tlslite.utils.keyfactory module¶
Factory functions for asymmetric cryptography.
- tlslite.utils.keyfactory.generateRSAKey(bits, implementations=['openssl', 'python'])¶
Generate an RSA key with the specified bit length.
- Parameters:
bits (int) – Desired bit length of the new key’s modulus.
- Return type:
- Returns:
A new RSA private key.
- tlslite.utils.keyfactory.parseAsPublicKey(s)¶
Parse a PEM-formatted public key.
- Parameters:
s (str) – A string containing a PEM-encoded public or private key.
- Return type:
- Returns:
An RSA public key.
- Raises:
SyntaxError – If the key is not properly formatted.
- tlslite.utils.keyfactory.parsePEMKey(s, private=False, public=False, passwordCallback=None, implementations=['openssl', 'python'])¶
Parse a PEM-format key.
The PEM format is used by OpenSSL and other tools. The format is typically used to store both the public and private components of a key. For example:
-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDYscuoMzsGmW0pAYsmyHltxB2TdwHS0dImfjCMfaSDkfLdZY5+ dOWORVns9etWnr194mSGA1F0Pls/VJW8+cX9+3vtJV8zSdANPYUoQf0TP7VlJxkH dSRkUbEoz5bAAs/+970uos7n7iXQIni+3erUTdYEk2iWnMBjTljfgbK/dQIDAQAB AoGAJHoJZk75aKr7DSQNYIHuruOMdv5ZeDuJvKERWxTrVJqE32/xBKh42/IgqRrc esBN9ZregRCd7YtxoL+EVUNWaJNVx2mNmezEznrc9zhcYUrgeaVdFO2yBF1889zO gCOVwrO8uDgeyj6IKa25H6c1N13ih/o7ZzEgWbGG+ylU1yECQQDv4ZSJ4EjSh/Fl aHdz3wbBa/HKGTjC8iRy476Cyg2Fm8MZUe9Yy3udOrb5ZnS2MTpIXt5AF3h2TfYV VoFXIorjAkEA50FcJmzT8sNMrPaV8vn+9W2Lu4U7C+K/O2g1iXMaZms5PC5zV5aV CKXZWUX1fq2RaOzlbQrpgiolhXpeh8FjxwJBAOFHzSQfSsTNfttp3KUpU0LbiVvv i+spVSnA0O4rq79KpVNmK44Mq67hsW1P11QzrzTAQ6GVaUBRv0YS061td1kCQHnP wtN2tboFR6lABkJDjxoGRvlSt4SOPr7zKGgrWjeiuTZLHXSAnCY+/hr5L9Q3ZwXG 6x6iBdgLjVIe4BZQNtcCQQDXGv/gWinCNTN3MPWfTW/RGzuMYVmyBFais0/VrgdH h1dLpztmpQqfyH/zrBXQ9qL/zR4ojS6XYneO/U18WpEe -----END RSA PRIVATE KEY-----
To generate a key like this with OpenSSL, run:
openssl genrsa 2048 > key.pem
This format also supports password-encrypted private keys. TLS Lite can only handle password-encrypted private keys when OpenSSL and M2Crypto are installed. In this case, passwordCallback will be invoked to query the user for the password.
- Parameters:
s (str) – A string containing a PEM-encoded public or private key.
private (bool) – If True, a
SyntaxError
will be raised if the private key component is not present.public (bool) – If True, the private key component (if present) will be discarded, so this function will always return a public key.
passwordCallback (callable) – This function will be called, with no arguments, if the PEM-encoded private key is password-encrypted. The callback should return the password string. If the password is incorrect, SyntaxError will be raised. If no callback is passed and the key is password-encrypted, a prompt will be displayed at the console.
- Return type:
- Returns:
An RSA key.
- Raises:
SyntaxError – If the key is not properly formatted.