blob: 8d32ae58f797db58be3a5f2c31806139b95a1524 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
.. hazmat::
Key Serialization
=================
.. currentmodule:: cryptography.hazmat.primitives.serialization
There are several common schemes for serializing asymmetric private and public
keys to bytes. They generally support encryption of private keys and additional
key metadata.
Traditional OpenSSL Format
~~~~~~~~~~~~~~~~~~~~~~~~~~
The "traditional" PKCS #1 based serialization format used by OpenSSL.
It supports password based symmetric key encryption. Commonly found in
OpenSSL based TLS applications. It is usually found in PEM format with a
header that mentions the type of the serialized key. e.g.
``-----BEGIN RSA PRIVATE KEY-----``.
.. function:: load_pem_traditional_openssl_private_key(data, password, backend)
.. versionadded:: 0.5
Deserialize a private key from PEM encoded data to one of the supported
asymmetric private key types.
:param bytes data: The PEM encoded key data.
:param bytes password: The password to use to decrypt the data. Should
be ``None`` if the private key is not encrypted.
:param backend: A
:class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend`
provider.
:returns: A new instance of a private key.
:raises ValueError: If the PEM data could not be decrypted or if its
structure could not be decoded successfully.
:raises TypeError: If a ``password`` was given and the private key was
not encrypted. Or if the key was encrypted but no
password was supplied.
:raises UnsupportedAlgorithm: If the serialized key is of a type that
is not supported by the backend or if the key is encrypted with a
symmetric cipher that is not supported by the backend.
|