M2Crypto Package¶

`M2Crypto` Package¶

`ASN1` Module¶

`AuthCookie` Module¶

`BIO` Module¶

`BN` Module¶

`DH` Module¶

`DSA` Module¶

`EC` Module¶

`EVP` Module¶

class M2Crypto.EVP.Cipher(alg: str, key: bytes, iv: bytes, op: object, key_as_bytes: int = 0, d: str = 'md5', salt: bytes = b'12345678', i: int = 1, padding: int = 1)[source]¶

Bases: object

final() → bytes[source]¶

m2_cipher_ctx_free()¶

set_padding(padding: int = 1) → int[source]¶: Actually always return 1

update(data: bytes) → bytes[source]¶

exception M2Crypto.EVP.EVPError[source]¶: Bases: ValueError

class M2Crypto.EVP.HMAC(key: bytes, algo: str = 'sha1')[source]¶

Bases: object

digest() → bytes¶

final() → bytes[source]¶

m2_hmac_ctx_free()¶

reset(key: bytes) → None[source]¶

update(data: bytes) → None[source]¶

class M2Crypto.EVP.MessageDigest(algo: str)[source]¶

Bases: object

Message Digest

digest()¶

final()[source]¶

m2_md_ctx_free()¶

update(data: bytes) → int[source]¶

Add data to be digested.

Returns: -1 for Python error, 1 for success, 0 for OpenSSL failure.

class M2Crypto.EVP.PKey(pkey: Optional[bytes] = None, _pyfree: int = 0, md: str = 'sha1')[source]¶

Bases: object

Public Key

as_der() → bytes[source]¶: Return key in DER format in a string

as_pem(cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → bytes[source]¶

Return key in PEM format in a string.

Parameters

cipher – Symmetric cipher to protect the key. The default cipher is 'aes_128_cbc'. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.

assign_rsa(rsa: M2Crypto.RSA.RSA, capture: int = 1) → int[source]¶

Assign the RSA key pair to self.

Parameters

rsa – M2Crypto.RSA.RSA object to be assigned to self.
capture – If true (default), this PKey object will own the RSA object, meaning that once the PKey object gets deleted it is no longer safe to use the RSA object.

Returns

Return 1 for success and 0 for failure.

digest_sign(data) → bytes[source]¶

Return signature.

Returns: The signature.

digest_sign_final() → bytes[source]¶

Return signature.

Returns: The signature.

digest_sign_init() → None[source]¶: Initialise digest signing operation with self.

digest_sign_update(data: bytes) → None[source]¶

Feed data to digest signing operation.

Parameters: data – Data to be signed.

digest_verify()[source]¶

Return result of verification.

Parameters

sign – Signature to use for verification
data – Data to be verified.

Returns

Result of verification: 1 for success, 0 for failure, -1 on other error.

digest_verify_final(sign: bytes) → int[source]¶

Feed data to digest verification operation.

Parameters: sign – Signature to use for verification
Returns: Result of verification: 1 for success, 0 for failure, -1 on other error.

digest_verify_init() → None[source]¶: Initialise verification operation with self.

digest_verify_update(data: bytes) → int[source]¶

Feed data to verification operation.

Parameters: data – Data to be verified.
Returns: -1 on Python error, 1 for success, 0 for OpenSSL error

final() → bytes¶

Return signature.

Returns: The signature.

get_modulus() → Optional[bytes][source]¶: Return the modulus in hex format.

get_rsa() → M2Crypto.RSA.RSA_pub [source]¶: Return the underlying RSA key if that is what the EVP instance is holding.

m2_md_ctx_free()¶

m2_pkey_free()¶

reset_context(md: str = 'sha1') → None[source]¶

Reset internal message digest context.

Parameters: md – The message digest algorithm.

save_key(file: AnyStr, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶

Save the key pair to a file in PEM format.

Parameters

file – Name of file to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.

save_key_bio(bio: BIO.BIO, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶

Save the key pair to the M2Crypto.BIO object ‘bio’ in PEM format.

Parameters

bio – M2Crypto.BIO object to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.

sign_final() → bytes[source]¶

Return signature.

Returns: The signature.

sign_init() → None[source]¶: Initialise signing operation with self.

sign_update(data: bytes) → None[source]¶

Feed data to signing operation.

