crypto — Generic cryptographic module¶
Note
pyca/cryptography is likely a better choice than using this module.
It contains a complete set of cryptographic primitives as well as a significantly better and more powerful X509 API.
If necessary you can convert to and from cryptography objects using the to_cryptography and from_cryptography methods on X509, X509Req, CRL, and PKey.
Elliptic curves¶
Serialization and deserialization¶
The following serialization functions take one of these constants to determine the format.
- OpenSSL.crypto.FILETYPE_PEM¶
FILETYPE_PEM serializes data to a Base64-encoded encoded representation of the underlying ASN.1 data structure. This representation includes delimiters that define what data structure is contained within the Base64-encoded block: for example, for a certificate, the delimiters are -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
- OpenSSL.crypto.FILETYPE_ASN1¶
FILETYPE_ASN1 serializes data to the underlying ASN.1 data structure. The format used by FILETYPE_ASN1 is also sometimes referred to as DER.
Certificates¶
Certificate signing requests¶
Private keys¶
Public keys¶
Certificate revocation lists¶
Signing and verifying signatures¶
X509 objects¶
X509Name objects¶
X509Req objects¶
X509Store objects¶
X509StoreContextError objects¶
X509StoreContext objects¶
X509StoreFlags constants¶
PKey objects¶
PKCS7 objects¶
PKCS7 objects have the following methods:
PKCS12 objects¶
X509Extension objects¶
NetscapeSPKI objects¶
CRL objects¶
Revoked objects¶
Exceptions¶
Digest names¶
Several of the functions and methods in this module take a digest name.
These must be strings describing a digest algorithm supported by OpenSSL (by EVP_get_digestbyname, specifically).
For example, b"sha256" or b"sha384".
More information and a list of these digest names can be found in the EVP_DigestInit(3) man page of your OpenSSL installation.
This page can be found online for the latest version of OpenSSL:
https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html