An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString().

Class Method fromFile Load a key from a file.
Class Method fromString No summary
Method __init__ Initialize with a private or public cryptography.hazmat.primitives.asymmetric key.
Method __eq__ Return True if other represents an object with the same key.
Method __ne__ Return True if other represents anything other than this key.
Method __repr__ Return a pretty representation of this object.
Method isPublic Check if this instance is a public key.
Method public Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self.
Method fingerprint No summary
Method type Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'.
Method sshType Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'.
Method size Return the size of the object we wrap.
Method data Return the values of the public key as a dictionary.
Method blob Return the public key blob for this key. The blob is the over-the-wire format for public keys.
Method privateBlob Return the private key blob for this key. The blob is the over-the-wire format for private keys:
Method toString Create a string representation of this key. If the key is a private key and you want the representation of its public key, use key.public().toString(). type maps to a _toString_* method.
Method sign Sign some data with this key.
Method verify Verify a signature using this key.
Class Method _fromString_BLOB No summary
Class Method _fromString_PRIVATE_BLOB Return a private key object corresponding to this private key blob. The blob formats are as follows:
Class Method _fromString_PUBLIC_OPENSSH Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: <key type> <base64-encoded public key blob>
Class Method _fromString_PRIVATE_OPENSSH Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error.
Class Method _fromString_PUBLIC_LSH Return a public key corresponding to this LSH public key string. The LSH public key string format is:: <s-expression: ('public-key', (<key type>, (<name, <value>)+))>
Class Method _fromString_PRIVATE_LSH Return a private key corresponding to this LSH private key string. The LSH private key string format is:: <s-expression: ('private-key', (<key type>, (<name>, <value>)+))>
Class Method _fromString_AGENTV3 Return a private key object corresponsing to the Secure Shell Key Agent v3 format.
Class Method _guessStringType Guess the type of key in data. The types map to _fromString_* methods.
Class Method _fromRSAComponents Build a key from RSA numerical components.
Class Method _fromDSAComponents Build a key from DSA numerical components.
Class Method _fromECComponents Build a key from EC components.
Method _toString_OPENSSH No summary
Method _toString_LSH Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats.
Method _toString_AGENTV3 Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format.
@classmethod
def fromFile(cls, filename, type=None, passphrase=None): (source)

Load a key from a file.

ParametersfilenameThe path to load key data from.
typeA string describing the format the key data is in, or None to attempt detection of the type. (type: str or None)
passphraseThe passphrase the key is encrypted with, or None if there is no encryption. (type: bytes or None)
ReturnsThe loaded key. (type: Key)
@classmethod
def fromString(cls, data, type=None, passphrase=None): (source)

Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key.

ParametersdataThe key data. (type: bytes)
typeA string describing the format the key data is in, or None to attempt detection of the type. (type: str or None)
passphraseThe passphrase the key is encrypted with, or None if there is no encryption. (type: bytes or None)
ReturnsThe loaded key. (type: Key)
@classmethod
def _fromString_BLOB(cls, blob): (source)

Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:

   string 'ssh-rsa'
   integer e
   integer n

The format of a DSA public key blob is:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y

The format of ECDSA-SHA2-* public key blob is:

   string 'ecdsa-sha2-[identifier]'
   integer x
   integer y

   identifier is the standard NIST curve name.
ParametersblobThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the key type (the first string) is unknown.
@classmethod
def _fromString_PRIVATE_BLOB(cls, blob): (source)

Return a private key object corresponding to this private key blob. The blob formats are as follows:

RSA keys:

   string 'ssh-rsa'
   integer n
   integer e
   integer d
   integer u
   integer p
   integer q

DSA keys:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y
   integer x

EC keys:

   string 'ecdsa-sha2-[identifier]'
   integer x
   integer y
   integer privateValue

   identifier is the standard NIST curve name.
ParametersblobThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the key type (the first string) is unknown.
@classmethod
def _fromString_PUBLIC_OPENSSH(cls, data): (source)

Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:

   <key type> <base64-encoded public key blob>
ParametersdataThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the blob type is unknown.
@classmethod
def _fromString_PRIVATE_OPENSSH(cls, data, passphrase): (source)

Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error.

The format of an OpenSSH private key string is:

   -----BEGIN <key type> PRIVATE KEY-----
   [Proc-Type: 4,ENCRYPTED
   DEK-Info: DES-EDE3-CBC,<initialization value>]
   <base64-encoded ASN.1 structure>
   ------END <key type> PRIVATE KEY------

The ASN.1 structure of a RSA key is:

   (0, n, e, d, p, q)

The ASN.1 structure of a DSA key is:

   (0, p, q, g, y, x)

The ASN.1 structure of a ECDSA key is:

   (ECParameters, OID, NULL)
ParametersdataThe key data. (type: bytes)
passphraseThe passphrase the key is encrypted with, or None if it is not encrypted. (type: bytes or None)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect
EncryptedKeyErrorif * a passphrase is not provided for an encrypted key
@classmethod
def _fromString_PUBLIC_LSH(cls, data): (source)

Return a public key corresponding to this LSH public key string. The LSH public key string format is:

   <s-expression: ('public-key', (<key type>, (<name, <value>)+))>

The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q.

ParametersdataThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the key type is unknown
@classmethod
def _fromString_PRIVATE_LSH(cls, data): (source)

Return a private key corresponding to this LSH private key string. The LSH private key string format is:

   <s-expression: ('private-key', (<key type>, (<name>, <value>)+))>

The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x.

ParametersdataThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the key type is unknown
@classmethod
def _fromString_AGENTV3(cls, data): (source)

Return a private key object corresponsing to the Secure Shell Key Agent v3 format.

