diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-05-22 14:40:42 -0500 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2014-05-22 14:40:42 -0500 |
| commit | ebf1235e7ebbd84d2f1e05a060c6df25adb58353 (patch) | |
| tree | 9285520022c4fb7d626e10991edc9e3a66c44fc5 /docs | |
| parent | 22f7dfbb3d916ff916b0c1db4692754d79afa066 (diff) | |
| parent | 307b6cbe1fb712e36307d615668ebd18b1e3739c (diff) | |
| download | cryptography-ebf1235e7ebbd84d2f1e05a060c6df25adb58353.tar.gz cryptography-ebf1235e7ebbd84d2f1e05a060c6df25adb58353.tar.bz2 cryptography-ebf1235e7ebbd84d2f1e05a060c6df25adb58353.zip | |
Merge pull request #959 from public/openssl-loading-backend
OpenSSL loading backend
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/index.rst | 1 | ||||
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/serialization.rst | 48 |
2 files changed, 49 insertions, 0 deletions
diff --git a/docs/hazmat/primitives/asymmetric/index.rst b/docs/hazmat/primitives/asymmetric/index.rst index ca048d11..047f9cb9 100644 --- a/docs/hazmat/primitives/asymmetric/index.rst +++ b/docs/hazmat/primitives/asymmetric/index.rst @@ -9,3 +9,4 @@ Asymmetric algorithms dsa rsa padding + serialization diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst new file mode 100644 index 00000000..8d32ae58 --- /dev/null +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -0,0 +1,48 @@ +.. hazmat:: + +Key Serialization +================= + +.. currentmodule:: cryptography.hazmat.primitives.serialization + +There are several common schemes for serializing asymmetric private and public +keys to bytes. They generally support encryption of private keys and additional +key metadata. + + +Traditional OpenSSL Format +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The "traditional" PKCS #1 based serialization format used by OpenSSL. +It supports password based symmetric key encryption. Commonly found in +OpenSSL based TLS applications. It is usually found in PEM format with a +header that mentions the type of the serialized key. e.g. +``-----BEGIN RSA PRIVATE KEY-----``. + +.. function:: load_pem_traditional_openssl_private_key(data, password, backend) + + .. versionadded:: 0.5 + + Deserialize a private key from PEM encoded data to one of the supported + asymmetric private key types. + + :param bytes data: The PEM encoded key data. + + :param bytes password: The password to use to decrypt the data. Should + be ``None`` if the private key is not encrypted. + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend` + provider. + + :returns: A new instance of a private key. + + :raises ValueError: If the PEM data could not be decrypted or if its + structure could not be decoded successfully. + + :raises TypeError: If a ``password`` was given and the private key was + not encrypted. Or if the key was encrypted but no + password was supplied. + + :raises UnsupportedAlgorithm: If the serialized key is of a type that + is not supported by the backend or if the key is encrypted with a + symmetric cipher that is not supported by the backend. |