Jonathan Ballet | 6381da3 | 2011-07-20 16:43:38 +0900 | [diff] [blame] | 1 | .. _openssl-crypto: |
| 2 | |
| 3 | :py:mod:`crypto` --- Generic cryptographic module |
| 4 | ================================================= |
| 5 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 6 | .. py:module:: OpenSSL.crypto |
Jonathan Ballet | 6381da3 | 2011-07-20 16:43:38 +0900 | [diff] [blame] | 7 | :synopsis: Generic cryptographic module |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 8 | |
| 9 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 10 | .. py:data:: X509Type |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 11 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 12 | See :py:class:`X509`. |
Jonathan Ballet | 648875f | 2011-07-16 14:14:58 +0900 | [diff] [blame] | 13 | |
| 14 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 15 | .. py:class:: X509() |
| 16 | |
| 17 | A class representing X.509 certificates. |
| 18 | |
| 19 | |
| 20 | .. py:data:: X509NameType |
| 21 | |
| 22 | See :py:class:`X509Name`. |
| 23 | |
| 24 | |
| 25 | .. py:class:: X509Name(x509name) |
| 26 | |
| 27 | A class representing X.509 Distinguished Names. |
| 28 | |
| 29 | This constructor creates a copy of *x509name* which should be an |
| 30 | instance of :py:class:`X509Name`. |
| 31 | |
| 32 | |
| 33 | .. py:data:: X509ReqType |
| 34 | |
| 35 | See :py:class:`X509Req`. |
| 36 | |
| 37 | |
| 38 | .. py:class:: X509Req() |
| 39 | |
| 40 | A class representing X.509 certificate requests. |
| 41 | |
| 42 | |
| 43 | .. py:data:: X509StoreType |
| 44 | |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 45 | See :py:class:`X509Store` |
| 46 | |
| 47 | |
Laurens Van Houtven | 0c26a46 | 2015-04-20 11:00:08 -0700 | [diff] [blame^] | 48 | .. py:data:: X509Store |
Stephen Holsapple | 0d9815f | 2014-08-27 19:36:53 -0700 | [diff] [blame] | 49 | |
| 50 | A class representing the X.509 store. |
| 51 | |
| 52 | |
| 53 | .. py:data:: X509StoreContext |
| 54 | |
| 55 | A class representing the X.509 store context. |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 56 | |
| 57 | |
| 58 | .. py:data:: PKeyType |
| 59 | |
| 60 | See :py:class:`PKey`. |
| 61 | |
| 62 | |
| 63 | .. py:class:: PKey() |
| 64 | |
| 65 | A class representing DSA or RSA keys. |
| 66 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 67 | .. py:data:: PKCS7Type |
| 68 | |
| 69 | A Python type object representing the PKCS7 object type. |
| 70 | |
| 71 | |
| 72 | .. py:data:: PKCS12Type |
| 73 | |
| 74 | A Python type object representing the PKCS12 object type. |
| 75 | |
| 76 | |
| 77 | .. py:data:: X509ExtensionType |
| 78 | |
| 79 | See :py:class:`X509Extension`. |
| 80 | |
| 81 | |
| 82 | .. py:class:: X509Extension(typename, critical, value[, subject][, issuer]) |
| 83 | |
| 84 | A class representing an X.509 v3 certificate extensions. See |
| 85 | http://openssl.org/docs/apps/x509v3_config.html#STANDARD_EXTENSIONS for |
| 86 | *typename* strings and their options. Optional parameters *subject* and |
| 87 | *issuer* must be X509 objects. |
| 88 | |
| 89 | |
| 90 | .. py:data:: NetscapeSPKIType |
| 91 | |
| 92 | See :py:class:`NetscapeSPKI`. |
| 93 | |
| 94 | |
| 95 | .. py:class:: NetscapeSPKI([enc]) |
| 96 | |
| 97 | A class representing Netscape SPKI objects. |
| 98 | |
| 99 | If the *enc* argument is present, it should be a base64-encoded string |
| 100 | representing a NetscapeSPKI object, as returned by the :py:meth:`b64_encode` |
| 101 | method. |
| 102 | |
| 103 | |
| 104 | .. py:class:: CRL() |
| 105 | |
| 106 | A class representing Certifcate Revocation List objects. |
| 107 | |
| 108 | |
| 109 | .. py:class:: Revoked() |
| 110 | |
| 111 | A class representing Revocation objects of CRL. |
| 112 | |
| 113 | |
| 114 | .. py:data:: FILETYPE_PEM |
