tlslite.utils.keyfactory module

Factory functions for asymmetric cryptography.

tlslite.utils.keyfactory.bytes_to_int(bytes, byteorder='big', *, signed=False)

Return the integer represented by the given array of bytes.

bytes

Holds the array of bytes to convert. The argument must either support the buffer protocol or be an iterable object producing bytes. Bytes and bytearray are examples of built-in objects that support the buffer protocol.

byteorder

The byte order used to represent the integer. If byteorder is ‘big’, the most significant byte is at the beginning of the byte array. If byteorder is ‘little’, the most significant byte is at the end of the byte array. To request the native byte order of the host system, use `sys.byteorder’ as the byte order value. Default is to use ‘big’.

signed

Indicates whether two’s complement is used to represent the integer.

tlslite.utils.keyfactory.generateRSAKey(bits, implementations=['openssl', 'python'])[source]

Generate an RSA key with the specified bit length.

Parameters:

bits (int) – Desired bit length of the new key’s modulus.

Return type:

RSAKey

Returns:

A new RSA private key.

tlslite.utils.keyfactory.parseAsPublicKey(s)[source]

Parse a PEM-formatted public key.

Parameters:

s (str) – A string containing a PEM-encoded public or private key.

Return type:

RSAKey

Returns:

An RSA public key.

Raises:

SyntaxError – If the key is not properly formatted.

tlslite.utils.keyfactory.parsePEMKey(s, private=False, public=False, passwordCallback=None, implementations=['openssl', 'python'])[source]

Parse a PEM-format key.

The PEM format is used by OpenSSL and other tools. The format is typically used to store both the public and private components of a key. For example:

-----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQDYscuoMzsGmW0pAYsmyHltxB2TdwHS0dImfjCMfaSDkfLdZY5+
 dOWORVns9etWnr194mSGA1F0Pls/VJW8+cX9+3vtJV8zSdANPYUoQf0TP7VlJxkH
 dSRkUbEoz5bAAs/+970uos7n7iXQIni+3erUTdYEk2iWnMBjTljfgbK/dQIDAQAB
 AoGAJHoJZk75aKr7DSQNYIHuruOMdv5ZeDuJvKERWxTrVJqE32/xBKh42/IgqRrc
 esBN9ZregRCd7YtxoL+EVUNWaJNVx2mNmezEznrc9zhcYUrgeaVdFO2yBF1889zO
 gCOVwrO8uDgeyj6IKa25H6c1N13ih/o7ZzEgWbGG+ylU1yECQQDv4ZSJ4EjSh/Fl
 aHdz3wbBa/HKGTjC8iRy476Cyg2Fm8MZUe9Yy3udOrb5ZnS2MTpIXt5AF3h2TfYV
 VoFXIorjAkEA50FcJmzT8sNMrPaV8vn+9W2Lu4U7C+K/O2g1iXMaZms5PC5zV5aV
 CKXZWUX1fq2RaOzlbQrpgiolhXpeh8FjxwJBAOFHzSQfSsTNfttp3KUpU0LbiVvv
 i+spVSnA0O4rq79KpVNmK44Mq67hsW1P11QzrzTAQ6GVaUBRv0YS061td1kCQHnP
 wtN2tboFR6lABkJDjxoGRvlSt4SOPr7zKGgrWjeiuTZLHXSAnCY+/hr5L9Q3ZwXG
 6x6iBdgLjVIe4BZQNtcCQQDXGv/gWinCNTN3MPWfTW/RGzuMYVmyBFais0/VrgdH
 h1dLpztmpQqfyH/zrBXQ9qL/zR4ojS6XYneO/U18WpEe
 -----END RSA PRIVATE KEY-----

To generate a key like this with OpenSSL, run:

openssl genrsa 2048 > key.pem

This format also supports password-encrypted private keys. TLS Lite can only handle password-encrypted private keys when OpenSSL and M2Crypto are installed. In this case, passwordCallback will be invoked to query the user for the password.

Parameters:
  • s (str) – A string containing a PEM-encoded public or private key.

  • private (bool) – If True, a SyntaxError will be raised if the private key component is not present.

  • public (bool) – If True, the private key component (if present) will be discarded, so this function will always return a public key.

  • passwordCallback (callable) – This function will be called, with no arguments, if the PEM-encoded private key is password-encrypted. The callback should return the password string. If the password is incorrect, SyntaxError will be raised. If no callback is passed and the key is password-encrypted, a prompt will be displayed at the console.

Return type:

RSAKey

Returns:

An RSA key.

Raises:

SyntaxError – If the key is not properly formatted.

tlslite.utils.keyfactory.parsePrivateKey(s)[source]

Parse a PEM-formatted private key.

Parameters:

s (str) – A string containing a PEM-encoded private key.

Return type:

RSAKey

Returns:

An RSA private key.

Raises:

SyntaxError – If the key is not properly formatted.