twisted.conch.ssh.keys.Key

An object representing a key. A key can be either a public or private key. A public key can verify a signature; a private key can create or verify a signature. To generate a string that can be stored on disk, use the toString method. If you have a private key, but want the string representation of the public key, use Key.public().toString().

Class Method	fromFile	Load a key from a file.
Class Method	fromString	No summary
Method	__init__	Initialize with a private or public `cryptography.hazmat.primitives.asymmetric` key.
Method	__eq__	Return True if other represents an object with the same key.
Method	__ne__	Return True if other represents anything other than this key.
Method	__repr__	Return a pretty representation of this object.
Method	isPublic	Check if this instance is a public key.
Method	public	Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self.
Method	fingerprint	No summary
Method	type	Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'.
Method	sshType	Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'.
Method	size	Return the size of the object we wrap.
Method	data	Return the values of the public key as a dictionary.
Method	blob	Return the public key blob for this key. The blob is the over-the-wire format for public keys.
Method	privateBlob	Return the private key blob for this key. The blob is the over-the-wire format for private keys:
Method	toString	Create a string representation of this key. If the key is a private key and you want the representation of its public key, use `key.public().toString()`. type maps to a _toString_* method.
Method	sign	Sign some data with this key.
Method	verify	Verify a signature using this key.
Class Method	_fromString_BLOB	No summary
Class Method	_fromString_PRIVATE_BLOB	Return a private key object corresponding to this private key blob. The blob formats are as follows:
Class Method	_fromString_PUBLIC_OPENSSH	Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:: <key type> <base64-encoded public key blob>
Class Method	_fromPrivateOpenSSH_v1	Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.
Class Method	_fromPrivateOpenSSH_PEM	Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format.
Class Method	_fromString_PRIVATE_OPENSSH	Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error.
Class Method	_fromString_PUBLIC_LSH	Return a public key corresponding to this LSH public key string. The LSH public key string format is:: <s-expression: ('public-key', (<key type>, (<name, <value>)+))>
Class Method	_fromString_PRIVATE_LSH	Return a private key corresponding to this LSH private key string. The LSH private key string format is:: <s-expression: ('private-key', (<key type>, (<name>, <value>)+))>
Class Method	_fromString_AGENTV3	Return a private key object corresponsing to the Secure Shell Key Agent v3 format.
Class Method	_guessStringType	Guess the type of key in data. The types map to _fromString_* methods.
Class Method	_fromRSAComponents	Build a key from RSA numerical components.
Class Method	_fromDSAComponents	Build a key from DSA numerical components.
Class Method	_fromECComponents	Build a key from EC components.
Class Method	_fromECEncodedPoint	Build a key from an EC encoded point.
Method	_toPublicOpenSSH	Return a public OpenSSH key string.
Method	_toPrivateOpenSSH_v1	Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.
Method	_toPrivateOpenSSH_PEM	Return a private OpenSSH key string, in the old PEM-based format.
Method	_toString_OPENSSH	No summary
Method	_toString_LSH	Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats.
Method	_toString_AGENTV3	Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format.

@classmethod
def fromFile(cls, filename, type=None, passphrase=None):

Load a key from a file.

Parameters	filename	The path to load key data from.
	type	A string describing the format the key data is in, or `None` to attempt detection of the type. (type: `str` or `None`)
	passphrase	The passphrase the key is encrypted with, or `None` if there is no encryption. (type: `bytes` or `None`)
Returns	The loaded key. (type: `Key`)

@classmethod
def fromString(cls, data, type=None, passphrase=None):

Return a Key object corresponding to the string data. type is optionally the type of string, matching a _fromString_* method. Otherwise, the _guessStringType() classmethod will be used to guess a type. If the key is encrypted, passphrase is used as the decryption key.

Parameters	data	The key data. (type: `bytes`)
	type	A string describing the format the key data is in, or `None` to attempt detection of the type. (type: `str` or `None`)
	passphrase	The passphrase the key is encrypted with, or `None` if there is no encryption. (type: `bytes` or `None`)
Returns	The loaded key. (type: `Key`)

@classmethod
def _fromString_BLOB(cls, blob):

Return a public key object corresponding to this public key blob. The format of a RSA public key blob is:

   string 'ssh-rsa'
   integer e
   integer n

The format of a DSA public key blob is:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y

The format of ECDSA-SHA2-* public key blob is:

   string 'ecdsa-sha2-[identifier]'
   integer x
   integer y

   identifier is the standard NIST curve name.

Parameters	blob	The key data. (type: `bytes`)
Returns	A new key. (type: `twisted.conch.ssh.keys.Key`)
Raises	BadKeyError	if the key type (the first string) is unknown.

