From a9f2fecf500460a2755d6a563828eed67cec28b8 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 10 Jul 2014 10:31:19 -0500 Subject: these functions were removed before 0.5 release --- .../hazmat/primitives/asymmetric/serialization.rst | 38 ---------------------- 1 file changed, 38 deletions(-) (limited to 'docs/hazmat/primitives/asymmetric') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 874fce83..0525ed74 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -98,41 +98,3 @@ header that mentions the type of the serialized key. e.g. :raises UnsupportedAlgorithm: If the serialized key is of a type that is not supported by the backend or if the key is encrypted with a symmetric cipher that is not supported by the backend. - - -RSA Numbers -~~~~~~~~~~~ - -.. function:: load_rsa_private_numbers(numbers, backend) - - .. versionadded:: 0.5 - - Create a private key instance using the given backend and numbers. - - :param numbers: An instance of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateNumbers`. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` provider. - - :returns: A new instance of a private key. - - :raises UnsupportedAlgorithm: If the given backend does not support loading - numbers. - -.. function:: load_rsa_public_numbers(numbers, backend) - - .. versionadded:: 0.5 - - Create a public key instance using the given backend and numbers. - - :param numbers: An instance of - :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicNumbers`. - - :param backend: A - :class:`~cryptography.hazmat.backends.interfaces.RSABackend` provider. - - :returns: A new instance of a public key. - - :raises UnsupportedAlgorithm: If the given backend does not support loading - numbers. -- cgit v1.2.3 From bdcca520d5a91f0b021e495782a1ff115a34c859 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 10 Jul 2014 10:37:47 -0500 Subject: document methods on RSA/DSA Numbers classes --- docs/hazmat/primitives/asymmetric/dsa.rst | 30 ++++++++++++++++++++++++++++++ docs/hazmat/primitives/asymmetric/rsa.rst | 19 +++++++++++++++++++ 2 files changed, 49 insertions(+) (limited to 'docs/hazmat/primitives/asymmetric') diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index 55f36b51..e411931b 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -119,6 +119,16 @@ Numbers The generator. + .. method:: parameters(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.DSABackend` + provider. + + :returns: A new instance of a + :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters` + provider. + .. class:: DSAPublicNumbers(y, parameter_numbers) .. versionadded:: 0.5 @@ -138,6 +148,16 @@ Numbers The :class:`~cryptography.hazmat.primitives.dsa.DSAParameterNumbers` associated with the public key. + .. method:: public_key(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.DSABackend` + provider. + + :returns: A new instance of a + :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` + provider. + .. class:: DSAPrivateNumbers(x, public_numbers) .. versionadded:: 0.5 @@ -162,6 +182,16 @@ Numbers The :class:`~cryptography.hazmat.primitives.dsa.DSAPublicNumbers` associated with the private key. + .. method:: private_key(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.DSABackend` + provider. + + :returns: A new instance of a + :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey` + provider. + Deprecated Concrete Classes ~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 7250066a..a9637523 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -153,6 +153,15 @@ is unavailable. The public exponent. + .. method:: public_key(backend) + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :returns: A new instance of a + :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` + provider. .. class:: RSAPrivateNumbers(p, q, d, dmp1, dmq1, iqmp, public_numbers) @@ -213,6 +222,16 @@ is unavailable. A `Chinese remainder theorem`_ coefficient used to speed up RSA operations. Calculated as: q\ :sup:`-1` mod p + .. method:: private_key(backend) + + :param backend: A new instance of a + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :returns: A + :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` + provider. + Handling partial RSA private keys ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- cgit v1.2.3 From 9883e4e970cd8ed3bcdb58ee4679fb166fb0c391 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 10 Jul 2014 