twisted.conch.ssh.keys.Key(object) class documentationtwisted.conch.ssh.keys
View Source
(View In Hierarchy)
An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString().
| Class Method | fromFile | Load a key from a file. |
| Class Method | fromString | No summary |
| Method | __init__ | Initialize with a private or public cryptography.hazmat.primitives.asymmetric key. |
| Method | __eq__ | Return True if other represents an object with the same key. |
| Method | __ne__ | Return True if other represents anything other than this key. |
| Method | __repr__ | Return a pretty representation of this object. |
| Method | isPublic | Check if this instance is a public key. |
| Method | public | Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. |
| Method | fingerprint | No summary |
| Method | type | Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'. |
| Method | sshType | Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'. |
| Method | size | Return the size of the object we wrap. |
| Method | data | Return the values of the public key as a dictionary. |
| Method | blob | Return the public key blob for this key. The blob is the over-the-wire format for public keys. |
| Method | privateBlob | Return the private key blob for this key. The blob is the over-the-wire format for private keys: |
| Method | toString | Create a string representation of this key. If the key is a private key and you want the representation of its public key, use key.public().toString(). type maps to a _toString_* method. |
| Method | sign | Sign some data with this key. |
| Method | verify | Verify a signature using this key. |
| Class Method | _fromString_BLOB | No summary |
| Class Method | _fromString_PRIVATE_BLOB | Return a private key object corresponding to this private key blob. The blob formats are as follows: |
| Class Method | _fromString_PUBLIC_OPENSSH | Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: <key type> <base64-encoded public key blob> |
| Class Method | _fromPrivateOpenSSH_v1 | Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. |
| Class Method | _fromPrivateOpenSSH_PEM | Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format. |
| Class Method | _fromString_PRIVATE_OPENSSH | Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. |
| Class Method | _fromString_PUBLIC_LSH | Return a public key corresponding to this LSH public key string. The LSH public key string format is:: <s-expression: ('public-key', (<key type>, (<name, <value>)+))> |
| Class Method | _fromString_PRIVATE_LSH | Return a private key corresponding to this LSH private key string. The LSH private key string format is:: <s-expression: ('private-key', (<key type>, (<name>, <value>)+))> |
| Class Method | _fromString_AGENTV3 | Return a private key object corresponsing to the Secure Shell Key Agent v3 format. |
| Class Method | _guessStringType | Guess the type of key in data. The types map to _fromString_* methods. |
| Class Method | _fromRSAComponents | Build a key from RSA numerical components. |
| Class Method | _fromDSAComponents | Build a key from DSA numerical components. |
| Class Method | _fromECComponents | Build a key from EC components. |
| Class Method | _fromECEncodedPoint | Build a key from an EC encoded point. |
| Instance Variable | _keyObject | Undocumented |
| Method | _toPublicOpenSSH | Return a public OpenSSH key string. |
| Method | _toPrivateOpenSSH_v1 | Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. |
| Method | _toPrivateOpenSSH_PEM | Return a private OpenSSH key string, in the old PEM-based format. |
| Method | _toString_OPENSSH | No summary |
| Method | _toString_LSH | Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. |
| Method | _toString_AGENTV3 | Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. |
Load a key from a file.
| Parameters | filename | The path to load key data from. |
| type | A string describing the format the key data is in, or None to attempt detection of the type. (type: str or None) | |
| passphrase | The passphrase the key is encrypted with, or None if there is no encryption. (type: bytes or None) | |
| Returns | The loaded key. (type: Key) | |
Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key.
| Parameters | data | The key data. (type: bytes) |
| type | A string describing the format the key data is in, or None to attempt detection of the type. (type: str or None) | |
| passphrase | The passphrase the key is encrypted with, or None if there is no encryption. (type: bytes or None) | |
| Returns | The loaded key. (type: Key) | |
Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:
string 'ssh-rsa'
integer e
integer n
The format of a DSA public key blob is:
string 'ssh-dss'
integer p
integer q
integer g
integer y
The format of ECDSA-SHA2-* public key blob is:
string 'ecdsa-sha2-[identifier]'
integer x
integer y
identifier is the standard NIST curve name.
