class documentation

class twisted.conch.ssh.keys.Key: (source)

View In Hierarchy

An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString().

Class Method fromFile Load a key from a file.
Class Method fromString No summary
Method __init__ Initialize with a private or public cryptography.hazmat.primitives.asymmetric key.
Method __eq__ Return True if other represents an object with the same key.
Method __repr__ Return a pretty representation of this object.
Method isPublic Check if this instance is a public key.
Method public Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self.
Method fingerprint No summary
Method type Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', 'EC', or 'Ed25519'.
Method sshType Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'.
Method size Return the size of the object we wrap.
Method data Return the values of the public key as a dictionary.
Method blob Return the public key blob for this key. The blob is the over-the-wire format for public keys.
Method privateBlob Return the private key blob for this key. The blob is the over-the-wire format for private keys:
Method toString Create a string representation of this key. If the key is a private key and you want the representation of its public key, use key.public().toString(). type maps to a _toString_* method.
Method sign Sign some data with this key.
Method verify Verify a signature using this key.
Class Method _fromString_BLOB No summary
Class Method _fromString_PRIVATE_BLOB Return a private key object corresponding to this private key blob. The blob formats are as follows:
Class Method _fromString_PUBLIC_OPENSSH Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: <key type> <base64-encoded public key blob>
Class Method _fromPrivateOpenSSH_v1 Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.
Class Method _fromPrivateOpenSSH_PEM Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format.
Class Method _fromString_PRIVATE_OPENSSH Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error.
Class Method _fromString_PUBLIC_LSH Return a public key corresponding to this LSH public key string. The LSH public key string format is:: <s-expression: ('public-key', (<key type>, (<name, <value>)+))>
Class Method _fromString_PRIVATE_LSH Return a private key corresponding to this LSH private key string. The LSH private key string format is:: <s-expression: ('private-key', (<key type>, (<name>, <value>)+))>
Class Method _fromString_AGENTV3 Return a private key object corresponsing to the Secure Shell Key Agent v3 format.
Class Method _guessStringType Guess the type of key in data. The types map to _fromString_* methods.
Class Method _fromRSAComponents Build a key from RSA numerical components.
Class Method _fromDSAComponents Build a key from DSA numerical components.
Class Method _fromECComponents Build a key from EC components.
Class Method _fromECEncodedPoint Build a key from an EC encoded point.
Class Method _fromEd25519Components Build a key from Ed25519 components.
Instance Variable _keyObject Undocumented
Method _toPublicOpenSSH Return a public OpenSSH key string.
Method _toPrivateOpenSSH_v1 Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.
Method _toPrivateOpenSSH_PEM Return a private OpenSSH key string, in the old PEM-based format.
Method _toString_OPENSSH Return a public or private OpenSSH string. See _fromString_PUBLIC_OPENSSH and _fromPrivateOpenSSH_PEM for the string formats.
Method _toString_LSH Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats.
Method _toString_AGENTV3 Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format.
@classmethod
def fromFile(cls, filename, type=None, passphrase=None): (source)

Load a key from a file.

ParametersfilenameThe path to load key data from.
typeA string describing the format the key data is in, or None to attempt detection of the type. (type: str or None)
passphraseThe passphrase the key is encrypted with, or None if there is no encryption. (type: bytes or None)
ReturnsThe loaded key. (type: Key)
@classmethod
def fromString(cls, data, type=None, passphrase=None): (source)

Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key.

ParametersdataThe key data. (type: bytes)
typeA string describing the format the key data is in, or None to attempt detection of the type. (type: str or None)
passphraseThe passphrase the key is encrypted with, or None if there is no encryption. (type: bytes or None)
ReturnsThe loaded key. (type: Key)
@classmethod
def _fromString_BLOB(cls, blob): (source)

Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:

    string 'ssh-rsa'
    integer e
    integer n

The format of a DSA public key blob is:

    string 'ssh-dss'
    integer p
    integer q
    integer g
    integer y

The format of ECDSA-SHA2-* public key blob is:

    string 'ecdsa-sha2-[identifier]'
    integer x
    integer y

    identifier is the standard NIST curve name.

