:py:mod:`crypto` --- Generic cryptographic module
.. py:module:: OpenSSL.crypto :synopsis: Generic cryptographic module
Note
pyca/cryptography is likely a better choice than using this module.
It contains a complete set of cryptographic primitives as well as a significantly better and more powerful X509 API.
If necessary you can convert to and from cryptography objects using the to_cryptography and from_cryptography methods on X509, X509Req, CRL, and PKey.
.. autofunction:: get_elliptic_curves
.. autofunction:: get_elliptic_curve
The following serialization functions take one of these constants to determine the format.
.. py:data:: FILETYPE_PEM
:data:`FILETYPE_PEM` serializes data to a Base64-encoded encoded representation of the underlying ASN.1 data structure. This representation includes delimiters that define what data structure is contained within the Base64-encoded block: for example, for a certificate, the delimiters are -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
.. py:data:: FILETYPE_ASN1
:data:`FILETYPE_ASN1` serializes data to the underlying ASN.1 data structure. The format used by :data:`FILETYPE_ASN1` is also sometimes referred to as DER.
.. autofunction:: dump_certificate
.. autofunction:: load_certificate
.. autofunction:: dump_certificate_request
.. autofunction:: load_certificate_request
.. autofunction:: dump_privatekey
.. autofunction:: load_privatekey
.. autofunction:: dump_publickey
.. autofunction:: load_publickey
.. autofunction:: dump_crl
.. autofunction:: load_crl
.. autofunction:: load_pkcs7_data
.. autofunction:: load_pkcs12
.. autofunction:: sign
.. autofunction:: verify
.. autoclass:: X509
:members:
.. autoclass:: X509Name
:members:
:special-members:
:exclude-members: __repr__, __getattr__, __weakref__
.. autoclass:: X509Req
:members:
:special-members:
:exclude-members: __weakref__
.. autoclass:: X509Store
:members:
.. autoclass:: X509StoreContextError
:members:
.. autoclass:: X509StoreContext
:members:
.. autoclass:: X509StoreFlags
.. data:: CRL_CHECK
.. data:: CRL_CHECK_ALL
.. data:: IGNORE_CRITICAL
.. data:: X509_STRICT
.. data:: ALLOW_PROXY_CERTS
.. data:: POLICY_CHECK
.. data:: EXPLICIT_POLICY
.. data:: INHIBIT_MAP
.. data:: NOTIFY_POLICY
.. data:: CHECK_SS_SIGNATURE
.. data:: PARTIAL_CHAIN
.. autoclass:: PKey
:members:
.. py:data:: TYPE_RSA
TYPE_DSA
Key type constants.
PKCS7 objects have the following methods:
.. autoclass:: PKCS7
:members:
.. autoclass:: PKCS12
:members:
.. autoclass:: X509Extension
:members:
:special-members:
:exclude-members: __weakref__
.. autoclass:: NetscapeSPKI
:members:
:special-members:
:exclude-members: __weakref__
.. autoclass:: CRL
:members:
:special-members:
:exclude-members: __weakref__
.. autoclass:: Revoked
:members:
.. py:exception:: Error
Generic exception used in the :py:mod:`.crypto` module.
Several of the functions and methods in this module take a digest name.
These must be strings describing a digest algorithm supported by OpenSSL (by EVP_get_digestbyname, specifically).
For example, :const:`b"sha256"` or :const:`b"sha384"`.
More information and a list of these digest names can be found in the EVP_DigestInit(3) man page of your OpenSSL installation.
This page can be found online for the latest version of OpenSSL:
https://www.openssl.org/docs/manmaster/man3/EVP_DigestInit.html