twisted.conch.ssh.keys.Key(object)
class documentationtwisted.conch.ssh.keys
(View In Hierarchy)
An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString().
Class Method | fromFile | Load a key from a file. |
Class Method | fromString | No summary |
Method | __init__ | Initialize with a private or public
cryptography.hazmat.primitives.asymmetric key. |
Method | __eq__ | Return True if other represents an object with the same key. |
Method | __ne__ | Return True if other represents anything other than this key. |
Method | __repr__ | Return a pretty representation of this object. |
Method | isPublic | Check if this instance is a public key. |
Method | public | Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self. |
Method | fingerprint | No summary |
Method | type | Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'. |
Method | sshType | Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'. |
Method | size | Return the size of the object we wrap. |
Method | data | Return the values of the public key as a dictionary. |
Method | blob | Return the public key blob for this key. The blob is the over-the-wire format for public keys. |
Method | privateBlob | Return the private key blob for this key. The blob is the over-the-wire format for private keys: |
Method | toString | Create a string representation of this key. If the key is a private key
and you want the representation of its public key, use
key.public().toString() . type maps to a _toString_*
method. |
Method | sign | Sign some data with this key. |
Method | verify | Verify a signature using this key. |
Class Method | _fromString_BLOB | No summary |
Class Method | _fromString_PRIVATE_BLOB | Return a private key object corresponding to this private key blob. The blob formats are as follows: |
Class Method | _fromString_PUBLIC_OPENSSH | Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: <key type> <base64-encoded public key blob> |
Class Method | _fromPrivateOpenSSH_v1 | Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. |
Class Method | _fromPrivateOpenSSH_PEM | Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format. |
Class Method | _fromString_PRIVATE_OPENSSH | Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error. |
Class Method | _fromString_PUBLIC_LSH | Return a public key corresponding to this LSH public key string. The LSH public key string format is:: <s-expression: ('public-key', (<key type>, (<name, <value>)+))> |
Class Method | _fromString_PRIVATE_LSH | Return a private key corresponding to this LSH private key string. The LSH private key string format is:: <s-expression: ('private-key', (<key type>, (<name>, <value>)+))> |
Class Method | _fromString_AGENTV3 | Return a private key object corresponsing to the Secure Shell Key Agent v3 format. |
Class Method | _guessStringType | Guess the type of key in data. The types map to _fromString_* methods. |
Class Method | _fromRSAComponents | Build a key from RSA numerical components. |
Class Method | _fromDSAComponents | Build a key from DSA numerical components. |
Class Method | _fromECComponents | Build a key from EC components. |
Class Method | _fromECEncodedPoint | Build a key from an EC encoded point. |
Method | _toPublicOpenSSH | Return a public OpenSSH key string. |
Method | _toPrivateOpenSSH_v1 | Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5. |
Method | _toPrivateOpenSSH_PEM | Return a private OpenSSH key string, in the old PEM-based format. |
Method | _toString_OPENSSH | No summary |
Method | _toString_LSH | Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats. |
Method | _toString_AGENTV3 | Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format. |
Load a key from a file.
Parameters | filename | The path to load key data from. |
type | A string describing the format the key data is in, or None
to attempt detection of the type. (type: str
or None ) | |
passphrase | The passphrase the key is encrypted with, or None
if there is no encryption. (type: bytes
or None ) | |
Returns | The loaded key. (type: Key ) |
Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key.
Parameters | data | The key data. (type: bytes ) |
type | A string describing the format the key data is in, or None
to attempt detection of the type. (type: str
or None ) | |
passphrase | The passphrase the key is encrypted with, or None
if there is no encryption. (type: bytes
or None ) | |
Returns | The loaded key. (type: Key ) |
Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:
string 'ssh-rsa' integer e integer n
The format of a DSA public key blob is:
string 'ssh-dss' integer p integer q integer g integer y
The format of ECDSA-SHA2-* public key blob is:
string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name.
Parameters | blob | The key data. (type: bytes ) |
Returns | A new key. (type: twisted.conch.ssh.keys.Key ) | |
Raises | BadKeyError | if the key type (the first string) is unknown. |
Return a private key object corresponding to this private key blob. The blob formats are as follows:
RSA keys:
string 'ssh-rsa' integer n integer e integer d integer u integer p integer q
DSA keys:
string 'ssh-dss' integer p integer q integer g integer y integer x
EC keys:
string 'ecdsa-sha2-[identifier]' string identifier string q integer privateValue identifier is the standard NIST curve name.
