An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString().
Class Method | from |
Load a key from a file. |
Class Method | from |
Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type... |
Method | __eq__ |
Return True if other represents an object with the same key. |
Method | __init__ |
Initialize with a private or public cryptography.hazmat.primitives.asymmetric key. |
Method | __repr__ |
Return a pretty representation of this object. |
Method | blob |
Return the public key blob for this key. The blob is the over-the-wire format for public keys. |
Method | data |
Return the values of the public key as a dictionary. |
Method | fingerprint |
The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include FingerprintFormats.MD5_HEX and FingerprintFormats.SHA256_BASE64 ... |
Method | is |
Check if this instance is a public key. |
Method | private |
Return the private key blob for this key. The blob is the over-the-wire format for private keys: |
Method | public |
Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. |
Method | sign |
Sign some data with this key. |
Method | size |
Return the size of the object we wrap. |
Method | ssh |
Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6 and RFC 8332, section 4 (this is a public key format name, not a public key algorithm name). Currently this can only be b'ssh-rsa', b'ssh-dss', b'ecdsa-sha2-[identifier]' or b'ssh-ed25519'. |
Method | supported |
Get the public key signature algorithms supported by this key. |
Method | to |
Create a string representation of this key. If the key is a private key and you want the representation of its public key, use key.public().toString(). type maps to a _toString_* method. |
Method | type |
Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', 'EC', or 'Ed25519'. |
Method | verify |
Verify a signature using this key. |
Class Method | _from |
Build a key from DSA numerical components. |
Class Method | _from |
Build a key from EC components. |
Class Method | _from |
Build a key from an EC encoded point. |
Class Method | _from |
Build a key from Ed25519 components. |
Class Method | _from |
Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format. |
Class Method | _from |
Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. |
Class Method | _from |
Build a key from RSA numerical components. |
Class Method | _from |
Return a private key object corresponsing to the Secure Shell Key Agent v3 format. |
Class Method | _from |
Return a public key object corresponding to this public key blob. The format of a RSA public key blob is: |
Class Method | _from |
Return a private key object corresponding to this private key blob. The blob formats are as follows: |
Class Method | _from |
Return a private key corresponding to this LSH private key string. The LSH private key string format is: |
Class Method | _from |
Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. |
Class Method | _from |
Return a public key corresponding to this LSH public key string. The LSH public key string format is: |
Class Method | _from |
Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is: |
Class Method | _guess |
Guess the type of key in data. The types map to _fromString_* methods. |
Method | _get |
Return a hash algorithm for this key type given an SSH signature algorithm name, or None if no such hash algorithm is defined for this key type. |
Method | _to |
Return a private OpenSSH key string, in the old PEM-based format. |
Method | _to |
Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. |
Method | _to |
Return a public OpenSSH key string. |
Method | _to |
Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. |
Method | _to |
Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. |
Method | _to |
Return a public or private OpenSSH string. See _fromString_PUBLIC_OPENSSH and _fromPrivateOpenSSH_PEM for the string formats. |
Instance Variable | _key |
Undocumented |
Instance Variable | _sk |
Undocumented |
Load a key from a file.
Parameters | |
filename | The path to load key data from. |
type:str or None | A string describing the format the key data is in, or None to attempt detection of the type. |
passphrase:bytes or None | The passphrase the key is encrypted with, or None if there is no encryption. |
Returns | |
Key | The loaded key. |
Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key.
Parameters | |
data:bytes | The key data. |
type:str or None | A string describing the format the key data is in, or None to attempt detection of the type. |
passphrase:bytes or None | The passphrase the key is encrypted with, or None if there is no encryption. |
Returns | |
Key | The loaded key. |
Initialize with a private or public cryptography.hazmat.primitives.asymmetric key.
Parameters | |
key | Low level key. |
Return the public key blob for this key. The blob is the over-the-wire format for public keys.
SECSH-TRANS RFC 4253 Section 6.6.