Jonathan Ballet | 6381da3 | 2011-07-20 16:43:38 +0900 | [diff] [blame] | 115 | FILETYPE_ASN1 |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 116 | |
| 117 | File type constants. |
| 118 | |
| 119 | |
| 120 | .. py:data:: TYPE_RSA |
Jonathan Ballet | 6381da3 | 2011-07-20 16:43:38 +0900 | [diff] [blame] | 121 | TYPE_DSA |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 122 | |
| 123 | Key type constants. |
| 124 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 125 | .. py:exception:: Error |
| 126 | |
| 127 | Generic exception used in the :py:mod:`.crypto` module. |
| 128 | |
Laurens Van Houtven | 07051d3 | 2014-06-19 12:00:30 +0200 | [diff] [blame] | 129 | Elliptic curves |
| 130 | --------------- |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 131 | |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 132 | .. py:function:: get_elliptic_curves |
| 133 | |
| 134 | Return a set of objects representing the elliptic curves supported in the |
| 135 | OpenSSL build in use. |
| 136 | |
| 137 | The curve objects have a :py:class:`unicode` ``name`` attribute by which |
Jean-Paul Calderone | aaf516d | 2014-04-19 09:10:45 -0400 | [diff] [blame] | 138 | they identify themselves. |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 139 | |
| 140 | The curve objects are useful as values for the argument accepted by |
Jean-Paul Calderone | 3b04e35 | 2014-04-19 09:29:10 -0400 | [diff] [blame] | 141 | :py:meth:`Context.set_tmp_ecdh` to specify which elliptical curve should be |
| 142 | used for ECDHE key exchange. |
Jean-Paul Calderone | c09fd58 | 2014-04-18 22:00:10 -0400 | [diff] [blame] | 143 | |
| 144 | |
| 145 | .. py:function:: get_elliptic_curve |
| 146 | |
| 147 | Return a single curve object selected by name. |
| 148 | |
| 149 | See :py:func:`get_elliptic_curves` for information about curve objects. |
| 150 | |
| 151 | If the named curve is not supported then :py:class:`ValueError` is raised. |
| 152 | |
| 153 | |
Laurens Van Houtven | 07051d3 | 2014-06-19 12:00:30 +0200 | [diff] [blame] | 154 | Serialization and deserialization |
| 155 | --------------------------------- |
| 156 | |
| 157 | The following serialization functions take one of these constants to |
| 158 | determine the format: |
| 159 | |
| 160 | .. py:data:: FILETYPE_PEM |
| 161 | FILETYPE_ASN1 |
| 162 | |
| 163 | Certificates |
| 164 | ~~~~~~~~~~~~ |
| 165 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 166 | .. py:function:: dump_certificate(type, cert) |
| 167 | |
| 168 | Dump the certificate *cert* into a buffer string encoded with the type |
| 169 | *type*. |
| 170 | |
Laurens Van Houtven | 07051d3 | 2014-06-19 12:00:30 +0200 | [diff] [blame] | 171 | .. py:function:: load_certificate(type, buffer) |
| 172 | |
| 173 | Load a certificate (X509) from the string *buffer* encoded with the |
| 174 | type *type*. |
| 175 | |
| 176 | Certificate signing requests |
| 177 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 178 | |
| 179 | .. py:function:: dump_certificate_request(type, req) |
| 180 | |
| 181 | Dump the certificate request *req* into a buffer string encoded with the |
| 182 | type *type*. |
| 183 | |
Laurens Van Houtven | 07051d3 | 2014-06-19 12:00:30 +0200 | [diff] [blame] | 184 | .. py:function:: load_certificate_request(type, buffer) |
| 185 | |
| 186 | Load a certificate request (X509Req) from the string *buffer* encoded with |
| 187 | the type *type*. |
| 188 | |
| 189 | Private keys |
| 190 | ~~~~~~~~~~~~ |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 191 | |
| 192 | .. py:function:: dump_privatekey(type, pkey[, cipher, passphrase]) |
| 193 | |
| 194 | Dump the private key *pkey* into a buffer string encoded with the type |
| 195 | *type*, optionally (if *type* is :py:const:`FILETYPE_PEM`) encrypting it |
| 196 | using *cipher* and *passphrase*. |
| 197 | |
| 198 | *passphrase* must be either a string or a callback for providing the |