Parameters: data – Data to be signed.

size() → int[source]¶: Return the size of the key in bytes.

update(data: bytes) → None¶

Feed data to signing operation.

Parameters: data – Data to be signed.

verify_final(sign: bytes) → int[source]¶

Return result of verification.

Parameters: sign – Signature to use for verification
Returns: Result of verification: 1 for success, 0 for failure, -1 on other error.

verify_init() → None[source]¶: Initialise signature verification operation with self.

verify_update(data: bytes) → int[source]¶

Feed data to verification operation.

Parameters: data – Data to be verified.
Returns: -1 on Python error, 1 for success, 0 for OpenSSL error

M2Crypto.EVP.hmac(key: bytes, data: bytes, algo: str = 'sha1') → bytes[source]¶

M2Crypto.EVP.load_key(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey [source]¶

Load an M2Crypto.EVP.PKey from file.

Parameters

file – Name of file containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.

Returns

M2Crypto.EVP.PKey object.

M2Crypto.EVP.load_key_bio(bio: BIO.BIO, callback: Callable = <function passphrase_callback>) → PKey [source]¶

Load an M2Crypto.EVP.PKey from an M2Crypto.BIO object.

Parameters

bio – M2Crypto.BIO object containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.

Returns

M2Crypto.EVP.PKey object.

M2Crypto.EVP.load_key_bio_pubkey(bio: BIO.BIO, callback: Callable = <function passphrase_callback>) → PKey [source]¶

Load an M2Crypto.EVP.PKey from a public key as a M2Crypto.BIO object.

Parameters

bio – M2Crypto.BIO object containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.

Returns

M2Crypto.EVP.PKey object.

M2Crypto.EVP.load_key_pubkey(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey [source]¶

Load an M2Crypto.EVP.PKey from a public key as a file.

Parameters

file – Name of file containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.

Returns

M2Crypto.EVP.PKey object.

M2Crypto.EVP.load_key_string(string: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey [source]¶

Load an M2Crypto.EVP.PKey from a string.

Parameters

string – String containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.

Returns

M2Crypto.EVP.PKey object.

M2Crypto.EVP.load_key_string_pubkey(string: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.EVP.PKey [source]¶

Load an M2Crypto.EVP.PKey from a public key as a string.

Parameters

string – String containing the key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key.

Returns

M2Crypto.EVP.PKey object.

M2Crypto.EVP.pbkdf2(password: bytes, salt: bytes, iter: int, keylen: int) → bytes[source]¶

Derive a key from password using PBKDF2 algorithm specified in RFC 2898.

Parameters

password – Derive the key from this password.
salt – Salt.
iter – Number of iterations to perform.
keylen – Length of key to produce.

Returns

Key.

`Engine` Module¶

`Err` Module¶

exception M2Crypto.Err.M2CryptoError[source]¶: Bases: Exception

exception M2Crypto.Err.SSLError(err: int, client_addr: Union[Tuple[str, int], str])[source]¶: Bases: Exception

M2Crypto.Err.get_error() → Optional[str][source]¶

M2Crypto.Err.get_error_code() → int[source]¶

M2Crypto.Err.get_error_func(err: Optional[int]) → str[source]¶

M2Crypto.Err.get_error_lib(err: Optional[int]) → str[source]¶

M2Crypto.Err.get_error_message() → str[source]¶

M2Crypto.Err.get_error_reason(err: Optional[int]) → str[source]¶

M2Crypto.Err.get_x509_verify_error(err: Optional[int]) → str[source]¶

M2Crypto.Err.peek_error_code() → int[source]¶

`RC4` Module¶

`RSA` Module¶

class M2Crypto.RSA.RSA(rsa: bytes, _pyfree: int = 0)[source]¶

Bases: object

RSA Key Pair.

as_pem(cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → bytes[source]¶: Returns the key(pair) as a string in PEM format.

check_key() → int[source]¶

Validate RSA keys.

It checks that p and q are in fact prime, and that n = p*q.

Returns: returns 1 if rsa is a valid RSA key, and 0 otherwise. -1 is returned if an error occurs while checking the key. If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

m2_rsa_free()¶

private_decrypt(data: bytes, padding: int) → bytes[source]¶

private_encrypt(data: bytes, padding: int) → bytes[source]¶

pub() → Tuple[bytes, bytes][source]¶

public_decrypt(data: bytes, padding: int) → bytes[source]¶

public_encrypt(data: bytes, padding: int) → bytes[source]¶

save_key(file: AnyStr, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶

Save the key pair to a file in PEM format.

