diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2018-11-29 11:51:38 +0800 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2018-11-28 22:51:38 -0500 |
| commit | e4e7b89fb627b372cde4158ceb7078d8769497cb (patch) | |
| tree | 9dc87beda0cf2d1a948feea01c87361feb1a32af /docs/hazmat | |
| parent | 2f2f3d2e414a0167ae3a98b9b608904b2c76a35f (diff) | |
| download | cryptography-e4e7b89fb627b372cde4158ceb7078d8769497cb.tar.gz cryptography-e4e7b89fb627b372cde4158ceb7078d8769497cb.tar.bz2 cryptography-e4e7b89fb627b372cde4158ceb7078d8769497cb.zip | |
PKCS12 Basic Parsing (#4553)
* PKCS12 parsing support
* running all the tests is so gauche
* rename func
* various significant fixes
* dangerous idiot here
* move pkcs12
* docs updates
* a bit more prose
Diffstat (limited to 'docs/hazmat')
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/serialization.rst | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 90ec10eb..7b3fb1d6 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -397,9 +397,46 @@ DSA keys look almost identical but begin with ``ssh-dss`` rather than :raises cryptography.exceptions.UnsupportedAlgorithm: If the serialized key is of a type that is not supported. +PKCS12 +~~~~~~ + +.. currentmodule:: cryptography.hazmat.primitives.serialization.pkcs12 + +PKCS12 is a binary format described in :rfc:`7292`. It can contain +certificates, keys, and more. PKCS12 files commonly have a ``pfx`` or ``p12`` +file suffix. + +.. note:: + + ``cryptography`` only supports a single private key and associated + certificates when parsing PKCS12 files at this time. + +.. function:: load_key_and_certificates(data, password, backend) + + .. versionadded:: 2.5 + + Deserialize a PKCS12 blob. + + :param bytes data: The binary data. + + :param bytes password: The password to use to decrypt the data. ``None`` + if the PKCS12 is not encrypted. + + :param backend: A backend instance. + + :returns: A tuple of + ``(private_key, certificate, additional_certificates)``. + ``private_key`` is a private key type or ``None``, ``certificate`` + is either the :class:`~cryptography.x509.Certificate` whose public key + matches the private key in the PKCS 12 object or ``None``, and + ``additional_certificates`` is a list of all other + :class:`~cryptography.x509.Certificate` instances in the PKCS12 object. + Serialization Formats ~~~~~~~~~~~~~~~~~~~~~ +.. currentmodule:: cryptography.hazmat.primitives.serialization + .. class:: PrivateFormat .. versionadded:: 0.8 |