From 56da2a50cd96e7214f4fdb254610bc19d8c0f255 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Wed, 11 Feb 2015 23:35:07 -0600 Subject: add support for signature_algorithm in x509.Certificate --- docs/x509.rst | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) (limited to 'docs/x509.rst') diff --git a/docs/x509.rst b/docs/x509.rst index 0298d94d..8043b367 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -182,6 +182,18 @@ X.509 Certificate Object The :class:`Name` of the subject. + .. attribute:: signature_algorithm + + :type: :class:`ObjectIdentifier` + + An :class:`ObjectIdentifier` instance corresponding to the signature + algorithm used to sign the certificate. This is both the digest + used as well as the asymmetric type. + + .. doctest:: + + >>> cert.signature_algorithm + .. class:: Name @@ -266,6 +278,9 @@ Object Identifiers X.509 elements are frequently identified by :class:`ObjectIdentifier` instances. The following common OIDs are available as constants. +Name OIDs +~~~~~~~~~ + .. data:: OID_COMMON_NAME Corresponds to the dotted string ``"2.5.4.3"``. Historically the domain @@ -346,6 +361,75 @@ instances. The following common OIDs are available as constants. Corresponds to the dotted string ``"1.2.840.113549.1.9.1"``. This OID is typically seen in X.509 names. +Signature Algorithm OIDs +~~~~~~~~~~~~~~~~~~~~~~~~ + +.. data:: OID_MD5_WITH_RSA + + Corresponds to the dotted string ``"1.2.840.113549.1.1.4"``. This is + an MD5 digest signed by an RSA key. + +.. data:: OID_SHA1_WITH_RSA + + Corresponds to the dotted string ``"1.2.840.113549.1.1.5"``. This is + a SHA1 digest signed by an RSA key. + +.. data:: OID_SHA224_WITH_RSA + + Corresponds to the dotted string ``"1.2.840.113549.1.1.14"``. This is + a SHA224 digest signed by an RSA key. + +.. data:: OID_SHA256_WITH_RSA + + Corresponds to the dotted string ``"1.2.840.113549.1.1.11"``. This is + a SHA256 digest signed by an RSA key. + +.. data:: OID_SHA384_WITH_RSA + + Corresponds to the dotted string ``"1.2.840.113549.1.1.12"``. This is + a SHA384 digest signed by an RSA key. + +.. data:: OID_SHA512_WITH_RSA + + Corresponds to the dotted string ``"1.2.840.113549.1.1.13"``. This is + a SHA512 digest signed by an RSA key. + +.. data:: OID_ECDSA_WITH_SHA224 + + Corresponds to the dotted string ``"1.2.840.10045.4.3.1"``. This is + a SHA224 digest signed by an ECDSA key. + +.. data:: OID_ECDSA_WITH_SHA256 + + Corresponds to the dotted string ``"1.2.840.10045.4.3.2"``. This is + a SHA256 digest signed by an ECDSA key. + +.. data:: OID_ECDSA_WITH_SHA384 + + Corresponds to the dotted string ``"1.2.840.10045.4.3.3"``. This is + a SHA384 digest signed by an ECDSA key. + +.. data:: OID_ECDSA_WITH_SHA512 + + Corresponds to the dotted string ``"1.2.840.10045.4.3.4"``. This is + a SHA512 digest signed by an ECDSA key. + +.. data:: OID_DSA_WITH_SHA1 + + Corresponds to the dotted string ``"1.2.840.10040.4.3"``. This is + a SHA1 digest signed by a DSA key. + +.. data:: OID_DSA_WITH_SHA224 + + Corresponds to the dotted string ``"2.16.840.1.101.3.4.3.1"``. This is + a SHA224 digest signed by a DSA key. + +.. data:: OID_DSA_WITH_SHA256 + + Corresponds to the dotted string ``2.16.840.1.101.3.4.3.2"``. This is + a SHA256 digest signed by a DSA key. + + Exceptions ~~~~~~~~~~ -- cgit v1.2.3 From 8802a5bae7138d10c289361e5204fb1ea72fc099 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Fri, 13 Feb 2015 12:06:57 -0600 Subject: implement signature_hash_algorithm instead --- docs/x509.rst | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) (limited to 'docs/x509.rst') diff --git a/docs/x509.rst b/docs/x509.rst index 8043b367..193b8452 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -182,18 +182,19 @@ X.509 Certificate Object The :class:`Name` of the subject. - .. attribute:: signature_algorithm + .. attribute:: signature_hash_algorithm - :type: :class:`ObjectIdentifier` + :type: :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` - An :class:`ObjectIdentifier` instance corresponding to the signature - algorithm used to sign the certificate. This is both the digest - used as well as the asymmetric type. + A :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` + corresponding to the hash algorithm used within the certificate + signature. .. doctest:: - >>> cert.signature_algorithm - + >>> from cryptography.hazmat.primitives import hashes + >>> isinstance(cert.signature_hash_algorithm, hashes.SHA256) + True .. class:: Name -- cgit v1.2.3 From e612ec74f68f344ee4bde5d6e377ffc03cdb1ec6 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 16 Feb 2015 14:33:35 -0600 Subject: try to make this a bit more clear --- docs/x509.