format – Describes the format of the file to be loaded, either PEM or DER. (using constants FORMAT_PEM and FORMAT_DER)
- Returns
Request object.
-
M2Crypto.X509.
load_request_bio
(bio: M2Crypto.BIO.BIO, format: int = 1) → M2Crypto.X509.Request[source]¶ Load certificate request from a bio.
- Parameters
bio – BIO pointing at a certificate request in either DER or PEM format.
format – Describes the format of the request to be loaded, either PEM or DER. (using constants FORMAT_PEM and FORMAT_DER)
- Returns
M2Crypto.X509.Request object.
-
M2Crypto.X509.
load_request_der_string
(string: AnyStr) → M2Crypto.X509.Request[source]¶ Load certificate request from a string.
- Parameters
string – String containing a certificate request in DER format.
- Returns
M2Crypto.X509.Request object.
-
M2Crypto.X509.
load_request_string
(string: AnyStr, format: int = 1) → M2Crypto.X509.Request[source]¶ Load certificate request from a string.
- Parameters
string – String containing a certificate request in either DER or PEM format.
format – Describes the format of the request to be loaded, either PEM or DER. (using constants FORMAT_PEM and FORMAT_DER)
- Returns
M2Crypto.X509.Request object.
-
M2Crypto.X509.
new_extension
(name: str, value: bytes, critical: int = 0, _pyfree: int = 1) → M2Crypto.X509.X509_Extension[source]¶ Create new X509_Extension instance.
-
M2Crypto.X509.
new_stack_from_der
(der_string: bytes) → M2Crypto.X509.X509_Stack[source]¶ Create a new X509_Stack from DER string.
- Returns
X509_Stack
-
M2Crypto.X509.
x509_store_default_cb
(ok: int, ctx: M2Crypto.X509.X509_Store_Context) → int[source]¶
callback
Module¶
ftpslib
Module¶
httpslib
Module¶
-
class
M2Crypto.httpslib.
HTTPSConnection
(host: str, port: Optional[int] = None, strict: Optional[bool] = None, **ssl: Any)[source]¶ Bases:
http.client.HTTPConnection
This class allows communication via SSL using M2Crypto.
-
default_port
= 443¶
-
get_session
() → M2Crypto.SSL.Session.Session[source]¶
-
set_session
(session: M2Crypto.SSL.Session.Session) → None[source]¶
-
-
class
M2Crypto.httpslib.
ProxyHTTPSConnection
(host: str, port: Optional[int] = None, strict: Optional[bool] = None, username: Optional[AnyStr] = None, password: Optional[AnyStr] = None, **ssl: Any)[source]¶ Bases:
M2Crypto.httpslib.HTTPSConnection
An HTTPS Connection that uses a proxy and the CONNECT request.
When the connection is initiated, CONNECT is first sent to the proxy (along with authorization headers, if supplied). If successful, an SSL connection will be established over the socket through the proxy and to the target host.
Finally, the actual request is sent over the SSL connection tunneling through the proxy.
-
endheaders
(*args: Any, **kwargs: Any) → None[source]¶ Indicate that the last header line has been sent to the server.
This method sends the request to the server. The optional message_body argument can be used to pass a message body associated with the request.
-
m2
Module¶
m2crypto
Module¶
m2urllib
Module¶
m2urllib2
Module¶
-
class
M2Crypto.m2urllib2.
HTTPSHandler
(ssl_context: Optional[M2Crypto.SSL.Context.Context] = None)[source]¶ Bases:
urllib.request.AbstractHTTPHandler
-
https_open
(req: urllib.request.Request) → urllib.response.addinfourl[source]¶ Return an addinfourl object for the request, using http_class.
http_class must implement the HTTPConnection API from httplib. The addinfourl return value is a file-like object. It also has methods and attributes including:
info(): return a mimetools.Message object for the headers
geturl(): return the original request URL
code: HTTP status code
-
https_request
(request)¶
-
-
M2Crypto.m2urllib2.
build_opener
(ssl_context: Optional[M2Crypto.SSL.Context.Context] = None, *handlers: object) → urllib.request.OpenerDirector[source]¶ Create an opener object from a list of handlers.
The opener will use several default handlers, including support for HTTP and FTP.
If any of the handlers passed as arguments are subclasses of the default handlers, the default handlers will not be used.
m2xmlrpclib
Module¶
-
class
M2Crypto.m2xmlrpclib.
SSL_Transport
(ssl_context: Optional[M2Crypto.SSL.Context.Context] = None, *args: Any, **kw: Any)[source]¶ Bases:
xmlrpc.client.Transport
-
user_agent
= 'M2Crypto_XMLRPC/0.36.0 - Python-xmlrpc/3.8'¶
-