| 199 | pass phrase. |
| 200 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 201 | .. py:function:: load_privatekey(type, buffer[, passphrase]) |
| 202 | |
| 203 | Load a private key (PKey) from the string *buffer* encoded with the type |
| 204 | *type* (must be one of :py:const:`FILETYPE_PEM` and |
| 205 | :py:const:`FILETYPE_ASN1`). |
| 206 | |
| 207 | *passphrase* must be either a string or a callback for providing the pass |
| 208 | phrase. |
| 209 | |
Laurens Van Houtven | 07051d3 | 2014-06-19 12:00:30 +0200 | [diff] [blame] | 210 | Certificate revocation lists |
| 211 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 212 | |
| 213 | .. py:function:: load_crl(type, buffer) |
| 214 | |
| 215 | Load Certificate Revocation List (CRL) data from a string *buffer*. |
| 216 | *buffer* encoded with the type *type*. The type *type* must either |
| 217 | :py:const:`FILETYPE_PEM` or :py:const:`FILETYPE_ASN1`). |
| 218 | |
| 219 | |
| 220 | .. py:function:: load_pkcs7_data(type, buffer) |
| 221 | |
| 222 | Load pkcs7 data from the string *buffer* encoded with the type *type*. |
| 223 | |
| 224 | |
| 225 | .. py:function:: load_pkcs12(buffer[, passphrase]) |
| 226 | |
| 227 | Load pkcs12 data from the string *buffer*. If the pkcs12 structure is |
| 228 | encrypted, a *passphrase* must be included. The MAC is always |
| 229 | checked and thus required. |
| 230 | |
| 231 | See also the man page for the C function :py:func:`PKCS12_parse`. |
| 232 | |
Laurens Van Houtven | 07051d3 | 2014-06-19 12:00:30 +0200 | [diff] [blame] | 233 | Signing and verifying signatures |
| 234 | -------------------------------- |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 235 | |
| 236 | .. py:function:: sign(key, data, digest) |
| 237 | |
| 238 | Sign a data string using the given key and message digest. |
| 239 | |
| 240 | *key* is a :py:class:`PKey` instance. *data* is a ``str`` instance. |
| 241 | *digest* is a ``str`` naming a supported message digest type, for example |
| 242 | :py:const:`sha1`. |
| 243 | |
| 244 | .. versionadded:: 0.11 |
| 245 | |
| 246 | |
| 247 | .. py:function:: verify(certificate, signature, data, digest) |
| 248 | |
| 249 | Verify the signature for a data string. |
| 250 | |
| 251 | *certificate* is a :py:class:`X509` instance corresponding to the private |
| 252 | key which generated the signature. *signature* is a *str* instance giving |
| 253 | the signature itself. *data* is a *str* instance giving the data to which |
| 254 | the signature applies. *digest* is a *str* instance naming the message |
| 255 | digest type of the signature, for example :py:const:`sha1`. |
| 256 | |
| 257 | .. versionadded:: 0.11 |
| 258 | |
| 259 | |
| 260 | .. _openssl-x509: |
| 261 | |
| 262 | X509 objects |
| 263 | ------------ |
| 264 | |
Laurens Van Houtven | c3baa7b | 2014-06-18 22:06:56 +0200 | [diff] [blame] | 265 | .. autoclass:: X509 |
| 266 | :members: |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 267 | |
| 268 | .. _openssl-x509name: |
| 269 | |
| 270 | X509Name objects |
| 271 | ---------------- |
| 272 | |
Laurens Van Houtven | 196195b | 2014-06-17 17:06:34 +0200 | [diff] [blame] | 273 | .. autoclass:: X509Name |
| 274 | :members: |
| 275 | :special-members: |
| 276 | :exclude-members: __repr__, __getattr__, __weakref__ |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 277 | |
| 278 | .. _openssl-x509req: |
| 279 | |
| 280 | X509Req objects |
| 281 | --------------- |
| 282 | |
Laurens Van Houtven | 3e83d24 | 2014-06-18 14:29:47 +0200 | [diff] [blame] | 283 | .. autoclass:: X509Req |
| 284 | :members: |
| 285 | :special-members: |
| 286 | :exclude-members: __weakref__ |
Jean-Paul Calderone | 26e07d6 | 2014-03-02 08:08:23 -0500 | [diff] [blame] | 287 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 288 | .. _openssl-x509store: |