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs/x509.rst') diff --git a/docs/x509.rst b/docs/x509.rst index 193b8452..e16e79e9 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -186,9 +186,9 @@ X.509 Certificate Object :type: :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` - A :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` - corresponding to the hash algorithm used within the certificate - signature. + Returns the + :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` used in + the signature. .. doctest:: -- cgit v1.2.3 From e19201e6250cf0f60bbf2362938294ab7c533d3b Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Mon, 16 Feb 2015 18:05:20 -0600 Subject: attempt to clarify signature hash algorithm a bit more --- docs/x509.rst | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'docs/x509.rst') diff --git a/docs/x509.rst b/docs/x509.rst index e16e79e9..262ba301 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -188,7 +188,11 @@ X.509 Certificate Object Returns the :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` used in - the signature. + the certificate's signature. + + .. note:: + Items signed by the parsed certificate do not have to use the same + hash algorithm. .. doctest:: -- cgit v1.2.3 From 71d40c6af6c70f38da3bf1f65c8b8f16ae7d567e Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 19 Feb 2015 08:21:04 -0600 Subject: address review feedback, fix short names for sig alg OIDs --- docs/x509.rst | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) (limited to 'docs/x509.rst') diff --git a/docs/x509.rst b/docs/x509.rst index 262ba301..a3426a2b 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -187,12 +187,8 @@ X.509 Certificate Object :type: :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` Returns the - :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` used in - the certificate's signature. - - .. note:: - Items signed by the parsed certificate do not have to use the same - hash algorithm. + :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` which + was used in signing the certificate. .. doctest:: @@ -369,32 +365,32 @@ Name OIDs Signature Algorithm OIDs ~~~~~~~~~~~~~~~~~~~~~~~~ -.. data:: OID_MD5_WITH_RSA +.. data:: OID_MD5_WITH_RSA_ENCRYPTION Corresponds to the dotted string ``"1.2.840.113549.1.1.4"``. This is an MD5 digest signed by an RSA key. -.. data:: OID_SHA1_WITH_RSA +.. data:: OID_SHA1_WITH_RSA_ENCRYPTION Corresponds to the dotted string ``"1.2.840.113549.1.1.5"``. This is a SHA1 digest signed by an RSA key. -.. data:: OID_SHA224_WITH_RSA +.. data:: OID_SHA224_WITH_RSA_ENCRYPTION Corresponds to the dotted string ``"1.2.840.113549.1.1.14"``. This is a SHA224 digest signed by an RSA key. -.. data:: OID_SHA256_WITH_RSA +.. data:: OID_SHA256_WITH_RSA_ENCRYPTION Corresponds to the dotted string ``"1.2.840.113549.1.1.11"``. This is a SHA256 digest signed by an RSA key. -.. data:: OID_SHA384_WITH_RSA +.. data:: OID_SHA384_WITH_RSA_ENCRYPTION Corresponds to the dotted string ``"1.2.840.113549.1.1.12"``. This is a SHA384 digest signed by an RSA key. -.. data:: OID_SHA512_WITH_RSA +.. data:: OID_SHA512_WITH_RSA_ENCRYPTION Corresponds to the dotted string ``"1.2.840.113549.1.1.13"``. This is a SHA512 digest signed by an RSA key. -- cgit v1.2.3 From 1a7ba87dcc9c44178c9dae3351484707730d6a18 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 19 Feb 2015 18:09:05 -0600 Subject: surrender to alex's feels and name our constants consistently --- docs/x509.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'docs/x509.rst') diff --git a/docs/x509.rst b/docs/x509.rst index a3426a2b..27f1d544 100644 --- a/docs/x509.rst +++ b/docs/x509.rst @@ -188,7 +188,7 @@ X.509 Certificate Object Returns the :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` which - was used in signing the certificate. + was used in signing this certificate. .. doctest:: @@ -365,32 +365,32 @@ Name OIDs Signature Algorithm OIDs ~~~~~~~~~~~~~~~~~~~~~~~~ -.. data:: OID_MD5_WITH_RSA_ENCRYPTION +.. data:: OID_RSA_WITH_MD5 Corresponds to the dotted string ``"1.2.840.113549.1.1.4"``. This is an MD5 digest signed by an RSA key. -.. data:: OID_SHA1_WITH_RSA_ENCRYPTION +.. data:: OID_RSA_WITH_SHA1 Corresponds to the dotted string ``"1.2.840.113549.1.1.5"``. This is a SHA1 digest signed by an RSA key. -.. data:: OID_SHA224_WITH_RSA_ENCRYPTION +.. data:: OID_RSA_WITH_SHA224 Corresponds to the dotted string ``"1.2.840.113549.1.1.14"``. This is a SHA224 digest signed by an RSA key. -.. data:: OID_SHA256_WITH_RSA_ENCRYPTION +.. data:: OID_RSA_WITH_SHA256 Corresponds to the dotted string ``"1.2.840.113549.1.1.11"``. This is a SHA256 digest signed by an RSA key. -.. data:: OID_SHA384_WITH_RSA_ENCRYPTION +.. data:: OID_RSA_WITH_SHA384 Corresponds to the dotted string ``"1.2.840.113549.1.1.12"``. This is a SHA384 digest signed by an RSA key. -.. data:: OID_SHA512_WITH_RSA_ENCRYPTION +.. data:: OID_RSA_WITH_SHA512 Corresponds to the dotted string ``"1.2.840.113549.1.1.13"``. This is a SHA512 digest signed by an RSA key. -- cgit v1.2.3