| Parameters | blob | The key data. (type: bytes) |
| Returns | A new key. (type: twisted.conch.ssh.keys.Key) | |
| Raises | BadKeyError | if the key type (the first string) is unknown. |
Return a private key object corresponding to this private key blob. The blob formats are as follows:
RSA keys:
string 'ssh-rsa'
integer n
integer e
integer d
integer u
integer p
integer q
DSA keys:
string 'ssh-dss'
integer p
integer q
integer g
integer y
integer x
EC keys:
string 'ecdsa-sha2-[identifier]'
string identifier
string q
integer privateValue
identifier is the standard NIST curve name.
| Parameters | blob | The key data. (type: bytes) |
| Returns | A new key. (type: twisted.conch.ssh.keys.Key) | |
| Raises | BadKeyError | if * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type |
Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:
<key type> <base64-encoded public key blob>
| Parameters | data | The key data. (type: bytes) |
| Returns | A new key. (type: twisted.conch.ssh.keys.Key) | |
| Raises | BadKeyError | if the blob type is unknown. |
Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.
The format of an openssh-key-v1 private key string is:
-----BEGIN OPENSSH PRIVATE KEY-----
<base64-encoded SSH protocol string>
-----END OPENSSH PRIVATE KEY-----
The SSH protocol string is as described in PROTOCOL.key.
| Parameters | data | The key data. (type: bytes) |
| passphrase | The passphrase the key is encrypted with, or None if it is not encrypted. (type: bytes or None) | |
| Returns | A new key. (type: twisted.conch.ssh.keys.Key) | |
| Raises | BadKeyError | if * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect |
| EncryptedKeyError | if * a passphrase is not provided for an encrypted key | |
Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format.
The format of a PEM-based OpenSSH private key string is:
-----BEGIN <key type> PRIVATE KEY-----
[Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,<initialization value>]
<base64-encoded ASN.1 structure>
------END <key type> PRIVATE KEY------
The ASN.1 structure of a RSA key is:
(0, n, e, d, p, q)
The ASN.1 structure of a DSA key is:
(0, p, q, g, y, x)
The ASN.1 structure of a ECDSA key is:
(ECParameters, OID, NULL)
| Parameters | data | The key data. (type: bytes) |
| passphrase | The passphrase the key is encrypted with, or None if it is not encrypted. (type: bytes or None) | |
| Returns | A new key. (type: twisted.conch.ssh.keys.Key) | |
| Raises | BadKeyError | if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect |
| EncryptedKeyError | if * a passphrase is not provided for an encrypted key | |
Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error.
| Parameters | data | The key data. (type: bytes) |
| passphrase | The passphrase the key is encrypted with, or None if it is not encrypted. (type: bytes or None) | |
| Returns | A new key. (type: twisted.conch.ssh.keys.Key) | |
| Raises | BadKeyError | if * a passphrase is provided for an unencrypted key * the encoding is incorrect |
| EncryptedKeyError | if * a passphrase is not provided for an encrypted key | |
Return a public key corresponding to this LSH public key string. The LSH public key string format is:
<s-expression: ('public-key', (<key type>, (<name, <value>)+))>
The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q.
| Parameters | data | The key data. (type: bytes) |
| Returns | A new key. (type: twisted.conch.ssh.keys.Key) | |
| Raises | BadKeyError | if the key type is unknown |
Return a private key corresponding to this LSH private key string. The LSH private key string format is:
<s-expression: ('private-key', (<key type>, (<name>, <value>)+))>
The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x.
| Parameters | data | The key data. (type: bytes) |
| Returns | A new key. (type: twisted.conch.ssh.keys.Key) | |
| Raises | BadKeyError | if the key type is unknown |
Return a private key object corresponsing to the Secure Shell Key Agent v3 format.