@classmethod
def _fromString_PRIVATE_BLOB(cls, blob):

Return a private key object corresponding to this private key blob. The blob formats are as follows:

RSA keys:

   string 'ssh-rsa'
   integer n
   integer e
   integer d
   integer u
   integer p
   integer q

DSA keys:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y
   integer x

EC keys:

   string 'ecdsa-sha2-[identifier]'
   string identifier
   string q
   integer privateValue

   identifier is the standard NIST curve name.

Parameters	blob	The key data. (type: `bytes`)
Returns	A new key. (type: `twisted.conch.ssh.keys.Key`)
Raises	BadKeyError	if * the key type (the first string) is unknown * the curve name of an ECDSA key does not match the key type

@classmethod
def _fromString_PUBLIC_OPENSSH(cls, data):

Return a public key object corresponding to this OpenSSH public key string. The format of an OpenSSH public key string is:

   <key type> <base64-encoded public key blob>

Parameters	data	The key data. (type: `bytes`)
Returns	A new key. (type: `twisted.conch.ssh.keys.Key`)
Raises	BadKeyError	if the blob type is unknown.

@classmethod
def _fromPrivateOpenSSH_v1(cls, data, passphrase):

Return a private key object corresponding to this OpenSSH private key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.

The format of an openssh-key-v1 private key string is:

   -----BEGIN OPENSSH PRIVATE KEY-----
   <base64-encoded SSH protocol string>
   -----END OPENSSH PRIVATE KEY-----

The SSH protocol string is as described in PROTOCOL.key.

Parameters	data	The key data. (type: `bytes`)
	passphrase	The passphrase the key is encrypted with, or `None` if it is not encrypted. (type: `bytes` or `None`)
Returns	A new key. (type: `twisted.conch.ssh.keys.Key`)
Raises	BadKeyError	if * a passphrase is provided for an unencrypted key * the SSH protocol encoding is incorrect
	EncryptedKeyError	if * a passphrase is not provided for an encrypted key

@classmethod
def _fromPrivateOpenSSH_PEM(cls, data, passphrase):

Return a private key object corresponding to this OpenSSH private key string, in the old PEM-based format.

The format of a PEM-based OpenSSH private key string is:

   -----BEGIN <key type> PRIVATE KEY-----
   [Proc-Type: 4,ENCRYPTED
   DEK-Info: DES-EDE3-CBC,<initialization value>]
   <base64-encoded ASN.1 structure>
   ------END <key type> PRIVATE KEY------

The ASN.1 structure of a RSA key is:

   (0, n, e, d, p, q)

The ASN.1 structure of a DSA key is:

   (0, p, q, g, y, x)

The ASN.1 structure of a ECDSA key is:

   (ECParameters, OID, NULL)

Parameters	data	The key data. (type: `bytes`)
	passphrase	The passphrase the key is encrypted with, or `None` if it is not encrypted. (type: `bytes` or `None`)
Returns	A new key. (type: `twisted.conch.ssh.keys.Key`)
Raises	BadKeyError	if * a passphrase is provided for an unencrypted key * the ASN.1 encoding is incorrect
	EncryptedKeyError	if * a passphrase is not provided for an encrypted key

@classmethod
def _fromString_PRIVATE_OPENSSH(cls, data, passphrase):

Return a private key object corresponding to this OpenSSH private key string. If the key is encrypted, passphrase MUST be provided. Providing a passphrase for an unencrypted key is an error.

Parameters	data	The key data. (type: `bytes`)
	passphrase	The passphrase the key is encrypted with, or `None` if it is not encrypted. (type: `bytes` or `None`)
Returns	A new key. (type: `twisted.conch.ssh.keys.Key`)
Raises	BadKeyError	if * a passphrase is provided for an unencrypted key * the encoding is incorrect
	EncryptedKeyError	if * a passphrase is not provided for an encrypted key

@classmethod
def _fromString_PUBLIC_LSH(cls, data):

Return a public key corresponding to this LSH public key string. The LSH public key string format is:

   <s-expression: ('public-key', (<key type>, (<name, <value>)+))>

The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e. The names for a DSA (key type 'dsa') key are: y, g, p, q.

Parameters	data	The key data. (type: `bytes`)
Returns	A new key. (type: `twisted.conch.ssh.keys.Key`)
Raises	BadKeyError	if the key type is unknown

@classmethod
def _fromString_PRIVATE_LSH(cls, data):

Return a private key corresponding to this LSH private key string. The LSH private key string format is:

   <s-expression: ('private-key', (<key type>, (<name>, <value>)+))>

The names for a RSA (key type 'rsa-pkcs1-sha1') key are: n, e, d, p, q. The names for a DSA (key type 'dsa') key are: y, g, p, q, x.