Parameters

file – Name of file to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.

save_key_bio(bio: BIO.BIO, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int[source]¶

Save the key pair to an M2Crypto.BIO.BIO object in PEM format.

Parameters

bio – M2Crypto.BIO.BIO object to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.

save_key_der(file: AnyStr) → int[source]¶

Save the key pair to a file in DER format.

Parameters: file – Filename to save key to

save_key_der_bio(bio: BIO.BIO) → int[source]¶

Save the key pair to an M2Crypto.BIO.BIO object in DER format.

Parameters: bio – M2Crypto.BIO.BIO object to save key to.

save_pem(file: AnyStr, cipher: Optional[str] = 'aes_128_cbc', callback: Callable = <function passphrase_callback>) → int¶

Save the key pair to a file in PEM format.

Parameters

file – Name of file to save key to.
cipher – Symmetric cipher to protect the key. The default cipher is ‘aes_128_cbc’. If cipher is None, then the key is saved in the clear.
callback – A Python callable object that is invoked to acquire a passphrase with which to protect the key. The default is util.passphrase_callback.

save_pub_key(file: AnyStr) → int[source]¶

Save the public key to a file in PEM format.

Parameters: file – Name of file to save key to.

save_pub_key_bio(bio: BIO.BIO) → int[source]¶

Save the public key to an M2Crypto.BIO.BIO object in PEM format.

Parameters: bio – M2Crypto.BIO.BIO object to save key to.

sign(digest: bytes, algo: str = 'sha1') → bytes[source]¶

Signs a digest with the private key

Parameters

digest – A digest created by using the digest method
algo – The method that created the digest. Legal values like ‘sha1’,’sha224’, ‘sha256’, ‘ripemd160’, and ‘md5’.

Returns

a string which is the signature

sign_rsassa_pss(digest: bytes, algo: str = 'sha1', salt_length: int = 20) → bytes[source]¶

Signs a digest with the private key using RSASSA-PSS

Parameters

digest – A digest created by using the digest method
salt_length – The length of the salt to use
algo – The hash algorithm to use Legal values like ‘sha1’,’sha224’, ‘sha256’, ‘ripemd160’, and ‘md5’.

Returns

a string which is the signature

verify(data: bytes, signature: bytes, algo: str = 'sha1') → int[source]¶

Verifies the signature with the public key

Parameters

data – Data that has been signed
signature – The signature signed with the private key
algo – The method use to create digest from the data before it was signed. Legal values like ‘sha1’,’sha224’, ‘sha256’, ‘ripemd160’, and ‘md5’.

Returns

1 or 0, depending on whether the signature was verified or not.

verify_rsassa_pss(data: bytes, signature: bytes, algo: str = 'sha1', salt_length: int = 20) → int[source]¶

Verifies the signature RSASSA-PSS

Parameters

data – Data that has been signed
signature – The signature signed with RSASSA-PSS
salt_length – The length of the salt that was used
algo – The hash algorithm to use Legal values are for example ‘sha1’,’sha224’, ‘sha256’, ‘ripemd160’, and ‘md5’.

Returns

1 or 0, depending on whether the signature was verified or not.

exception M2Crypto.RSA.RSAError[source]¶: Bases: Exception

class M2Crypto.RSA.RSA_pub(rsa: bytes, _pyfree: int = 0)[source]¶

Bases: M2Crypto.RSA.RSA

Object interface to an RSA public key.

check_key() → int[source]¶

Validate RSA keys.

It checks that p and q are in fact prime, and that n = p*q.

Returns: returns 1 if rsa is a valid RSA key, and 0 otherwise. -1 is returned if an error occurs while checking the key. If the key is invalid or an error occurred, the reason code can be obtained using ERR_get_error(3).

private_decrypt(*argv: Any) → None[source]¶

private_encrypt(*argv: Any) → None[source]¶

save_key(file: AnyStr, *args: Any, **kw: Any) → int[source]¶: Save public key to file.

save_key_bio(bio: BIO.BIO, *args: Any, **kw: Any) → int[source]¶: Save public key to BIO.

