Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / pyopenssl / b51bda3df396de582f9a275eb04e1ce54df9705f / . / doc / html / openssl-crypto.html
blob: 7fc909fa192faa605488b29d410a604cdaa6a229 [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>3.1 crypto -- Generic cryptographic module </title>
<META NAME="description" CONTENT="3.1 crypto -- Generic cryptographic module ">
<META NAME="keywords" CONTENT="pyOpenSSL">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<link rel="STYLESHEET" href="pyOpenSSL.css">
<LINK REL="next" href="openssl-rand.html">
<LINK REL="previous" href="openssl.html">
<LINK REL="up" href="openssl.html">
<LINK REL="next" href="openssl-x509ext.html">
</head>
<body>
<DIV CLASS="navigation">
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl.html"><img src="previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="openssl.html"><img src="up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A href="openssl-x509ext.html"><img src="next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509ext.html">3.1.1 X509Extension objects</A>
<br><hr>
</DIV>
<!--End of Navigation Panel-->
<H2><A NAME="SECTION000410000000000000000">&nbsp;</A>
<BR>
3.1 <tt class="module">crypto</tt> -- Generic cryptographic module
</H2>
<P>
<P>
<dl><dt><b><a name='l2h-6'><tt>X509Type</tt></a></b>
<dd>
See <tt class="class">X509</tt>.
</dl>
<P>
<dl><dt><b>class <a name='l2h-7'><tt class='class'>X509</tt></a></b>()
<dd>
A class representing X.509 certificates.
</dl>
<P>
<dl><dt><b><a name='l2h-8'><tt>X509NameType</tt></a></b>
<dd>
See <tt class="class">X509Name</tt>.
</dl>
<P>
<dl><dt><b>class <a name='l2h-9'><tt class='class'>X509Name</tt></a></b>(<var>x509name</var>)
<dd>
A class representing X.509 Distinguished Names.
<P>
This constructor creates a copy of <var>x509name</var> which should be an
instance of <tt class="class">X509Name</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-10'><tt>X509ReqType</tt></a></b>
<dd>
See <tt class="class">X509Req</tt>.
</dl>
<P>
<dl><dt><b>class <a name='l2h-11'><tt class='class'>X509Req</tt></a></b>()
<dd>
A class representing X.509 certificate requests.
</dl>
<P>
<dl><dt><b><a name='l2h-12'><tt>X509StoreType</tt></a></b>
<dd>
A Python type object representing the X509Store object type.
</dl>
<P>
<dl><dt><b><a name='l2h-13'><tt>PKeyType</tt></a></b>
<dd>
See <tt class="class">PKey</tt>.
</dl>
<P>
<dl><dt><b>class <a name='l2h-14'><tt class='class'>PKey</tt></a></b>()
<dd>
A class representing DSA or RSA keys.
</dl>
<P>
<dl><dt><b><a name='l2h-15'><tt>PKCS7Type</tt></a></b>
<dd>
A Python type object representing the PKCS7 object type.
</dl>
<P>
<dl><dt><b><a name='l2h-16'><tt>PKCS12Type</tt></a></b>
<dd>
A Python type object representing the PKCS12 object type.
</dl>
<P>
<dl><dt><b><a name='l2h-17'><tt>X509ExtensionType</tt></a></b>
<dd>
See <tt class="class">X509Extension</tt>.
</dl>
<P>
<dl><dt><b>class <a name='l2h-18'><tt class='class'>X509Extension</tt></a></b>(<var>typename, critical, value</var><big>[</big><var>, subject</var><big>]</big><big>[</big><var>, issuer</var><big>]</big>)
<dd>
A class representing an X.509 v3 certificate extensions.
See <a class="url" href="http://openssl.org/docs/apps/x509v3_config.html#STANDARD_EXTENSIONS">http://openssl.org/docs/apps/x509v3_config.html#STANDARD_EXTENSIONS</a>for <var>typename</var> strings and their options.
Optional parameters <var>subject</var> and <var>issuer</var> must be X509 objects.
</dl>
<P>
<dl><dt><b><a name='l2h-19'><tt>NetscapeSPKIType</tt></a></b>
<dd>
See <tt class="class">NetscapeSPKI</tt>.
