tlslite.utils.keyfactory module

Factory functions for asymmetric cryptography.

tlslite.utils.keyfactory.generateRSAKey(bits, implementations=['openssl', 'python'])

Generate an RSA key with the specified bit length.

Parameters:bits (int) – Desired bit length of the new key’s modulus.
Return type:RSAKey
Returns:A new RSA private key.
tlslite.utils.keyfactory.parseAsPublicKey(s)

Parse a PEM-formatted public key.

Parameters:s (str) – A string containing a PEM-encoded public or private key.
Return type:RSAKey
Returns:An RSA public key.
Raises:SyntaxError – If the key is not properly formatted.
tlslite.utils.keyfactory.parsePEMKey(s, private=False, public=False, passwordCallback=None, implementations=['openssl', 'python'])

Parse a PEM-format key.

The PEM format is used by OpenSSL and other tools. The format is typically used to store both the public and private components of a key. For example:

-----BEGIN RSA PRIVATE KEY-----
 MIICXQIBAAKBgQDYscuoMzsGmW0pAYsmyHltxB2TdwHS0dImfjCMfaSDkfLdZY5+
 dOWORVns9etWnr194mSGA1F0Pls/VJW8+cX9+3vtJV8zSdANPYUoQf0TP7VlJxkH
 dSRkUbEoz5bAAs/+970uos7n7iXQIni+3erUTdYEk2iWnMBjTljfgbK/dQIDAQAB
 AoGAJHoJZk75aKr7DSQNYIHuruOMdv5ZeDuJvKERWxTrVJqE32/xBKh42/IgqRrc
 esBN9ZregRCd7YtxoL+EVUNWaJNVx2mNmezEznrc9zhcYUrgeaVdFO2yBF1889zO
 gCOVwrO8uDgeyj6IKa25H6c1N13ih/o7ZzEgWbGG+ylU1yECQQDv4ZSJ4EjSh/Fl
 aHdz3wbBa/HKGTjC8iRy476Cyg2Fm8MZUe9Yy3udOrb5ZnS2MTpIXt5AF3h2TfYV
 VoFXIorjAkEA50FcJmzT8sNMrPaV8vn+9W2Lu4U7C+K/O2g1iXMaZms5PC5zV5aV
 CKXZWUX1fq2RaOzlbQrpgiolhXpeh8FjxwJBAOFHzSQfSsTNfttp3KUpU0LbiVvv
 i+spVSnA0O4rq79KpVNmK44Mq67hsW1P11QzrzTAQ6GVaUBRv0YS061td1kCQHnP
 wtN2tboFR6lABkJDjxoGRvlSt4SOPr7zKGgrWjeiuTZLHXSAnCY+/hr5L9Q3ZwXG
 6x6iBdgLjVIe4BZQNtcCQQDXGv/gWinCNTN3MPWfTW/RGzuMYVmyBFais0/VrgdH
 h1dLpztmpQqfyH/zrBXQ9qL/zR4ojS6XYneO/U18WpEe
 -----END RSA PRIVATE KEY-----

To generate a key like this with OpenSSL, run:

openssl genrsa 2048 > key.pem

This format also supports password-encrypted private keys. TLS Lite can only handle password-encrypted private keys when OpenSSL and M2Crypto are installed. In this case, passwordCallback will be invoked to query the user for the password.

Parameters:
  • s (str) – A string containing a PEM-encoded public or private key.
  • private (bool) – If True, a SyntaxError will be raised if the private key component is not present.
  • public (bool) – If True, the private key component (if present) will be discarded, so this function will always return a public key.
  • passwordCallback (callable) – This function will be called, with no arguments, if the PEM-encoded private key is password-encrypted. The callback should return the password string. If the password is incorrect, SyntaxError will be raised. If no callback is passed and the key is password-encrypted, a prompt will be displayed at the console.
Return type:

RSAKey
Returns:

An RSA key.
Raises:

SyntaxError – If the key is not properly formatted.
tlslite.utils.keyfactory.parsePrivateKey(s)

Parse a PEM-formatted private key.

Parameters:s (str) – A string containing a PEM-encoded private key.
Return type:RSAKey
Returns:An RSA private key.
Raises:SyntaxError – If the key is not properly formatted.