Parameters | blob | The key data. (type: bytes ) |
Returns | A new key. (type: twisted.conch.ssh.keys.Key ) | |
Raises | BadKeyError | if * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type |
Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:
<key type> <base64-encoded public key blob>
Parameters | data | The key data. (type: bytes ) |
Returns | A new key. (type: twisted.conch.ssh.keys.Key ) | |
Raises | BadKeyError | if the blob type is unknown. |
Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.
The format of an openssh-key-v1 private key string is:
-----BEGIN OPENSSH PRIVATE KEY----- <base64-encoded SSH protocol string> -----END OPENSSH PRIVATE KEY-----
The SSH protocol string is as described in PROTOCOL.key.
Parameters | data | The key data. (type: bytes ) |
passphrase | The passphrase the key is encrypted with, or None
if it is not encrypted. (type: bytes
or None ) | |
Returns | A new key. (type: twisted.conch.ssh.keys.Key ) | |
Raises | BadKeyError | if * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect |
EncryptedKeyError | if * a passphrase is not provided for an encrypted key |
Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format.
The format of a PEM-based OpenSSH private key string is:
-----BEGIN <key type> PRIVATE KEY----- [Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,<initialization value>] <base64-encoded ASN.1 structure> ------END <key type> PRIVATE KEY------
The ASN.1 structure of a RSA key is:
(0, n, e, d, p, q)
The ASN.1 structure of a DSA key is:
(0, p, q, g, y, x)
The ASN.1 structure of a ECDSA key is:
(ECParameters, OID, NULL)
Parameters | data | The key data. (type: bytes ) |
passphrase | The passphrase the key is encrypted with, or None
if it is not encrypted. (type: bytes
or None ) | |
Returns | A new key. (type: twisted.conch.ssh.keys.Key ) | |
Raises | BadKeyError | if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect |
EncryptedKeyError | if * a passphrase is not provided for an encrypted key |
Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error.
Parameters | data | The key data. (type: bytes ) |
passphrase | The passphrase the key is encrypted with, or None
if it is not encrypted. (type: bytes
or None ) | |
Returns | A new key. (type: twisted.conch.ssh.keys.Key ) | |
Raises | BadKeyError | if * a passphrase is provided for an unencrypted key * the encoding is incorrect |
EncryptedKeyError | if * a passphrase is not provided for an encrypted key |
Return a public key corresponding to this LSH public key string. The LSH public key string format is:
<s-expression: ('public-key', (<key type>, (<name, <value>)+))>
The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q.
Parameters | data | The key data. (type: bytes ) |
Returns | A new key. (type: twisted.conch.ssh.keys.Key ) | |
Raises | BadKeyError | if the key type is unknown |
Return a private key corresponding to this LSH private key string. The LSH private key string format is:
<s-expression: ('private-key', (<key type>, (<name>, <value>)+))>
The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x.
Parameters | data | The key data. (type: bytes ) |
Returns | A new key. (type: twisted.conch.ssh.keys.Key ) | |
Raises | BadKeyError | if the key type is unknown |
Return a private key object corresponsing to the Secure Shell Key Agent v3 format.
The SSH Key Agent v3 format for a RSA key is:
string 'ssh-rsa' integer e integer d integer n integer u integer p integer q
The SSH Key Agent v3 format for a DSA key is:
string 'ssh-dss' integer p integer q integer g integer y integer x
Parameters | data | The key data. (type: bytes ) |
Returns | A new key. (type: twisted.conch.ssh.keys.Key ) | |
Raises | BadKeyError | if the key type (the first string) is unknown |
Guess the type of key in data. The types map to _fromString_* methods.
Parameters | data | The key data. (type: bytes ) |
Build a key from RSA numerical components.
Parameters | n | The 'n' RSA variable. (type: int ) |
e | The 'e' RSA variable. (type: int ) | |
d | The 'd' RSA variable (optional for a public key). (type: int
or None ) | |
p | The 'p' RSA variable (optional for a public key). (type: int
or None ) | |
q | The 'q' RSA variable (optional for a public key). (type: int
or None ) | |
u | The 'u' RSA variable. Ignored, as its value is determined by p and q. (type: int
or None ) | |
Returns | An RSA key constructed from the values as given. (type: Key ) |
Build a key from DSA numerical components.