RSA keys:
string 'ssh-rsa' integer e integer n
DSA keys:
string 'ssh-dss' integer p integer q integer g integer y
EC keys:
string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name
Ed25519 keys:
string 'ssh-ed25519' string a
Returns | |
bytes | Undocumented |
The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include FingerprintFormats.MD5_HEX
and FingerprintFormats.SHA256_BASE64
The input to the algorithm is the public key data as specified by [RFC4253].
The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=
The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87
Parameters | |
format | Format for fingerprint generation. Consists hash function and representation format. Default is FingerprintFormats.MD5_HEX |
Returns | |
str | the user presentation of this Key 's fingerprint, as a string. |
Present Since | |
8.2 |
Return the private key blob for this key. The blob is the over-the-wire format for private keys:
Specification in OpenSSH PROTOCOL.agent
RSA keys:
string 'ssh-rsa' integer n integer e integer d integer u integer p integer q
DSA keys:
string 'ssh-dss' integer p integer q integer g integer y integer x
EC keys:
string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the NIST standard curve name.
Ed25519 keys:
string 'ssh-ed25519' string a string k || a
Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self.
Returns | |
Key | A public key. |
Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6 and RFC 8332, section 4 (this is a public key format name, not a public key algorithm name). Currently this can only be b'ssh-rsa', b'ssh-dss', b'ecdsa-sha2-[identifier]' or b'ssh-ed25519'.
identifier is the standard NIST curve name
Returns | |
bytes | The key type format. |
def toString(self, type, extra=None, subtype=None, comment=None, passphrase=None): (source) ¶
Create a string representation of this key. If the key is a private key and you want the representation of its public key, use key.public().toString(). type maps to a _toString_* method.
Parameters | |
type:str | The type of string to emit. Currently supported values are 'OPENSSH', 'LSH', and 'AGENTV3'. |
extra:bytes or unicode or None | Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use comment or passphrase as appropriate instead.) |
subtype:str or None | A subtype of the requested type to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are 'PEM' and 'v1'. If not given, an appropriate default is used. |
comment:bytes or unicode or None | A comment to include with the key. Only supported for OpenSSH keys. Present since Twisted 20.3.0. |
passphrase:bytes or unicode or None | A passphrase to encrypt the key with. Only supported for private OpenSSH keys. Present since Twisted 20.3.0. |
Returns | |
bytes | Undocumented |
Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', 'EC', or 'Ed25519'.
Returns | |
str | Undocumented |
Raises | |
RuntimeError | If the object type is unknown. |
Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format.
The format of a PEM-based OpenSSH private key string is:
-----BEGIN <key type> PRIVATE KEY----- [Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,<initialization value>] <base64-encoded ASN.1 structure> ------END <key type> PRIVATE KEY------
The ASN.1 structure of a RSA key is:
(0, n, e, d, p, q)
The ASN.1 structure of a DSA key is:
(0, p, q, g, y, x)
The ASN.1 structure of a ECDSA key is:
(ECParameters, OID, NULL)
Parameters | |
data:bytes | The key data. |
passphrase:bytes or None | The passphrase the key is encrypted with, or None if it is not encrypted. |
Returns | |
twisted.conch.ssh.keys.Key | A new key. |
Raises | |
BadKeyError | if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect |
EncryptedKeyError | if * a passphrase is not provided for an encrypted key |
Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.
The format of an openssh-key-v1 private key string is:
-----BEGIN OPENSSH PRIVATE KEY----- <base64-encoded SSH protocol string> -----END OPENSSH PRIVATE KEY-----
The SSH protocol string is as described in PROTOCOL.key.
Parameters | |
data:bytes | The key data. |
passphrase:bytes or None | The passphrase the key is encrypted with, or None if it is not encrypted. |
Returns | |
twisted.conch.ssh.keys.Key | A new key. |
Raises | |
BadKeyError | if * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect |
EncryptedKeyError | if * a passphrase is not provided for an encrypted key |
Build a key from RSA numerical components.