Parameters	data	The key data. (type: `bytes`)
Returns	A new key. (type: `twisted.conch.ssh.keys.Key`)
Raises	BadKeyError	if the key type is unknown

@classmethod
def _fromString_AGENTV3(cls, data):

Return a private key object corresponsing to the Secure Shell Key Agent v3 format.

The SSH Key Agent v3 format for a RSA key is:

   string 'ssh-rsa'
   integer e
   integer d
   integer n
   integer u
   integer p
   integer q

The SSH Key Agent v3 format for a DSA key is:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y
   integer x

Parameters	data	The key data. (type: `bytes`)
Returns	A new key. (type: `twisted.conch.ssh.keys.Key`)
Raises	BadKeyError	if the key type (the first string) is unknown

@classmethod
def _guessStringType(cls, data):

Guess the type of key in data. The types map to _fromString_* methods.

Parameters data The key data. (type: bytes)

@classmethod
def _fromRSAComponents(cls, n, e, d=None, p=None, q=None, u=None):

Build a key from RSA numerical components.

Parameters	n	The 'n' RSA variable. (type: `int`)
	e	The 'e' RSA variable. (type: `int`)
	d	The 'd' RSA variable (optional for a public key). (type: `int` or `None`)
	p	The 'p' RSA variable (optional for a public key). (type: `int` or `None`)
	q	The 'q' RSA variable (optional for a public key). (type: `int` or `None`)
	u	The 'u' RSA variable. Ignored, as its value is determined by p and q. (type: `int` or `None`)
Returns	An RSA key constructed from the values as given. (type: `Key`)

@classmethod
def _fromDSAComponents(cls, y, p, q, g, x=None):

Build a key from DSA numerical components.

Parameters	y	The 'y' DSA variable. (type: `int`)
	p	The 'p' DSA variable. (type: `int`)
	q	The 'q' DSA variable. (type: `int`)
	g	The 'g' DSA variable. (type: `int`)
	x	The 'x' DSA variable (optional for a public key) (type: `int` or `None`)
Returns	A DSA key constructed from the values as given. (type: `Key`)

@classmethod
def _fromECComponents(cls, x, y, curve, privateValue=None):

Build a key from EC components.

Parameters	x	The affine x component of the public point used for verifying. (type: `int`)
	y	The affine y component of the public point used for verifying. (type: `int`)
	curve	NIST name of elliptic curve. (type: `bytes`)
	privateValue	The private value. (type: `int`)

@classmethod
def _fromECEncodedPoint(cls, encodedPoint, curve, privateValue=None):

Build a key from an EC encoded point.

Parameters	encodedPoint	The public point encoded as in SEC 1 v2.0 section 2.3.3. (type: `bytes`)
	curve	NIST name of elliptic curve. (type: `bytes`)
	privateValue	The private value. (type: `int`)

def __init__(self, keyObject):

Initialize with a private or public cryptography.hazmat.primitives.asymmetric key.

Parameters keyObject Low level key. (type: cryptography.hazmat.primitives.asymmetric key.)

def __eq__(self, other):

Return True if other represents an object with the same key.

def __ne__(self, other):

Return True if other represents anything other than this key.

def __repr__(self):

Return a pretty representation of this object.

def isPublic(self):

Check if this instance is a public key.

Returns True if this is a public key.

def public(self):

Returns a version of this key containing only the public key data. If this is a public key, this may or may not be the same object as self.

Returns A public key. (type: Key)

def fingerprint(self, format=FingerprintFormats.MD5_HEX):

The fingerprint of a public key consists of the output of the message-digest algorithm in the specified format. Supported formats include FingerprintFormats.MD5_HEX and FingerprintFormats.SHA256_BASE64

The input to the algorithm is the public key data as specified by [RFC4253].

The output of sha256[RFC4634] algorithm is presented to the user in the form of base64 encoded sha256 hashes. Example: US5jTUa0kgX5ZxdqaGF0yGRu8EgKXHNmoT8jHKo1StM=

The output of the MD5[RFC1321](default) algorithm is presented to the user as a sequence of 16 octets printed as hexadecimal with lowercase letters and separated by colons. Example: c1:b1:30:29:d7:b8:de:6c:97:77:10:d7:46:41:63:87

Parameters	format	Format for fingerprint generation. Consists hash function and representation format. Default is `FingerprintFormats.MD5_HEX`
Returns	the user presentation of this `Key`'s fingerprint, as a string. (type: `str`)
Present Since	8.2

def type(self):

Return the type of the object we wrap. Currently this can only be 'RSA', 'DSA', or 'EC'.

Returns	(type: `str`)
Raises	RuntimeError	If the object type is unknown.

def sshType(self):

Get the type of the object we wrap as defined in the SSH protocol, defined in RFC 4253, Section 6.6. Currently this can only be b'ssh-rsa', b'ssh-dss' or b'ecdsa-sha2-[identifier]'.

identifier is the standard NIST curve name

Returns The key type format. (type: bytes)

def size(self):

Return the size of the object we wrap.