The format of an Ed25519 public key blob is:

    string 'ssh-ed25519'
    string a
ParametersblobThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the key type (the first string) is unknown.
@classmethod
def _fromString_PRIVATE_BLOB(cls, blob): (source)

Return a private key object corresponding to this private key blob. The blob formats are as follows:

RSA keys:

    string 'ssh-rsa'
    integer n
    integer e
    integer d
    integer u
    integer p
    integer q

DSA keys:

    string 'ssh-dss'
    integer p
    integer q
    integer g
    integer y
    integer x

EC keys:

    string 'ecdsa-sha2-[identifier]'
    string identifier
    string q
    integer privateValue

    identifier is the standard NIST curve name.

Ed25519 keys:

    string 'ssh-ed25519'
    string a
    string k || a
ParametersblobThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type
@classmethod
def _fromString_PUBLIC_OPENSSH(cls, data): (source)

Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:

    <key type> <base64-encoded public key blob>
ParametersdataThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the blob type is unknown.
@classmethod
def _fromPrivateOpenSSH_v1(cls, data, passphrase): (source)

Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.

The format of an openssh-key-v1 private key string is:

    -----BEGIN OPENSSH PRIVATE KEY-----
    <base64-encoded SSH protocol string>
    -----END OPENSSH PRIVATE KEY-----

The SSH protocol string is as described in PROTOCOL.key.

ParametersdataThe key data. (type: bytes)
passphraseThe passphrase the key is encrypted with, or None if it is not encrypted. (type: bytes or None)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect
EncryptedKeyErrorif * a passphrase is not provided for an encrypted key
@classmethod
def _fromPrivateOpenSSH_PEM(cls, data, passphrase): (source)

Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format.

The format of a PEM-based OpenSSH private key string is:

    -----BEGIN <key type> PRIVATE KEY-----
    [Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,<initialization value>]
    <base64-encoded ASN.1 structure>
    ------END <key type> PRIVATE KEY------

The ASN.1 structure of a RSA key is:

    (0, n, e, d, p, q)

The ASN.1 structure of a DSA key is:

    (0, p, q, g, y, x)

The ASN.1 structure of a ECDSA key is:

    (ECParameters, OID, NULL)
ParametersdataThe key data. (type: bytes)
passphraseThe passphrase the key is encrypted with, or None if it is not encrypted. (type: bytes or None)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect
EncryptedKeyErrorif * a passphrase is not provided for an encrypted key
@classmethod
def _fromString_PRIVATE_OPENSSH(cls, data, passphrase): (source)

Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error.

ParametersdataThe key data. (type: bytes)
passphraseThe passphrase the key is encrypted with, or None if it is not encrypted. (type: bytes or None)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif * a passphrase is provided for an unencrypted key * the encoding is incorrect
EncryptedKeyErrorif * a passphrase is not provided for an encrypted key
@classmethod
def _fromString_PUBLIC_LSH(cls, data): (source)

Return a public key corresponding to this LSH public key string. The LSH public key string format is:

    <s-expression: ('public-key', (<key type>, (<name, <value>)+))>

The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q.

ParametersdataThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the key type is unknown
@classmethod
def _fromString_PRIVATE_LSH(cls, data): (source)

Return a private key corresponding to this LSH private key string. The LSH private key string format is:

    <s-expression: ('private-key', (<key type>, (<name>, <value>)+))>

The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x.

ParametersdataThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the key type is unknown
@classmethod
def _fromString_AGENTV3(cls, data): (source)

Return a private key object corresponsing to the Secure Shell Key Agent v3 format.

The SSH Key Agent v3 format for a RSA key is:

    string 'ssh-rsa'
    integer e
    integer d
    integer n
    integer u
    integer p
    integer q

The SSH Key Agent v3 format for a DSA key is:

    string 'ssh-dss'
    integer p
    integer q
    integer g
    integer y
    integer x
ParametersdataThe key data. (type: bytes)
ReturnsA new key. (type: twisted.conch.ssh.keys.Key)
RaisesBadKeyErrorif the key type (the first string) is unknown
@classmethod
def _guessStringType(cls, data): (source)

Guess the type of key in data. The types map to _fromString_* methods.