Parameters | |
n:int | The 'n' RSA variable. |
e:int | The 'e' RSA variable. |
d:int or None | The 'd' RSA variable (optional for a public key). |
p:int or None | The 'p' RSA variable (optional for a public key). |
q:int or None | The 'q' RSA variable (optional for a public key). |
u:int or None | The 'u' RSA variable. Ignored, as its value is determined by p and q. |
Returns | |
Key | An RSA key constructed from the values as given. |
Return a private key object corresponsing to the Secure Shell Key Agent v3 format.
The SSH Key Agent v3 format for a RSA key is:
string 'ssh-rsa' integer e integer d integer n integer u integer p integer q
The SSH Key Agent v3 format for a DSA key is:
string 'ssh-dss' integer p integer q integer g integer y integer x
Parameters | |
data:bytes | The key data. |
Returns | |
twisted.conch.ssh.keys.Key | A new key. |
Raises | |
BadKeyError | if the key type (the first string) is unknown |
Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:
string 'ssh-rsa' integer e integer n
The format of a DSA public key blob is:
string 'ssh-dss' integer p integer q integer g integer y
The format of ECDSA-SHA2-* public key blob is:
string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name.
The format of an Ed25519 public key blob is:
string 'ssh-ed25519' string a
Parameters | |
blob:bytes | The key data. |
Returns | |
twisted.conch.ssh.keys.Key | A new key. |
Raises | |
BadKeyError | if the key type (the first string) is unknown. |
Return a private key object corresponding to this private key blob. The blob formats are as follows:
RSA keys:
string 'ssh-rsa' integer n integer e integer d integer u integer p integer q
DSA keys:
string 'ssh-dss' integer p integer q integer g integer y integer x
EC keys:
string 'ecdsa-sha2-[identifier]' string identifier string q integer privateValue identifier is the standard NIST curve name.
Ed25519 keys:
string 'ssh-ed25519' string a string k || a
Parameters | |
blob:bytes | The key data. |
Returns | |
twisted.conch.ssh.keys.Key | A new key. |
Raises | |
BadKeyError | if * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type |
Return a private key corresponding to this LSH private key string. The LSH private key string format is:
<s-expression: ('private-key', (<key type>, (<name>, <value>)+))>
The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x.
Parameters | |
data:bytes | The key data. |
Returns | |
twisted.conch.ssh.keys.Key | A new key. |
Raises | |
BadKeyError | if the key type is unknown |
Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error.
Parameters | |
data:bytes | The key data. |
passphrase:bytes or None | The passphrase the key is encrypted with, or None if it is not encrypted. |
Returns | |
twisted.conch.ssh.keys.Key | A new key. |
Raises | |
BadKeyError | if * a passphrase is provided for an unencrypted key * the encoding is incorrect |
EncryptedKeyError | if * a passphrase is not provided for an encrypted key |
Return a public key corresponding to this LSH public key string. The LSH public key string format is:
<s-expression: ('public-key', (<key type>, (<name, <value>)+))>
The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q.
Parameters | |
data:bytes | The key data. |
Returns | |
twisted.conch.ssh.keys.Key | A new key. |
Raises | |
BadKeyError | if the key type is unknown |
Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:
<key type> <base64-encoded public key blob>
Parameters | |
data:bytes | The key data. |
Returns | |
twisted.conch.ssh.keys.Key | A new key. |
Raises | |
BadKeyError | if the blob type is unknown. |
Guess the type of key in data. The types map to _fromString_* methods.
Parameters | |
data:bytes | The key data. |
Return a hash algorithm for this key type given an SSH signature algorithm name, or None
if no such hash algorithm is defined for this key type.
Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format.
Returns | |
bytes | Undocumented |
Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats.
Returns | |
bytes | Undocumented |
Return a public or private OpenSSH string. See _fromString_PUBLIC_OPENSSH
and _fromPrivateOpenSSH_PEM
for the string formats.
Parameters | |
subtype:str or None | A subtype to emit. Only supported for private keys, for which the currently supported subtypes are 'PEM' and 'v1'. If not given, an appropriate default is used. |
comment:bytes | Comment for a public key. |
passphrase:bytes | Passphrase for a private key. |
Returns | |
bytes | Undocumented |