</dl>
<P>
<dl><dt><b>class <a name='l2h-20'><tt class='class'>NetscapeSPKI</tt></a></b>(<big>[</big><var>enc</var><big>]</big>)
<dd>
A class representing Netscape SPKI objects.
<P>
If the <var>enc</var> argument is present, it should be a base64-encoded string
representing a NetscapeSPKI object, as returned by the <tt class="method">b64_encode</tt>
method.
</dl>
<P>
<dl><dt><b>class <a name='l2h-21'><tt class='class'>CRL</tt></a></b>()
<dd>
A class representing Certifcate Revocation List objects.
</dl>
<P>
<dl><dt><b>class <a name='l2h-22'><tt class='class'>Revoked</tt></a></b>()
<dd>
A class representing Revocation objects of CRL.
</dl>
<P>
<dl><dt><b><a name='l2h-23'><tt>FILETYPE_PEM</tt></a></b>
<dd>
<dt><b><a name='l2h-37'><tt>FILETYPE_ASN1</tt></a></b><dd>
File type constants.
</dl>
<P>
<dl><dt><b><a name='l2h-24'><tt>TYPE_RSA</tt></a></b>
<dd>
<dt><b><a name='l2h-38'><tt>TYPE_DSA</tt></a></b><dd>
Key type constants.
</dl>
<P>
<dl><dt><b>exception <a name='l2h-25'><tt class='exception'>Error</tt></a></b>
<dd>
Generic exception used in the <tt class="module">crypto</tt> module.
</dl>
<P>
<dl><dt><b><a name='l2h-26'><tt class='function'>dump_certificate</tt></a></b>(<var>type, cert</var>)
<dd>
Dump the certificate <var>cert</var> into a buffer string encoded with the type
<var>type</var>.
</dl>
<P>
<dl><dt><b><a name='l2h-27'><tt class='function'>dump_certificate_request</tt></a></b>(<var>type, req</var>)
<dd>
Dump the certificate request <var>req</var> into a buffer string encoded with the
type <var>type</var>.
</dl>
<P>
<dl><dt><b><a name='l2h-28'><tt class='function'>dump_privatekey</tt></a></b>(<var>type, pkey</var><big>[</big><var>, cipher, passphrase</var><big>]</big>)
<dd>
Dump the private key <var>pkey</var> into a buffer string encoded with the type
<var>type</var>, optionally (if <var>type</var> is <tt class="constant">FILETYPE_PEM</tt>) encrypting it
using <var>cipher</var> and <var>passphrase</var>.
<P>
<var>passphrase</var> must be either a string or a callback for providing the
pass phrase.
</dl>
<P>
<dl><dt><b><a name='l2h-29'><tt class='function'>load_certificate</tt></a></b>(<var>type, buffer</var>)
<dd>
Load a certificate (X509) from the string <var>buffer</var> encoded with the
type <var>type</var>.
</dl>
<P>
<dl><dt><b><a name='l2h-30'><tt class='function'>load_certificate_request</tt></a></b>(<var>type, buffer</var>)
<dd>
Load a certificate request (X509Req) from the string <var>buffer</var> encoded with
the type <var>type</var>.
</dl>
<P>
<dl><dt><b><a name='l2h-31'><tt class='function'>load_privatekey</tt></a></b>(<var>type, buffer</var><big>[</big><var>, passphrase</var><big>]</big>)
<dd>
Load a private key (PKey) from the string <var>buffer</var> encoded with
the type <var>type</var> (must be one of <tt class="constant">FILETYPE_PEM</tt> and
<tt class="constant">FILETYPE_ASN1</tt>).
<P>
<var>passphrase</var> must be either a string or a callback for providing the
pass phrase.
</dl>
<P>
<dl><dt><b><a name='l2h-32'><tt class='function'>load_crl</tt></a></b>(<var>type, buffer</var>)
<dd>
Load Certificate Revocation List (CRL) data from a string <var>buffer</var>.
<var>buffer</var> encoded with the type <var>type</var>. The type <var>type</var>
must either <tt class="constant">FILETYPE_PEM</tt> or <tt class="constant">FILETYPE_ASN1</tt>).
</dl>
<P>
<dl><dt><b><a name='l2h-33'><tt class='function'>load_pkcs7_data</tt></a></b>(<var>type, buffer</var>)
<dd>
Load pkcs7 data from the string <var>buffer</var> encoded with the type <var>type</var>.
