Merge pull request #1651 from reaperhulk/x509-signature-algorithm

X509 certificate signature algorithm support
author: Alex Gaynor <alex.gaynor@gmail.com> 2015-02-19 17:18:16 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2015-02-19 17:18:16 -0800
commit: 1b2a616174951d723df791695a461871a46042c4 (patch)
tree: a90d8da5c2e23103814aaf78a15e5de9c4e9a074 /docs
parent: fa35ef8ae841708e31e23a43167fff3fd88ae969 (diff)
parent: 1a7ba87dcc9c44178c9dae3351484707730d6a18 (diff)
download: cryptography-1b2a616174951d723df791695a461871a46042c4.tar.gz
cryptography-1b2a616174951d723df791695a461871a46042c4.tar.bz2
cryptography-1b2a616174951d723df791695a461871a46042c4.zip
3 files changed, 90 insertions, 0 deletions
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 4c048abf..2cd9faa6 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -80,6 +80,9 @@ X.509
 * ``v1_cert.pem`` from the OpenSSL source tree (`testx509.pem`_).
 * ``ecdsa_root.pem`` - `DigiCert Global Root G3`_, a ``secp384r1`` ECDSA root
   certificate.
+* ``verisign-md2-root.pem`` - A legacy Verisign public root signed using the
+  MD2 algorithm. This is a PEM conversion of the `root data`_ in the NSS source
+  tree.
 
 Custom X.509 Vectors
 ~~~~~~~~~~~~~~~~~~~~
@@ -219,3 +222,4 @@ header format (substituting the correct information):
 .. _`NIST PKI Testing`: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/pkitesting.html
 .. _`testx509.pem`: https://github.com/openssl/openssl/blob/master/test/testx509.pem
 .. _`DigiCert Global Root G3`: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt
+.. _`root data`: https://hg.mozilla.org/projects/nss/file/25b2922cc564/security/nss/lib/ckfw/builtins/certdata.txt#l2053
diff --git a/docs/spelling_wordlist.txt b/docs/spelling_wordlist.txt
index fefd26b3..ddd37897 100644
--- a/docs/spelling_wordlist.txt
+++ b/docs/spelling_wordlist.txt
@@ -51,3 +51,4 @@ Ubuntu
 unencrypted
 unpadded
 unpadding
+Verisign
diff --git a/docs/x509.rst b/docs/x509.rst
index 0298d94d..27f1d544 100644
--- a/docs/x509.rst
+++ b/docs/x509.rst
@@ -182,6 +182,19 @@ X.509 Certificate Object
 
         The :class:`Name` of the subject.
 
+    .. attribute:: signature_hash_algorithm
+
+        :type: :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
+
+        Returns the
+        :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` which
+        was used in signing this certificate.
+
+        .. doctest::
+
+            >>> from cryptography.hazmat.primitives import hashes
+            >>> isinstance(cert.signature_hash_algorithm, hashes.SHA256)
+            True
 
 .. class:: Name
 
@@ -266,6 +279,9 @@ Object Identifiers
 X.509 elements are frequently identified by :class:`ObjectIdentifier`
 instances. The following common OIDs are available as constants.
 
+Name OIDs
+~~~~~~~~~
+
 .. data:: OID_COMMON_NAME
 
     Corresponds to the dotted string ``"2.5.4.3"``. Historically the domain
@@ -346,6 +362,75 @@ instances. The following common OIDs are available as constants.
     Corresponds to the dotted string ``"1.2.840.113549.1.9.1"``. This OID is
     typically seen in X.509 names.
 
+Signature Algorithm OIDs
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. data:: OID_RSA_WITH_MD5
+
+    Corresponds to the dotted string ``"1.2.840.113549.1.1.4"``. This is
+    an MD5 digest signed by an RSA key.
+
+.. data:: OID_RSA_WITH_SHA1
+
+    Corresponds to the dotted string ``"1.2.840.113549.1.1.5"``. This is
+    a SHA1 digest signed by an RSA key.
+
+.. data:: OID_RSA_WITH_SHA224
+
+    Corresponds to the dotted string ``"1.2.840.113549.1.1.14"``. This is
+    a SHA224 digest signed by an RSA key.
+
+.. data:: OID_RSA_WITH_SHA256
+
+    Corresponds to the dotted string ``"1.2.840.113549.1.1.11"``. This is
+    a SHA256 digest signed by an RSA key.
+
+.. data:: OID_RSA_WITH_SHA384
+
+    Corresponds to the dotted string ``"1.2.840.113549.1.1.12"``. This is
+    a SHA384 digest signed by an RSA key.
+
+.. data:: OID_RSA_WITH_SHA512
+
+    Corresponds to the dotted string ``"1.2.840.113549.1.1.13"``. This is
+    a SHA512 digest signed by an RSA key.
+
+.. data:: OID_ECDSA_WITH_SHA224
+
+    Corresponds to the dotted string ``"1.2.840.10045.4.3.1"``. This is
+    a SHA224 digest signed by an ECDSA key.
+
+.. data:: OID_ECDSA_WITH_SHA256
+
+    Corresponds to the dotted string ``"1.2.840.10045.4.3.2"``. This is
+    a SHA256 digest signed by an ECDSA key.
+
+.. data:: OID_ECDSA_WITH_SHA384
+
+    Corresponds to the dotted string ``"1.2.840.10045.4.3.3"``. This is
+    a SHA384 digest signed by an ECDSA key.
+
+.. data:: OID_ECDSA_WITH_SHA512
+
+    Corresponds to the dotted string ``"1.2.840.10045.4.3.4"``. This is
+    a SHA512 digest signed by an ECDSA key.
+
+.. data:: OID_DSA_WITH_SHA1
+
+    Corresponds to the dotted string ``"1.2.840.10040.4.3"``. This is
+    a SHA1 digest signed by a DSA key.
+
+.. data:: OID_DSA_WITH_SHA224
+
+    Corresponds to the dotted string ``"2.16.840.1.101.3.4.3.1"``. This is
+    a SHA224 digest signed by a DSA key.
+
+.. data:: OID_DSA_WITH_SHA256
+
+    Corresponds to the dotted string ``2.16.840.1.101.3.4.3.2"``. This is
+    a SHA256 digest signed by a DSA key.
+
+
 Exceptions
 ~~~~~~~~~~
author	Alex Gaynor <alex.gaynor@gmail.com>	2015-02-19 17:18:16 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2015-02-19 17:18:16 -0800
commit	1b2a616174951d723df791695a461871a46042c4 (patch)
tree	a90d8da5c2e23103814aaf78a15e5de9c4e9a074 /docs
parent	fa35ef8ae841708e31e23a43167fff3fd88ae969 (diff)
parent	1a7ba87dcc9c44178c9dae3351484707730d6a18 (diff)
download	cryptography-1b2a616174951d723df791695a461871a46042c4.tar.gz cryptography-1b2a616174951d723df791695a461871a46042c4.tar.bz2 cryptography-1b2a616174951d723df791695a461871a46042c4.zip