| 289 | |
| 290 | X509Store objects |
| 291 | ----------------- |
| 292 | |
Laurens Van Houtven | 8aeafdd | 2014-06-17 15:33:42 +0200 | [diff] [blame] | 293 | .. autoclass:: X509Store |
| 294 | :members: |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 295 | |
Stephen Holsapple | 95a4665 | 2015-02-09 19:34:25 -0800 | [diff] [blame] | 296 | X509StoreContextError objects |
| 297 | ----------------------------- |
| 298 | |
| 299 | The X509StoreContextError is an exception raised from |
| 300 | `X509StoreContext.verify_certificate` in circumstances where a certificate |
| 301 | cannot be verified in a provided context. |
| 302 | |
Jean-Paul Calderone | 876b2ac | 2015-03-15 16:17:19 -0400 | [diff] [blame] | 303 | The certificate for which the verification error was detected is given by the |
| 304 | ``certificate`` attribute of the exception instance as a :class:`X509` |
| 305 | instance. |
| 306 | |
| 307 | Details about the verification error are given in the exception's ``args`` attribute. |
Stephen Holsapple | 95a4665 | 2015-02-09 19:34:25 -0800 | [diff] [blame] | 308 | |
| 309 | |
Stephen Holsapple | 08ffaa6 | 2015-01-30 17:18:40 -0800 | [diff] [blame] | 310 | X509StoreContext objects |
| 311 | ------------------------ |
| 312 | |
| 313 | The X509StoreContext object is used for verifying a certificate against a set |
| 314 | of trusted certificates. |
| 315 | |
| 316 | |
| 317 | .. py:method:: X509StoreContext.verify_certificate() |
| 318 | |
| 319 | Verify a certificate in the context of this initialized `X509StoreContext`. |
| 320 | On error, raises `X509StoreContextError`, otherwise does nothing. |
| 321 | |
| 322 | .. versionadded:: 0.15 |
| 323 | |
| 324 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 325 | .. _openssl-pkey: |
| 326 | |
| 327 | PKey objects |
| 328 | ------------ |
| 329 | |
Laurens Van Houtven | 6e7dd43 | 2014-06-17 16:10:57 +0200 | [diff] [blame] | 330 | .. autoclass:: PKey |
| 331 | :members: |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 332 | |
| 333 | .. _openssl-pkcs7: |
| 334 | |
| 335 | PKCS7 objects |
| 336 | ------------- |
| 337 | |
| 338 | PKCS7 objects have the following methods: |
| 339 | |
Jonathan Ballet | 6381da3 | 2011-07-20 16:43:38 +0900 | [diff] [blame] | 340 | .. py:method:: PKCS7.type_is_signed() |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 341 | |
| 342 | FIXME |
| 343 | |
Jonathan Ballet | 6381da3 | 2011-07-20 16:43:38 +0900 | [diff] [blame] | 344 | .. py:method:: PKCS7.type_is_enveloped() |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 345 | |
| 346 | FIXME |
| 347 | |
Jonathan Ballet | 6381da3 | 2011-07-20 16:43:38 +0900 | [diff] [blame] | 348 | .. py:method:: PKCS7.type_is_signedAndEnveloped() |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 349 | |
| 350 | FIXME |
| 351 | |
Jonathan Ballet | 6381da3 | 2011-07-20 16:43:38 +0900 | [diff] [blame] | 352 | .. py:method:: PKCS7.type_is_data() |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 353 | |
| 354 | FIXME |
| 355 | |
Jonathan Ballet | 6381da3 | 2011-07-20 16:43:38 +0900 | [diff] [blame] | 356 | .. py:method:: PKCS7.get_type_name() |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 357 | |
| 358 | Get the type name of the PKCS7. |
| 359 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 360 | .. _openssl-pkcs12: |
| 361 | |
| 362 | PKCS12 objects |
| 363 | -------------- |
| 364 | |
Laurens Van Houtven | bb503a3 | 2014-06-19 12:28:08 +0200 | [diff] [blame] | 365 | .. autoclass:: PKCS12 |
| 366 | :members: |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 367 | |
| 368 | .. _openssl-509ext: |
| 369 | |
| 370 | X509Extension objects |
| 371 | --------------------- |
| 372 | |
Laurens Van Houtven | 2650de5 | 2014-06-18 13:47:47 +0200 | [diff] [blame] | 373 | .. autoclass:: X509Extension |