ParametersdataThe key data. (type: bytes)
@classmethod
def _fromRSAComponents(cls, n, e, d=None, p=None, q=None, u=None): (source)

Build a key from RSA numerical components.

ParametersnThe 'n' RSA variable. (type: int)
eThe 'e' RSA variable. (type: int)
dThe 'd' RSA variable (optional for a public key). (type: int or None)
pThe 'p' RSA variable (optional for a public key). (type: int or None)
qThe 'q' RSA variable (optional for a public key). (type: int or None)
uThe 'u' RSA variable. Ignored, as its value is determined by p and q. (type: int or None)
ReturnsAn RSA key constructed from the values as given. (type: Key)
@classmethod
def _fromDSAComponents(cls, y, p, q, g, x=None): (source)

Build a key from DSA numerical components.

ParametersyThe 'y' DSA variable. (type: int)
pThe 'p' DSA variable. (type: int)
qThe 'q' DSA variable. (type: int)
gThe 'g' DSA variable. (type: int)
xThe 'x' DSA variable (optional for a public key) (type: int or None)
ReturnsA DSA key constructed from the values as given. (type: Key)
@classmethod
def _fromECComponents(cls, x, y, curve, privateValue=None): (source)

Build a key from EC components.

ParametersxThe affine x component of the public point used for verifying. (type: int)
yThe affine y component of the public point used for verifying. (type: int)
curveNIST name of elliptic curve. (type: bytes)
privateValueThe private value. (type: int)
@classmethod
def _fromECEncodedPoint(cls, encodedPoint, curve, privateValue=None): (source)

Build a key from an EC encoded point.

ParametersencodedPointThe public point encoded as in SEC 1 v2.0 section 2.3.3. (type: bytes)
curveNIST name of elliptic curve. (type: bytes)
privateValueThe private value. (type: int)
@classmethod
def _fromEd25519Components(cls, a, k=None): (source)

Build a key from Ed25519 components.

ParametersaThe Ed25519 public key, as defined in RFC 8032 section
(type: bytes)
kThe Ed25519 private key, as defined in RFC 8032 section
(type: bytes)
def __init__(self, keyObject): (source)

Initialize with a private or public cryptography.hazmat.primitives.asymmetric key.

ParameterskeyObjectLow level key. (type: cryptography.hazmat.primitives.asymmetric key.)
_keyObject = (source)

Undocumented

def __eq__(self, other): (source)

Return True if other represents an object with the same key.

ParametersotherUndocumented (type: object)
ReturnsUndocumented (type: bool)
def __repr__(self): (source)

Return a pretty representation of this object.

ReturnsUndocumented (type: str)
def isPublic(self): (source)

Check if this instance is a public key.

ReturnsTrue if this is a public key.
def public(self): (source)

Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self.

ReturnsA public key. (type: Key)
def fingerprint(self, format=FingerprintFormats.MD5_HEX): (source)

The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include FingerprintFormats.MD5_HEX and FingerprintFormats.SHA256_BASE64

The input to the algorithm is the public key data as specified by [RFC4253].

The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=

The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87

ParametersformatFormat for fingerprint generation. Consists hash function and representation format. Default is FingerprintFormats.MD5_HEX
Returnsthe user presentation of this Key's fingerprint, as a string. (type: str)
Present Since8.2
def type(self): (source)

Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', 'EC', or 'Ed25519'.

ReturnsUndocumented (type: str)
RaisesRuntimeErrorIf the object type is unknown.
def sshType(self): (source)

Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'.

identifier is the standard NIST curve name

ReturnsThe key type format. (type: bytes)
def size(self): (source)

Return the size of the object we wrap.

ReturnsThe size of the key. (type: int)
def data(self): (source)

Return the values of the public key as a dictionary.

ReturnsUndocumented (type: dict)
def blob(self): (source)

Return the public key blob for this key. The blob is the over-the-wire format for public keys.

SECSH-TRANS RFC 4253 Section 6.6.