12:53:00 -0700 Subject: Document what the PEM headers look like in more cases --- docs/hazmat/primitives/asymmetric/serialization.rst | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'docs/hazmat/primitives/asymmetric') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 0525ed74..2a70146f 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -28,9 +28,11 @@ methods. PKCS #8 Format ~~~~~~~~~~~~~~ -PKCS #8 is a serialization format originally standardized by RSA and -currently maintained by the IETF in :rfc:`5208`. It supports password based -encryption and additional key metadata attributes. +PKCS #8 is a serialization format originally standardized by RSA and currently +maintained by the IETF in :rfc:`5208`. It supports password based encryption +and additional key metadata attributes. These keys are recognizable because +they all begin with ``-----BEGIN PRIVATE KEY-----`` or with ``-----BEGIN +ENCRYPTED PRIVATE KEY-----`` if they have a password. .. function:: load_pkcs8_private_key(data, password, backend) @@ -44,6 +46,7 @@ encryption and additional key metadata attributes. :param bytes password: The password to use to decrypt the data. Should be ``None`` if the private key is not encrypted. + :param backend: A :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend` provider. @@ -65,11 +68,11 @@ encryption and additional key metadata attributes. Traditional OpenSSL Format ~~~~~~~~~~~~~~~~~~~~~~~~~~ -The "traditional" PKCS #1 based serialization format used by OpenSSL. -It supports password based symmetric key encryption. Commonly found in -OpenSSL based TLS applications. It is usually found in PEM format with a -header that mentions the type of the serialized key. e.g. -``-----BEGIN RSA PRIVATE KEY-----``. +The "traditional" PKCS #1 based serialization format used by OpenSSL. It +supports password based symmetric key encryption. Commonly found in OpenSSL +based TLS applications. It is usually found in PEM format with a header that +mentions the type of the serialized key. e.g. ``-----BEGIN RSA PRIVATE +KEY-----`` or ``-----BEGIN DSA PRIVATE KEY-----``. .. function:: load_pem_traditional_openssl_private_key(data, password, backend) @@ -82,6 +85,7 @@ header that mentions the type of the serialized key. e.g. :param bytes password: The password to use to decrypt the data. Should be ``None`` if the private key is not encrypted. + :param backend: A :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend` provider. -- cgit v1.2.3 From 192f1f714d2b35b9b38916aebf6132ad58e076da Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Thu, 10 Jul 2014 13:20:29 -0700 Subject: Mention both RFCs --- docs/hazmat/primitives/asymmetric/serialization.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'docs/hazmat/primitives/asymmetric') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 2a70146f..739bfb88 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -29,10 +29,10 @@ PKCS #8 Format ~~~~~~~~~~~~~~ PKCS #8 is a serialization format originally standardized by RSA and currently -maintained by the IETF in :rfc:`5208`. It supports password based encryption -and additional key metadata attributes. These keys are recognizable because -they all begin with ``-----BEGIN PRIVATE KEY-----`` or with ``-----BEGIN -ENCRYPTED PRIVATE KEY-----`` if they have a password. +maintained by the IETF in :rfc:`5208` and :rfc:`5958`. It supports password +based encryption and additional key metadata attributes. These keys are +recognizable because they all begin with ``-----BEGIN PRIVATE KEY-----`` or +with ``-----BEGIN ENCRYPTED PRIVATE KEY-----`` if they have a password. .. function:: load_pkcs8_private_key(data, password, backend) -- cgit v1.2.3 From 3ed90bb71a7d9339bafd1ac2c13a53c2aef22a96 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 11 Jul 2014 12:42:02 -0700 Subject: Fixed example in the serialization docs --- docs/hazmat/primitives/asymmetric/serialization.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'docs/hazmat/primitives/asymmetric') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 739bfb88..c092fab0 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -16,10 +16,11 @@ methods. .. code-block:: pycon + >>> from cryptography.hazmat.primitives import interfaces >>> key = load_pkcs8_private_key(pem_data, None, backend) - >>> if isinstance(key, rsa.RSAPrivateKey): + >>> if isinstance(key, interfaces.RSAPrivateKey): >>> signature = sign_with_rsa_key(key, message) - >>> elif isinstance(key, dsa.DSAPrivateKey): + >>> elif isinstance(key, interfaces.DSAPrivateKey): >>> signature = sign_with_dsa_key(key, message) >>> else: >>> raise TypeError -- cgit v1.2.3 From 814c57538b7cabba28024fb26c35dc29ab30dfc1 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 11 Jul 2014 13:02:50 -0700 Subject: Fixed name of the function --- docs/hazmat/primitives/asymmetric/serialization.