Returns The size of the key. (type: int)

def data(self):

Return the values of the public key as a dictionary.

Returns (type: dict)

def blob(self):

Return the public key blob for this key. The blob is the over-the-wire format for public keys.

SECSH-TRANS RFC 4253 Section 6.6.

RSA keys:

   string 'ssh-rsa'
   integer e
   integer n

DSA keys:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y

EC keys:

   string 'ecdsa-sha2-[identifier]'
   integer x
   integer y

   identifier is the standard NIST curve name

Returns (type: bytes)

def privateBlob(self):

Return the private key blob for this key. The blob is the over-the-wire format for private keys:

Specification in OpenSSH PROTOCOL.agent

RSA keys:

   string 'ssh-rsa'
   integer n
   integer e
   integer d
   integer u
   integer p
   integer q

DSA keys:

   string 'ssh-dss'
   integer p
   integer q
   integer g
   integer y
   integer x

EC keys:

   string 'ecdsa-sha2-[identifier]'
   integer x
   integer y
   integer privateValue

   identifier is the NIST standard curve name.

@_mutuallyExclusiveArguments([['extra', 'comment'], ['extra', 'passphrase']])
def toString(self, type, extra=None, subtype=None, comment=None, passphrase=None):

Create a string representation of this key. If the key is a private key and you want the representation of its public key, use key.public().toString(). type maps to a _toString_* method.

Parameters	type	The type of string to emit. Currently supported values are `'OPENSSH'`, `'LSH'`, and `'AGENTV3'`. (type: `str`)
	extra	Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to encrypt with. (Deprecated since Twisted 20.3.0; use `comment` or `passphrase` as appropriate instead.) (type: `bytes` or `unicode` or `None`)
	subtype	A subtype of the requested `type` to emit. Only supported for private OpenSSH keys, for which the currently supported subtypes are `'PEM'` and `'v1'`. If not given, an appropriate default is used. (type: `str` or `None`)
	comment	A comment to include with the key. Only supported for OpenSSH keys. Present since Twisted 20.3.0. (type: `bytes` or `unicode` or `None`)
	passphrase	A passphrase to encrypt the key with. Only supported for private OpenSSH keys. Present since Twisted 20.3.0. (type: `bytes` or `unicode` or `None`)
Returns	(type: `bytes`)

def _toPublicOpenSSH(self, comment=None):

Return a public OpenSSH key string.

See _fromString_PUBLIC_OPENSSH for the string format.

Parameters comment A comment to include with the key, or None to omit the comment. (type: bytes or None)

def _toPrivateOpenSSH_v1(self, comment=None, passphrase=None):

Return a private OpenSSH key string, in the "openssh-key-v1" format introduced in OpenSSH 6.5.

See _fromPrivateOpenSSH_v1 for the string format.

Parameters passphrase The passphrase to encrypt the key with, or None if it is not encrypted. (type: bytes or None)

def _toPrivateOpenSSH_PEM(self, passphrase=None):

Return a private OpenSSH key string, in the old PEM-based format.

See _fromPrivateOpenSSH_PEM for the string format.

Parameters passphrase The passphrase to encrypt the key with, or None if it is not encrypted. (type: bytes or None)

def _toString_OPENSSH(self, subtype=None, comment=None, passphrase=None):

Return a public or private OpenSSH string. See _fromString_PUBLIC_OPENSSH and _fromPrivateOpenSSH_PEM for the string formats. If extra is present, it represents a comment for a public key, or a passphrase for a private key.

Parameters	extra	Comment for a public key or passphrase for a private key (type: `bytes`)
Returns	(type: `bytes`)

def _toString_LSH(self, **kwargs):

Return a public or private LSH key. See _fromString_PUBLIC_LSH and _fromString_PRIVATE_LSH for the key formats.

Returns (type: bytes)

def _toString_AGENTV3(self, **kwargs):

Return a private Secure Shell Agent v3 key. See _fromString_AGENTV3 for the key format.

Returns (type: bytes)

def sign(self, data):

Sign some data with this key.

SECSH-TRANS RFC 4253 Section 6.6.

Parameters	data	The data to sign. (type: `bytes`)
Returns	A signature for the given data. (type: `bytes`)

def verify(self, signature, data):

Verify a signature using this key.

Parameters	signature	The signature to verify. (type: `bytes`)
	data	The signed data. (type: `bytes`)
Returns	`True` if the signature is valid. (type: `bool`)

API Documentation for twisted, generated by pydoctor at 2020-03-25 17:34:30.

twisted.conch.ssh.keys.Key(object) class documentation

`twisted.conch.ssh.keys.Key(object)` class documentation