diff options
| -rw-r--r-- | cryptography/hazmat/backends/interfaces.py | 10 | ||||
| -rw-r--r-- | docs/hazmat/backends/interfaces.rst | 21 |
2 files changed, 29 insertions, 2 deletions
diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py index 75d9af6d..3761e254 100644 --- a/cryptography/hazmat/backends/interfaces.py +++ b/cryptography/hazmat/backends/interfaces.py @@ -273,6 +273,16 @@ class EllipticCurveBackend(object): @six.add_metaclass(abc.ABCMeta) +class PEMSerializationBackend(object): + @abc.abstractmethod + def load_pem_private_key(self, data, password): + """ + Loads a private key from PEM encoded data, using the provided password + if the data is encrypted. + """ + + +@six.add_metaclass(abc.ABCMeta) class TraditionalOpenSSLSerializationBackend(object): @abc.abstractmethod def load_traditional_openssl_pem_private_key(self, data, password): diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 63f84067..f8341d11 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -578,6 +578,23 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKey` provider. +.. class:: PEMSerializationBackend + + .. versionadded:: 0.6 + + A backend with methods for working with any PEM encoded keys. + + .. method:: load_pem_private_key(data, password) + + :param bytes data: PEM data to load. + :param bytes password: The password to use if the data is encrypted. + Should be ``None`` if the data is not encrypted. + :return: A new instance of the appropriate type of private key that the + serialized data contains. + :raises ValueError: If the data could not be deserialized. + :raises cryptography.exceptions.UnsupportedAlgorithm: If the data is + encrypted with an unsupported algorithm. + .. class:: TraditionalOpenSSLSerializationBackend .. versionadded:: 0.3 @@ -592,8 +609,8 @@ A specific ``backend`` may provide one or more of these interfaces. :param bytes password: The password to use if this data is encrypted. Should be None if the data is not encrypted. - :return: A new instance of the appropriate private key or public key - that the serialized data contains. + :return: A new instance of the appropriate type of private key that the + serialized data contains. :raises ValueError: If the data could not be deserialized correctly. |