Parameters | y | The 'y' DSA variable. (type: int ) |
p | The 'p' DSA variable. (type: int ) | |
q | The 'q' DSA variable. (type: int ) | |
g | The 'g' DSA variable. (type: int ) | |
x | The 'x' DSA variable (optional for a public key) (type: int
or None ) | |
Returns | A DSA key constructed from the values as given. (type: Key ) |
Initialize with a private or public
cryptography.hazmat.primitives.asymmetric
key.
Parameters | keyObject | Low level key. (type: cryptography.hazmat.primitives.asymmetric key.) |
Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self.
Returns | A public key. (type: Key ) |
The fingerprint of a public key consists of the output of the
message-digest algorithm in the specified format. Supported formats include
FingerprintFormats.MD5_HEX
and FingerprintFormats.SHA256_BASE64
The input to the algorithm is the public key data as specified by [RFC4253].
The output of sha256[RFC4634] algorithm is presented to the user in the
form of base64 encoded sha256 hashes. Example:
US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=
The output of the MD5[RFC1321](default) algorithm is presented to the
user as a sequence of 16 octets printed as hexadecimal with lowercase
letters and separated by colons. Example:
c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87
Parameters | format | Format for fingerprint generation. Consists hash function and
representation format. Default is FingerprintFormats.MD5_HEX |
Returns | the user presentation of this Key 's fingerprint,
as a string. (type: str ) | |
Present Since | 8.2 |
Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'.
Returns | (type: str ) | |
Raises | RuntimeError | If the object type is unknown. |
Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'.
identifier is the standard NIST curve name
Returns | The key type format. (type: bytes ) |
Return the public key blob for this key. The blob is the over-the-wire format for public keys.
SECSH-TRANS RFC 4253 Section 6.6.
RSA keys:
string 'ssh-rsa' integer e integer n
DSA keys:
string 'ssh-dss' integer p integer q integer g integer y
EC keys:
string 'ecdsa-sha2-[identifier]' integer x integer y identifier is the standard NIST curve name
Returns | (type: bytes ) |
Return the private key blob for this key. The blob is the over-the-wire format for private keys:
Specification in OpenSSH PROTOCOL.agent
RSA keys:
string 'ssh-rsa' integer n integer e integer d integer u integer p integer q
DSA keys:
string 'ssh-dss' integer p integer q integer g integer y integer x
EC keys:
string 'ecdsa-sha2-[identifier]' integer x integer y integer privateValue identifier is the NIST standard curve name.
Create a string representation of this key. If the key is a private key
and you want the representation of its public key, use
key.public().toString()
. type maps to a _toString_*
method.
Parameters | type | The type of string to emit. Currently supported values are
'OPENSSH' , 'LSH' , and 'AGENTV3' . (type: str ) |
extra | Any extra data supported by the selected format which is not part of the
key itself. For public OpenSSH keys, this is a comment. For private
OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since
Twisted 20.3.0; use comment or passphrase as
appropriate instead.) (type: bytes
or unicode or
None ) | |
subtype | A subtype of the requested type to emit. Only supported for
private OpenSSH keys, for which the currently supported subtypes are
'PEM' and 'v1' . If not given, an appropriate
default is used. (type: str
or None ) | |
comment | A comment to include with the key. Only supported for OpenSSH keys.
Present since Twisted 20.3.0. (type:bytes
or unicode or
None ) | |
passphrase | A passphrase to encrypt the key with. Only supported for private OpenSSH
keys.
Present since Twisted 20.3.0. (type:bytes
or unicode or
None ) | |
Returns | (type: bytes ) |
Return a public or private OpenSSH string. See _fromString_PUBLIC_OPENSSH and _fromPrivateOpenSSH_PEM for the string formats. If extra is present, it represents a comment for a public key, or a passphrase for a private key.
Parameters | extra | Comment for a public key or passphrase for a private key (type: bytes ) |
Returns | (type: bytes ) |
Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats.
Returns | (type: bytes ) |
Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format.
Returns | (type: bytes ) |