The SSH Key Agent v3 format for a RSA key is:

   string 'ssh-rsa'
   integer e
   integer d
   integer n
   integer u
   integer p
   integer q

The SSH Key Agent v3 format for a DSA key is:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y
   integer x
ParametersdataThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the key type (the first string) is unknown
@classmethod
def _guessStringType(cls, data): (source)

Guess the type of key in data. The types map to _fromString_* methods.

ParametersdataThe key data. (type: bytes)
@classmethod
def _fromRSAComponents(cls, n, e, d=None, p=None, q=None, u=None): (source)

Build a key from RSA numerical components.

ParametersnThe 'n' RSA variable. (type: int)
eThe 'e' RSA variable. (type: int)
dThe 'd' RSA variable (optional for a public key). (type: int or None)
pThe 'p' RSA variable (optional for a public key). (type: int or None)
qThe 'q' RSA variable (optional for a public key). (type: int or None)
uThe 'u' RSA variable. Ignored, as its value is determined by p and q. (type: int or None)
ReturnsAn RSA key constructed from the values as given. (type: Key)
@classmethod
def _fromDSAComponents(cls, y, p, q, g, x=None): (source)

Build a key from DSA numerical components.

ParametersyThe 'y' DSA variable. (type: int)
pThe 'p' DSA variable. (type: int)
qThe 'q' DSA variable. (type: int)
gThe 'g' DSA variable. (type: int)
xThe 'x' DSA variable (optional for a public key) (type: int or None)
ReturnsA DSA key constructed from the values as given. (type: Key)
@classmethod
def _fromECComponents(cls, x, y, curve, privateValue=None): (source)

Build a key from EC components.

ParametersxThe affine x component of the public point used for verifying. (type: int)
yThe affine y component of the public point used for verifying. (type: int)
curveNIST name of elliptic curve. (type: bytes)
privateValueThe private value. (type: int)
def __init__(self, keyObject): (source)

Initialize with a private or public cryptography.hazmat.primitives.asymmetric key.

ParameterskeyObjectLow level key. (type: cryptography.hazmat.primitives.asymmetric key.)
def __eq__(self, other): (source)

Return True if other represents an object with the same key.

def __ne__(self, other): (source)

Return True if other represents anything other than this key.

def __repr__(self): (source)

Return a pretty representation of this object.

def isPublic(self): (source)

Check if this instance is a public key.

ReturnsTrue if this is a public key.
def public(self): (source)

Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self.

ReturnsA public key. (type: Key)
def fingerprint(self, format=FingerprintFormats.MD5_HEX): (source)

The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include FingerprintFormats.MD5_HEX and FingerprintFormats.SHA256_BASE64

The input to the algorithm is the public key data as specified by [RFC4253].

The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=

The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87

ParametersformatFormat for fingerprint generation. Consists hash function and representation format. Default is FingerprintFormats.MD5_HEX
Returnsthe user presentation of this Key's fingerprint, as a string. (type: str)
Present Since8.2
def type(self): (source)

Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'.

Returns (type: str)
RaisesRuntimeErrorIf the object type is unknown.
def sshType(self): (source)

Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'.

identifier is the standard NIST curve name

ReturnsThe key type format. (type: bytes)
def size(self): (source)

Return the size of the object we wrap.

ReturnsThe size of the key. (type: int)
def data(self): (source)

Return the values of the public key as a dictionary.

Returns (type: dict)
def blob(self): (source)

Return the public key blob for this key. The blob is the over-the-wire format for public keys.

SECSH-TRANS RFC 4253 Section 6.6.

RSA keys:

   string 'ssh-rsa'
   integer e
   integer n

DSA keys:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y

EC keys:

   string 'ecdsa-sha2-[identifier]'
   integer x
   integer y

   identifier is the standard NIST curve name
Returns (type: bytes)
def privateBlob(self): (source)

Return the private key blob for this key. The blob is the over-the-wire format for private keys:

Specification in OpenSSH PROTOCOL.agent

RSA keys:

   string 'ssh-rsa'
   integer n
   integer e
   integer d
   integer u
   integer p
   integer q

DSA keys:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y
   integer x

EC keys:

   string 'ecdsa-sha2-[identifier]'
   integer x
   integer y
   integer privateValue

   identifier is the NIST standard curve name.
def toString(self, type, extra=None): (source)

Create a string representation of this key. If the key is a private key and you want the representation of its public key, use key.public().toString(). type maps to a _toString_* method.

ParameterstypeThe type of string to emit. Currently supported values are 'OPENSSH', 'LSH', and 'AGENTV3'. (type: str)
extraAny extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (type: bytes or unicode or None)
Returns (type: bytes)
def _toString_OPENSSH(self, extra): (source)

Return a public or private OpenSSH string. See _fromString_PUBLIC_OPENSSH and _fromString_PRIVATE_OPENSSH for the string formats. If extra is present, it represents a comment for a public key, or a passphrase for a private key.

ParametersextraComment for a public key or passphrase for a private key (type: bytes)
Returns (type: bytes)
def _toString_LSH(self): (source)

Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats.

Returns (type: bytes)
def _toString_AGENTV3(self): (source)

Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format.

Returns (type: bytes)
def sign(self, data): (source)

Sign some data with this key.

SECSH-TRANS RFC 4253 Section 6.6.

ParametersdataThe data to sign. (type: bytes)
ReturnsA signature for the given data. (type: bytes)
def verify(self, signature, data): (source)

Verify a signature using this key.

ParameterssignatureThe signature to verify. (type: bytes)
dataThe signed data. (type: bytes)
ReturnsTrue if the signature is valid. (type: bool)
API Documentation for Twisted, generated by pydoctor at 2018-07-14 04:53:34.