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'docs/hazmat/primitives/asymmetric') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index c092fab0..93bcffd0 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -17,7 +17,8 @@ methods. .. code-block:: pycon >>> from cryptography.hazmat.primitives import interfaces - >>> key = load_pkcs8_private_key(pem_data, None, backend) + >>> from cryptography.hazmat.primitives.serialization import load_pem_pkcs8_private_key + >>> key = load_pem_pkcs8_private_key(pem_data, password=None, backend=backend) >>> if isinstance(key, interfaces.RSAPrivateKey): >>> signature = sign_with_rsa_key(key, message) >>> elif isinstance(key, interfaces.DSAPrivateKey): @@ -36,7 +37,7 @@ recognizable because they all begin with ``-----BEGIN PRIVATE KEY-----`` or with ``-----BEGIN ENCRYPTED PRIVATE KEY-----`` if they have a password. -.. function:: load_pkcs8_private_key(data, password, backend) +.. function:: load_pem_pkcs8_private_key(data, password, backend) .. versionadded:: 0.5 -- cgit v1.2.3 From 58a3f9197288447e6ee8d96d75afea77829dde8c Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Fri, 11 Jul 2014 16:20:50 -0700 Subject: Turn this into a doctest block --- .../hazmat/primitives/asymmetric/serialization.rst | 42 ++++++++++++++++++---- 1 file changed, 35 insertions(+), 7 deletions(-) (limited to 'docs/hazmat/primitives/asymmetric') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 93bcffd0..5438c249 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -5,6 +5,33 @@ Key Serialization .. currentmodule:: cryptography.hazmat.primitives.serialization +.. testsetup:: + + pem_data = b""" + -----BEGIN RSA PRIVATE KEY----- + MIICXgIBAAKBgQDn09PV9KPE7Q+N5K5UtNLT1DLl8z/pKM2pP5tXqWx2OsEw00lC + kDHdHESwzS050s/8rtkERKKyusCzCm9+vC1pQzUlmtibfF4PQAQc1pJL6KHqlidg + Hw49atYmnC25CaeXt65pAYXoIacOZ8k5X7FW3Eagex8nG0iMw4ObOtg6CwIDAQAB + AoGBAL31l/4YYN1rNrSZLrQgGyUSGsbLxJHEKolFon95R3O1fzoH117gkstQb4TE + Cwv3jw/JIfBaYUq8tku/AE9D2Jx51x7kYaCuQIMTavKIgkXKfxTQCQDjSEfkvXMW + 4WOIj5sYdSCNbzLbaeFsWG32bSsBTy/sSheDIlCEFnqDuqwBAkEA+wYfJEMDf5nS + VCQd9VKGM4HVeTWBioaWBFCflFdhc1Vb65dsNDp8iIMZgAHC2LEX5dMUmgqXk7AT + lwFlIeW4CwJBAOxsSfuIVMuPKyx1xQ6ebpC7zeVxIOdswcM8ain91MSGDdKZw6pF + ioFh3kUbKHw4yqqHbdRmUDAJ1mcgGJQOxgECQQCmQaGylKfmhWymyd0FtIip6J4I + z4ViyEznwrZOu6kRiEF/QiUqWmpMx/fFrmTsvC5Fy43jkIxgBsiSxRvEXa+NAkB+ + 5m0bhwTEslchKSGZhC6inzuYAQ4BSh4C1mXBnk5bIf0/Ymtk9KiwY8CzZS1o5+7Y + c5LfI/+8mTss5UxsBDYBAkEA6NqhcsNWndIJZiWUU4u+RjFUQXqH8WCyJmEDCNxs + 7SGRS1DTUGX4Y70m9dQpguy6Zg+gpHC+o+ERZR06uEQr+w== + -----END RSA PRIVATE KEY----- + """.strip() + message = b"" + + def sign_with_rsa_key(key, message): + return b"" + + def sign_with_dsa_key(key, message): + return b"" + There are several common schemes for serializing asymmetric private and public keys to bytes. They generally support encryption of private keys and additional key metadata. @@ -14,17 +41,18 @@ and will return an instance of the appropriate type. You should check that the returned key matches the type your application expects when using these methods. - .. code-block:: pycon + .. doctest:: + >>> from cryptography.hazmat.backends import default_backend >>> from cryptography.hazmat.primitives import interfaces >>> from cryptography.hazmat.primitives.serialization import load_pem_pkcs8_private_key - >>> key = load_pem_pkcs8_private_key(pem_data, password=None, backend=backend) + >>> key = load_pem_pkcs8_private_key(pem_data, password=None, backend=default_backend()) >>> if isinstance(key, interfaces.RSAPrivateKey): - >>> signature = sign_with_rsa_key(key, message) - >>> elif isinstance(key, interfaces.DSAPrivateKey): - >>> signature = sign_with_dsa_key(key, message) - >>> else: - >>> raise TypeError + ... signature = sign_with_rsa_key(key, message) + ... elif isinstance(key, interfaces.DSAPrivateKey): + ... signature = sign_with_dsa_key(key, message) + ... else: + ... raise TypeError PKCS #8 Format -- cgit v1.2.3