</dl>
<P>
<dl><dt><b><a name='l2h-34'><tt class='function'>load_pkcs12</tt></a></b>(<var>buffer</var><big>[</big><var>, passphrase</var><big>]</big>)
<dd>
Load pkcs12 data from the string <var>buffer</var>. If the pkcs12 structure is
encrypted, a <var>passphrase</var> must be included. The MAC is always
checked and thus required.
<P>
See also the man page for the C function <tt class="function">PKCS12_parse</tt>.
</dl>
<P>
<dl><dt><b><a name='l2h-35'><tt class='function'>sign</tt></a></b>(<var>key, data, digest</var>)
<dd>
Sign a data string using the given key and message digest.
<P>
<var>key</var> is a <code>PKey</code> instance. <var>data</var> is a <code>str</code> instance.
<var>digest</var> is a <code>str</code> naming a supported message digest type, for example
<code>``sha1''</code>.
<span class='versionnote'>New in version 0.11.</span>
</dl>
<P>
<dl><dt><b><a name='l2h-36'><tt class='function'>verify</tt></a></b>(<var>certificate, signature, data, digest</var>)
<dd>
Verify the signature for a data string.
<P>
<var>certificate</var> is a <code>X509</code> instance corresponding to the private key
which generated the signature. <var>signature</var> is a <var>str</var> instance giving
the signature itself. <var>data</var> is a <var>str</var> instance giving the data to
which the signature applies. <var>digest</var> is a <var>str</var> instance naming the
message digest type of the signature, for example <code>``sha1''</code>.
<span class='versionnote'>New in version 0.11.</span>
</dl>
<P>
<p><hr>
<!--Table of Child-Links-->
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></A>
<UL CLASS="ChildLinks">
<LI><A NAME="tex2html141"
href="openssl-x509ext.html">3.1.1 X509Extension objects </A>
<LI><A NAME="tex2html142"
href="openssl-x509.html">3.1.2 X509 objects </A>
<LI><A NAME="tex2html143"
href="openssl-x509name.html">3.1.3 X509Name objects </A>
<LI><A NAME="tex2html144"
href="openssl-x509req.html">3.1.4 X509Req objects </A>
<LI><A NAME="tex2html145"
href="openssl-x509store.html">3.1.5 X509Store objects </A>
<LI><A NAME="tex2html146"
href="openssl-pkey.html">3.1.6 PKey objects </A>
<LI><A NAME="tex2html147"
href="openssl-pkcs7.html">3.1.7 PKCS7 objects </A>
<LI><A NAME="tex2html148"
href="openssl-pkcs12.html">3.1.8 PKCS12 objects </A>
<LI><A NAME="tex2html149"
href="openssl-509ext.html">3.1.9 X509Extension objects </A>
<LI><A NAME="tex2html150"
href="openssl-netscape-spki.html">3.1.10 NetscapeSPKI objects </A>
<LI><A NAME="tex2html151"
href="crl.html">3.1.11 CRL objects </A>
<LI><A NAME="tex2html152"
href="revoked.html">3.1.12 Revoked objects </A>
</UL>
<!--End of Table of Child-Links-->
<DIV CLASS="navigation">
<p><hr>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td><A href="openssl.html"><img src="previous.gif"
border="0" height="32"
alt="Previous Page" width="32"></A></td>
<td><A href="openssl.html"><img src="up.gif"
border="0" height="32"
alt="Up One Level" width="32"></A></td>
<td><A href="openssl-x509ext.html"><img src="next.gif"
border="0" height="32"
alt="Next Page" width="32"></A></td>
<td align="center" width="100%">Python OpenSSL Manual</td>
<td><A href="contents.html"><img src="contents.gif"
border="0" height="32"
alt="Contents" width="32"></A></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
<td><img src="blank.gif"
border="0" height="32"
alt="" width="32"></td>
</tr></table>
<b class="navlabel">Previous:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<b class="navlabel">Up:</b> <a class="sectref" href="openssl.html">3 OpenSSL </A>
<b class="navlabel">Next:</b> <a class="sectref" href="openssl-x509ext.html">3.1.1 X509Extension objects</A>
<hr>
<span class="release-info">Release 0.12.</span>
</DIV>
<!--End of Navigation Panel-->
</BODY>
</HTML>