aboutsummaryrefslogtreecommitdiffstats
path: root/docs/hazmat
diff options
context:
space:
mode:
authorPaul Kehrer <paul.l.kehrer@gmail.com>2018-11-29 11:51:38 +0800
committerAlex Gaynor <alex.gaynor@gmail.com>2018-11-28 22:51:38 -0500
commite4e7b89fb627b372cde4158ceb7078d8769497cb (patch)
tree9dc87beda0cf2d1a948feea01c87361feb1a32af /docs/hazmat
parent2f2f3d2e414a0167ae3a98b9b608904b2c76a35f (diff)
downloadcryptography-e4e7b89fb627b372cde4158ceb7078d8769497cb.tar.gz
cryptography-e4e7b89fb627b372cde4158ceb7078d8769497cb.tar.bz2
cryptography-e4e7b89fb627b372cde4158ceb7078d8769497cb.zip
PKCS12 Basic Parsing (#4553)
* PKCS12 parsing support * running all the tests is so gauche * rename func * various significant fixes * dangerous idiot here * move pkcs12 * docs updates * a bit more prose
Diffstat (limited to 'docs/hazmat')
-rw-r--r--docs/hazmat/primitives/asymmetric/serialization.rst37
1 files changed, 37 insertions, 0 deletions
diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst
index 90ec10eb..7b3fb1d6 100644
--- a/docs/hazmat/primitives/asymmetric/serialization.rst
+++ b/docs/hazmat/primitives/asymmetric/serialization.rst
@@ -397,9 +397,46 @@ DSA keys look almost identical but begin with ``ssh-dss`` rather than
:raises cryptography.exceptions.UnsupportedAlgorithm: If the serialized
key is of a type that is not supported.
+PKCS12
+~~~~~~
+
+.. currentmodule:: cryptography.hazmat.primitives.serialization.pkcs12
+
+PKCS12 is a binary format described in :rfc:`7292`. It can contain
+certificates, keys, and more. PKCS12 files commonly have a ``pfx`` or ``p12``
+file suffix.
+
+.. note::
+
+ ``cryptography`` only supports a single private key and associated
+ certificates when parsing PKCS12 files at this time.
+
+.. function:: load_key_and_certificates(data, password, backend)
+
+ .. versionadded:: 2.5
+
+ Deserialize a PKCS12 blob.
+
+ :param bytes data: The binary data.
+
+ :param bytes password: The password to use to decrypt the data. ``None``
+ if the PKCS12 is not encrypted.
+
+ :param backend: A backend instance.
+
+ :returns: A tuple of
+ ``(private_key, certificate, additional_certificates)``.
+ ``private_key`` is a private key type or ``None``, ``certificate``
+ is either the :class:`~cryptography.x509.Certificate` whose public key
+ matches the private key in the PKCS 12 object or ``None``, and
+ ``additional_certificates`` is a list of all other
+ :class:`~cryptography.x509.Certificate` instances in the PKCS12 object.
+
Serialization Formats
~~~~~~~~~~~~~~~~~~~~~
+.. currentmodule:: cryptography.hazmat.primitives.serialization
+
.. class:: PrivateFormat
.. versionadded:: 0.8