RSA keys:

    string 'ssh-rsa'
    integer e
    integer n

DSA keys:

    string 'ssh-dss'
    integer p
    integer q
    integer g
    integer y

EC keys:

    string 'ecdsa-sha2-[identifier]'
    integer x
    integer y

    identifier is the standard NIST curve name

Ed25519 keys:

    string 'ssh-ed25519'
    string a
ReturnsUndocumented (type: bytes)
def privateBlob(self): (source)

Return the private key blob for this key. The blob is the over-the-wire format for private keys:

Specification in OpenSSH PROTOCOL.agent

RSA keys:

    string 'ssh-rsa'
    integer n
    integer e
    integer d
    integer u
    integer p
    integer q

DSA keys:

    string 'ssh-dss'
    integer p
    integer q
    integer g
    integer y
    integer x

EC keys:

    string 'ecdsa-sha2-[identifier]'
    integer x
    integer y
    integer privateValue

    identifier is the NIST standard curve name.

Ed25519 keys:

    string 'ssh-ed25519'
    string a
    string k || a
@_mutuallyExclusiveArguments([['extra', 'comment'], ['extra', 'passphrase']])
def toString(self, type, extra=None, subtype=None, comment=None, passphrase=None): (source)

Create a string representation of this key. If the key is a private key and you want the representation of its public key, use key.public().toString(). type maps to a _toString_* method.

ParameterstypeThe type of string to emit. Currently supported values are 'OPENSSH', 'LSH', and 'AGENTV3'. (type: str)
extraAny extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use comment or passphrase as appropriate instead.) (type: bytes or unicode or None)
subtypeA subtype of the requested type to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are 'PEM' and 'v1'. If not given, an appropriate default is used. (type: str or None)
commentA comment to include with the key. Only supported for OpenSSH keys.

Present since Twisted 20.3.0.

(type: bytes or unicode or None)
passphraseA passphrase to encrypt the key with. Only supported for private OpenSSH keys.

Present since Twisted 20.3.0.

(type: bytes or unicode or None)
ReturnsUndocumented (type: bytes)
def _toPublicOpenSSH(self, comment=None): (source)

Return a public OpenSSH key string.

See _fromString_PUBLIC_OPENSSH for the string format.

ParameterscommentA comment to include with the key, or None to omit the comment. (type: bytes or None)
def _toPrivateOpenSSH_v1(self, comment=None, passphrase=None): (source)

Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.

See _fromPrivateOpenSSH_v1 for the string format.

ParameterscommentUndocumented
passphraseThe passphrase to encrypt the key with, or None if it is not encrypted. (type: bytes or None)
def _toPrivateOpenSSH_PEM(self, passphrase=None): (source)

Return a private OpenSSH key string, in the old PEM-based format.

See _fromPrivateOpenSSH_PEM for the string format.

ParameterspassphraseThe passphrase to encrypt the key with, or None if it is not encrypted. (type: bytes or None)
def _toString_OPENSSH(self, subtype=None, comment=None, passphrase=None): (source)

Return a public or private OpenSSH string. See _fromString_PUBLIC_OPENSSH and _fromPrivateOpenSSH_PEM for the string formats.

ParameterssubtypeA subtype to emit. Only supported for private keys, for which the currently supported subtypes are 'PEM' and 'v1'. If not given, an appropriate default is used. (type: str or None)
commentComment for a public key. (type: bytes)
passphrasePassphrase for a private key. (type: bytes)
ReturnsUndocumented (type: bytes)
def _toString_LSH(self, **kwargs): (source)

Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats.

ReturnsUndocumented (type: bytes)
def _toString_AGENTV3(self, **kwargs): (source)

Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format.

ReturnsUndocumented (type: bytes)
def sign(self, data): (source)

Sign some data with this key.

SECSH-TRANS RFC 4253 Section 6.6.

ParametersdataThe data to sign. (type: bytes)
ReturnsA signature for the given data. (type: bytes)
def verify(self, signature, data): (source)

Verify a signature using this key.

ParameterssignatureThe signature to verify. (type: bytes)
dataThe signed data. (type: bytes)
ReturnsTrue if the signature is valid. (type: bool)
API Documentation for Twisted, generated by pydoctor 20.12.1 at 2021-02-28 19:53:36.