tlslite.utils.keyfactory module¶
Factory functions for asymmetric cryptography.
-
tlslite.utils.keyfactory.
generateRSAKey
(bits, implementations=['openssl', 'python'])¶ Generate an RSA key with the specified bit length.
Parameters: bits (int) – Desired bit length of the new key’s modulus. Return type: RSAKey Returns: A new RSA private key.
-
tlslite.utils.keyfactory.
parseAsPublicKey
(s)¶ Parse a PEM-formatted public key.
Parameters: s (str) – A string containing a PEM-encoded public or private key. Return type: RSAKey Returns: An RSA public key. Raises: SyntaxError – If the key is not properly formatted.
-
tlslite.utils.keyfactory.
parsePEMKey
(s, private=False, public=False, passwordCallback=None, implementations=['openssl', 'python'])¶ Parse a PEM-format key.
The PEM format is used by OpenSSL and other tools. The format is typically used to store both the public and private components of a key. For example:
-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDYscuoMzsGmW0pAYsmyHltxB2TdwHS0dImfjCMfaSDkfLdZY5+ dOWORVns9etWnr194mSGA1F0Pls/VJW8+cX9+3vtJV8zSdANPYUoQf0TP7VlJxkH dSRkUbEoz5bAAs/+970uos7n7iXQIni+3erUTdYEk2iWnMBjTljfgbK/dQIDAQAB AoGAJHoJZk75aKr7DSQNYIHuruOMdv5ZeDuJvKERWxTrVJqE32/xBKh42/IgqRrc esBN9ZregRCd7YtxoL+EVUNWaJNVx2mNmezEznrc9zhcYUrgeaVdFO2yBF1889zO gCOVwrO8uDgeyj6IKa25H6c1N13ih/o7ZzEgWbGG+ylU1yECQQDv4ZSJ4EjSh/Fl aHdz3wbBa/HKGTjC8iRy476Cyg2Fm8MZUe9Yy3udOrb5ZnS2MTpIXt5AF3h2TfYV VoFXIorjAkEA50FcJmzT8sNMrPaV8vn+9W2Lu4U7C+K/O2g1iXMaZms5PC5zV5aV CKXZWUX1fq2RaOzlbQrpgiolhXpeh8FjxwJBAOFHzSQfSsTNfttp3KUpU0LbiVvv i+spVSnA0O4rq79KpVNmK44Mq67hsW1P11QzrzTAQ6GVaUBRv0YS061td1kCQHnP wtN2tboFR6lABkJDjxoGRvlSt4SOPr7zKGgrWjeiuTZLHXSAnCY+/hr5L9Q3ZwXG 6x6iBdgLjVIe4BZQNtcCQQDXGv/gWinCNTN3MPWfTW/RGzuMYVmyBFais0/VrgdH h1dLpztmpQqfyH/zrBXQ9qL/zR4ojS6XYneO/U18WpEe -----END RSA PRIVATE KEY-----
To generate a key like this with OpenSSL, run:
openssl genrsa 2048 > key.pem
This format also supports password-encrypted private keys. TLS Lite can only handle password-encrypted private keys when OpenSSL and M2Crypto are installed. In this case, passwordCallback will be invoked to query the user for the password.
Parameters: - s (str) – A string containing a PEM-encoded public or private key.
- private (bool) – If True, a
SyntaxError
will be raised if the private key component is not present. - public (bool) – If True, the private key component (if present) will be discarded, so this function will always return a public key.
- passwordCallback (callable) – This function will be called, with no arguments, if the PEM-encoded private key is password-encrypted. The callback should return the password string. If the password is incorrect, SyntaxError will be raised. If no callback is passed and the key is password-encrypted, a prompt will be displayed at the console.
Return type: Returns: An RSA key.
Raises: SyntaxError – If the key is not properly formatted.