M2Crypto.RSA.gen_key(bits: int, e: int, callback: Callable = <function keygen_callback>) → M2Crypto.RSA.RSA [source]¶

Generate an RSA key pair.

Parameters

bits – Key length, in bits.
e – The RSA public exponent.
callback – A Python callable object that is invoked during key generation; its usual purpose is to provide visual feedback. The default callback is keygen_callback.

Returns

M2Crypto.RSA.RSA object.

M2Crypto.RSA.keygen_callback(p: int, n: Any, out: IO[str] = <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>) → None[source]¶: Default callback for gen_key().

M2Crypto.RSA.load_key(file: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.RSA.RSA [source]¶

Load an RSA key pair from file.

Parameters

file – Name of file containing RSA public key in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback.

Returns

M2Crypto.RSA.RSA object.

M2Crypto.RSA.load_key_bio(bio: BIO.BIO, callback: Callable = <function passphrase_callback>) → RSA [source]¶

Load an RSA key pair from an M2Crypto.BIO.BIO object.

Parameters

bio – M2Crypto.BIO.BIO object containing RSA key pair in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback.

Returns

M2Crypto.RSA.RSA object.

M2Crypto.RSA.load_key_string(string: AnyStr, callback: Callable = <function passphrase_callback>) → M2Crypto.RSA.RSA [source]¶

Load an RSA key pair from a string.

Parameters

string – String containing RSA key pair in PEM format.
callback – A Python callable object that is invoked to acquire a passphrase with which to unlock the key. The default is util.passphrase_callback.

Returns

M2Crypto.RSA.RSA object.

M2Crypto.RSA.load_pub_key(file: AnyStr) → M2Crypto.RSA.RSA_pub [source]¶

Load an RSA public key from file.

Parameters: file – Name of file containing RSA public key in PEM format.
Returns: M2Crypto.RSA.RSA_pub object.

M2Crypto.RSA.load_pub_key_bio(bio: BIO.BIO) → RSA_pub [source]¶

Load an RSA public key from an M2Crypto.BIO.BIO object.

Parameters: bio – M2Crypto.BIO.BIO object containing RSA public key in PEM format.
Returns: M2Crypto.RSA.RSA_pub object.

M2Crypto.RSA.new_pub_key(e_n: Tuple[bytes, bytes]) → M2Crypto.RSA.RSA_pub [source]¶

Instantiate an RSA_pub object from an (e, n) tuple.

Parameters

e – The RSA public exponent; it is a string in OpenSSL’s MPINT format - 4-byte big-endian bit-count followed by the appropriate number of bits.
n – The RSA composite of primes; it is a string in OpenSSL’s MPINT format - 4-byte big-endian bit-count followed by the appropriate number of bits.

Returns

M2Crypto.RSA.RSA_pub object.

M2Crypto.RSA.rsa_error() → None[source]¶

`Rand` Module¶

`SMIME` Module¶

`X509` Module¶

`callback` Module¶

`ftpslib` Module¶

`httpslib` Module¶

`m2` Module¶

`m2crypto` Module¶

`m2urllib` Module¶

`m2urllib2` Module¶

`m2xmlrpclib` Module¶

`threading` Module¶

`util` Module¶

exception M2Crypto.util.UtilError[source]¶: Bases: Exception

M2Crypto.util.bin_to_hex(b: bytes) → str[source]¶

M2Crypto.util.genparam_callback(p: int, n: Any, out: io.IOBase = <_io.TextIOWrapper name='<stdout>' mode='w' encoding='utf-8'>) → None[source]¶

M2Crypto.util.no_passphrase_callback(*args: Any) → str[source]¶

M2Crypto.util.octx_to_num(x: bytes) → int[source]¶

M2Crypto.util.passphrase_callback(v: bool, prompt1: str = 'Enter passphrase:', prompt2: str = 'Verify passphrase:') → Optional[str][source]¶

M2Crypto.util.pkcs5_pad(data: str, blklen: int = 8) → str[source]¶

M2Crypto.util.pkcs7_pad(data: str, blklen: int) → str[source]¶

M2Crypto.util.quiet_genparam_callback(p: Any, n: Any, out: Any) → None[source]¶

Subpackages¶

SSL Package

M2Crypto Package¶