| 374 | :members: |
| 375 | :special-members: |
| 376 | :exclude-members: __weakref__ |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 377 | |
| 378 | .. _openssl-netscape-spki: |
| 379 | |
| 380 | NetscapeSPKI objects |
| 381 | -------------------- |
| 382 | |
Laurens Van Houtven | 59152b5 | 2014-06-19 16:42:30 +0200 | [diff] [blame] | 383 | .. autoclass:: NetscapeSPKI |
| 384 | :members: |
| 385 | :special-members: |
| 386 | :exclude-members: __weakref__ |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 387 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 388 | .. _crl: |
| 389 | |
| 390 | CRL objects |
| 391 | ----------- |
| 392 | |
Laurens Van Houtven | cb32e85 | 2014-06-19 17:36:28 +0200 | [diff] [blame] | 393 | .. autoclass:: CRL |
| 394 | :members: |
| 395 | :special-members: |
| 396 | :exclude-members: __weakref__ |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 397 | |
Jonathan Ballet | c9e066c | 2011-07-17 22:56:05 +0900 | [diff] [blame] | 398 | .. _revoked: |
| 399 | |
| 400 | Revoked objects |
| 401 | --------------- |
| 402 | |
Laurens Van Houtven | d92f55c | 2014-06-19 17:08:41 +0200 | [diff] [blame] | 403 | .. autoclass:: Revoked |
| 404 | :members: |
Laurens Van Houtven | 13d56ba | 2014-06-17 16:00:26 +0200 | [diff] [blame] | 405 | |
Laurens Van Houtven | c3baa7b | 2014-06-18 22:06:56 +0200 | [diff] [blame] | 406 | Digest names |
| 407 | ------------ |
| 408 | |
| 409 | Several of the functions and methods in this module take a digest |
| 410 | name. These must be strings describing a digest algorithm supported by |
| 411 | OpenSSL (by ``EVP_get_digestbyname``, specifically). For example, |
| 412 | :py:const:`b"md5"` or :py:const:`b"sha1"`. |
| 413 | |
| 414 | More information and a list of these digest names can be found in the |
| 415 | ``EVP_DigestInit(3)`` man page of your OpenSSL installation. This page |
| 416 | can be found online for the latest version of OpenSSL: |
| 417 | https://www.openssl.org/docs/crypto/EVP_DigestInit.html |
| 418 | |
Laurens Van Houtven | 13d56ba | 2014-06-17 16:00:26 +0200 | [diff] [blame] | 419 | Backwards compatible type names |
| 420 | ------------------------------- |
| 421 | |
| 422 | When PyOpenSSL was originally written, the most current version of |
| 423 | Python was 2.1. It made a distinction between classes and types. None |
| 424 | of the versions of Python currently supported by PyOpenSSL still |
| 425 | enforce that distinction: the type of an instance of an |
| 426 | :py:class:`X509` object is now simply :py:class:`X509`. Originally, |
| 427 | the type would have been :py:class:`X509Type`. These days, |
| 428 | :py:class:`X509Type` and :py:class:`X509` are literally the same |
| 429 | object. PyOpenSSL maintains these old names for backwards |
| 430 | compatibility. |
| 431 | |
| 432 | Here's a table of these backwards-compatible names: |
| 433 | |
| 434 | ========================= ============================= |
| 435 | Type name Backwards-compatible name |
| 436 | ========================= ============================= |
| 437 | :py:class:`X509` :py:class:`X509Type` |
| 438 | :py:class:`X509Name` :py:class:`X509NameType` |
| 439 | :py:class:`X509Req` :py:class:`X509ReqType` |
| 440 | :py:class:`X509Store` :py:class:`X509StoreType` |
| 441 | :py:class:`X509Extension` :py:class:`X509ExtensionType` |
| 442 | :py:class:`PKey` :py:class:`PKeyType` |
| 443 | :py:class:`PKCS7` :py:class:`PKCS7Type` |
| 444 | :py:class:`PKCS12` :py:class:`PKCS12Type` |
| 445 | :py:class:`NetscapeSPKI` :py:class:`NetscapeSPKIType` |
| 446 | :py:class:`CRL` :py:class:`CRLType` |
| 447 | ========================= ============================= |
| 448 | |
| 449 | Soem objects, such as py:class`Revoked`, don't have ``Type`` |
| 450 | equivalents, because they were added after the restriction had been |
| 451 | lifted. |