The SSH Key Agent v3 format for a RSA key is:
string 'ssh-rsa'
integer e
integer d
integer n
integer u
integer p
integer q
The SSH Key Agent v3 format for a DSA key is:
string 'ssh-dss'
integer p
integer q
integer g
integer y
integer x
| Parameters | data | The key data. (type: bytes) |
| Returns | A new key. (type: twisted.conch.ssh.keys.Key) | |
| Raises | BadKeyError | if the key type (the first string) is unknown |
Guess the type of key in data. The types map to _fromString_* methods.
| Parameters | data | The key data. (type: bytes) |
Build a key from RSA numerical components.
| Parameters | n | The 'n' RSA variable. (type: int) |
| e | The 'e' RSA variable. (type: int) | |
| d | The 'd' RSA variable (optional for a public key). (type: int or None) | |
| p | The 'p' RSA variable (optional for a public key). (type: int or None) | |
| q | The 'q' RSA variable (optional for a public key). (type: int or None) | |
| u | The 'u' RSA variable. Ignored, as its value is determined by p and q. (type: int or None) | |
| Returns | An RSA key constructed from the values as given. (type: Key) | |
Build a key from DSA numerical components.
| Parameters | y | The 'y' DSA variable. (type: int) |
| p | The 'p' DSA variable. (type: int) | |
| q | The 'q' DSA variable. (type: int) | |
| g | The 'g' DSA variable. (type: int) | |
| x | The 'x' DSA variable (optional for a public key) (type: int or None) | |
| Returns | A DSA key constructed from the values as given. (type: Key) | |
Initialize with a private or public cryptography.hazmat.primitives.asymmetric key.
| Parameters | keyObject | Low level key. (type: cryptography.hazmat.primitives.asymmetric key.) |
Check if this instance is a public key.
| Returns | True if this is a public key. | |
Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self.
| Returns | A public key. (type: Key) | |
The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include FingerprintFormats.MD5_HEX and FingerprintFormats.SHA256_BASE64
The input to the algorithm is the public key data as specified by [RFC4253].
The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=
The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87
| Parameters | format | Format for fingerprint generation. Consists hash function and representation format. Default is FingerprintFormats.MD5_HEX |
| Returns | the user presentation of this Key's fingerprint, as a string. (type: str) | |
| Present Since | 8.2 | |
Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'.
| Returns | (type: str) | |
| Raises | RuntimeError | If the object type is unknown. |
Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'.
identifier is the standard NIST curve name
| Returns | The key type format. (type: bytes) | |
Return the size of the object we wrap.
| Returns | The size of the key. (type: int) | |
Return the public key blob for this key. The blob is the over-the-wire format for public keys.
SECSH-TRANS RFC 4253 Section 6.6.
RSA keys:
string 'ssh-rsa'
integer e
integer n
DSA keys:
string 'ssh-dss'
integer p
integer q
integer g
integer y
EC keys:
string 'ecdsa-sha2-[identifier]'
integer x
integer y
identifier is the standard NIST curve name
| Returns | (type: bytes) | |
Return the private key blob for this key. The blob is the over-the-wire format for private keys:
Specification in OpenSSH PROTOCOL.agent
RSA keys:
string 'ssh-rsa'
integer n
integer e
integer d
integer u
integer p
integer q
DSA keys:
string 'ssh-dss'
integer p
integer q
integer g
integer y
integer x
EC keys:
string 'ecdsa-sha2-[identifier]'
integer x
integer y
integer privateValue
identifier is the NIST standard curve name.
Create a string representation of this key. If the key is a private key and you want the representation of its public key, use key.public().toString(). type maps to a _toString_* method.
| Parameters | type | The type of string to emit. Currently supported values are 'OPENSSH', 'LSH', and 'AGENTV3'. (type: str) |
| extra | Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use comment or passphrase as appropriate instead.) (type: bytes or unicode or None) | |
| subtype | A subtype of the requested type to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are 'PEM' and 'v1'. If not given, an appropriate default is used. (type: str or None) | |
| comment | A comment to include with the key. Only supported for OpenSSH keys. Present since Twisted 20.3.0. (type:bytes or unicode or None) | |
| passphrase | A passphrase to encrypt the key with. Only supported for private OpenSSH keys. Present since Twisted 20.3.0. (type:bytes or unicode or None) | |
| Returns | (type: bytes) | |
Return a public or private OpenSSH string. See _fromString_PUBLIC_OPENSSH and _fromPrivateOpenSSH_PEM for the string formats. If extra is present, it represents a comment for a public key, or a passphrase for a private key.
| Parameters | extra | Comment for a public key or passphrase for a private key (type: bytes) |
| Returns | (type: bytes) | |
Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats.
| Returns | (type: bytes) | |
Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format.
| Returns | (type: bytes) | |