From f0ca2e8bf0eaaba32ea0fe1a608c2a5c6348f5fa Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 8 Sep 2014 11:40:48 -0700 Subject: Start moving everything to the new API --- .../hazmat/primitives/asymmetric/serialization.rst | 45 +++++++++++++++++++++- 1 file changed, 43 insertions(+), 2 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 5438c249..e18f8c83 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -45,8 +45,8 @@ methods. >>> from cryptography.hazmat.backends import default_backend >>> from cryptography.hazmat.primitives import interfaces - >>> from cryptography.hazmat.primitives.serialization import load_pem_pkcs8_private_key - >>> key = load_pem_pkcs8_private_key(pem_data, password=None, backend=default_backend()) + >>> from cryptography.hazmat.primitives.serialization import load_pem_private_key + >>> key = load_pem_private_key(pem_data, password=None, backend=default_backend()) >>> if isinstance(key, interfaces.RSAPrivateKey): ... signature = sign_with_rsa_key(key, message) ... elif isinstance(key, interfaces.DSAPrivateKey): @@ -54,6 +54,43 @@ methods. ... else: ... raise TypeError +PEM +~~~ + +PEM is an encapsulation format, meaning keys in it can actually be any one of +several formats, however these are all self-identifying, so you don't need to +worry about this detail. PEM keys are recognizable because they all begin with +``-----BEGIN {format}-----`` and end with ``-----END {format}-----``. + +.. function:: load_pem_private_key(data, password, backend): + + .. versionadded:: 0.6 + + Deserialize a private key from PEM encoded data to one of the supported + asymmetric private key types. + + :param bytes data: The PEM encoded key data. + + :param bytes password: The password to use to decrypt the data. Should + be ``None`` if the private key is not encrypted. + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend` + provider. + + :returns: A new instance of a private key. + + :raises ValueError: If the PEM data could not be decrypted or if its + structure could not be decoded successfully. + + :raises TypeError: If a ``password`` was given and the private key was + not encrypted. Or if the key was encrypted but no + password was supplied. + + :raises UnsupportedAlgorithm: If the serialized key is of a type that + is not supported by the backend or if the key is encrypted with a + symmetric cipher that is not supported by the backend. + PKCS #8 Format ~~~~~~~~~~~~~~ @@ -72,6 +109,8 @@ with ``-----BEGIN ENCRYPTED PRIVATE KEY-----`` if they have a password. Deserialize a private key from PEM encoded data to one of the supported asymmetric private key types. + This has been deprecated in favor of :func:`load_pem_private_key`. + :param bytes data: The PEM encoded key data. :param bytes password: The password to use to decrypt the data. Should @@ -111,6 +150,8 @@ KEY-----`` or ``-----BEGIN DSA PRIVATE KEY-----``. Deserialize a private key from PEM encoded data to one of the supported asymmetric private key types. + This has been deprecated in favor of :func:`load_pem_private_key`. + :param bytes data: The PEM encoded key data. :param bytes password: The password to use to decrypt the data. Should -- cgit v1.2.3 From ac83b394befefc8da6bf4fde75e99daf0abe9237 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 8 Sep 2014 14:04:04 -0700 Subject: Try a different phrasing --- docs/hazmat/primitives/asymmetric/serialization.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index e18f8c83..6e946b85 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -57,10 +57,11 @@ methods. PEM ~~~ -PEM is an encapsulation format, meaning keys in it can actually be any one of -several formats, however these are all self-identifying, so you don't need to -worry about this detail. PEM keys are recognizable because they all begin with -``-----BEGIN {format}-----`` and end with ``-----END {format}-----``. +PEM is an encapsulation format, meaning keys in it can actually be any of +several different key types, however these are all self-identifying, so you +don't need to worry about this detail. PEM keys are recognizable because they +all begin with ``-----BEGIN {format}-----`` and end with ``-----END +{format}-----``. .. function:: load_pem_private_key(data, password, backend): -- cgit v1.2.3 From 4e5d1eeb574b3abfe93f81975984d5d4ef688006 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Tue, 9 Sep 2014 13:14:59 -0700 Subject: Grammar from @reaperhulk --- docs/hazmat/primitives/asymmetric/serialization.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/serialization.rst b/docs/hazmat/primitives/asymmetric/serialization.rst index 6e946b85..84b69fdc 100644 --- a/docs/hazmat/primitives/asymmetric/serialization.rst +++ b/docs/hazmat/primitives/asymmetric/serialization.rst @@ -58,7 +58,7 @@ PEM ~~~ PEM is an encapsulation format, meaning keys in it can actually be any of -several different key types, however these are all self-identifying, so you +several different key types. However these are all self-identifying, so you don't need to worry about this detail. PEM keys are recognizable because they all begin with ``-----BEGIN {format}-----`` and end with ``-----END {format}-----``. -- cgit v1.2.3