Danger
This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.
Backend implementations may provide a number of interfaces to support operations such as Symmetric encryption, Message digests (Hashing), and Hash-based message authentication codes (HMAC).
A specific backend may provide one or more of these interfaces.
A backend that provides methods for using ciphers for encryption and decryption.
The following backends implement this interface:
Check if a cipher and mode combination is supported by this backend.
Parameters: |
|
---|---|
Returns: | True if the specified cipher and mode combination is supported by this backend, otherwise False |
Create a CipherContext that can be used for encrypting data with the symmetric cipher using the given mode.
Parameters: |
|
---|---|
Returns: | |
Raises ValueError: | |
When tag is not None in an AEAD mode |
Create a CipherContext that can be used for decrypting data with the symmetric cipher using the given mode.
Parameters: |
|
---|---|
Returns: | |
Raises ValueError: | |
When tag is None in an AEAD mode |
A backend with methods for using cryptographic hash functions.
The following backends implement this interface:
Check if the specified algorithm is supported by this backend.
Parameters: | algorithm – An instance of HashAlgorithm. |
---|---|
Returns: | True if the specified algorithm is supported by this backend, otherwise False. |
Create a HashContext that uses the specified algorithm to calculate a message digest.
Parameters: | algorithm – An instance of HashAlgorithm. |
---|---|
Returns: | HashContext |
A backend with methods for using cryptographic hash functions as message authentication codes.
The following backends implement this interface:
Check if the specified algorithm is supported by this backend.
Parameters: | algorithm – An instance of HashAlgorithm. |
---|---|
Returns: | True if the specified algorithm is supported for HMAC by this backend, otherwise False. |
Create a HashContext that uses the specified algorithm to calculate a hash-based message authentication code.
Parameters: |
|
---|---|
Returns: |
New in version 0.4.
A backend with methods for using CMAC
Parameters: | algorithm – An instance of BlockCipherAlgorithm. |
---|---|
Returns: | Returns True if the block cipher is supported for CMAC by this backend |
Create a MACContext that uses the specified algorithm to calculate a message authentication code.
Parameters: | algorithm – An instance of BlockCipherAlgorithm. |
---|---|
Returns: | MACContext |
New in version 0.2.
A backend with methods for using PBKDF2 using HMAC as a PRF.
The following backends implement this interface:
Check if the specified algorithm is supported by this backend.
Parameters: | algorithm – An instance of HashAlgorithm. |
---|---|
Returns: | True if the specified algorithm is supported for PBKDF2 HMAC by this backend, otherwise False. |
Parameters: |
|
---|---|
Return bytes: | Derived key. |
New in version 0.2.
A backend with methods for using RSA.
Parameters: |
|
---|---|
Returns: | A new instance of RSAPrivateKey. |
Raises ValueError: | |
If the public_exponent is not valid. |
Check if the specified padding is supported by the backend.
Parameters: | padding – An instance of AsymmetricPadding. |
---|---|
Returns: | True if the specified padding is supported by this backend, otherwise False. |
Check if the specified parameters are supported for key generation by the backend.
Parameters: |
|
---|
Parameters: | numbers – An instance of RSAPrivateNumbers. |
---|---|
Returns: | An instance of RSAPrivateKey. |
Raises: |
|
Parameters: | numbers – An instance of RSAPrivateNumbers. |
---|---|
Returns: | An instance of RSAPublicKey. |
Raises: |
|
New in version 0.4.
A backend with methods for using DSA.
Parameters: | key_size (int) – The length of the modulus in bits. It should be either 1024, 2048 or 3072. For keys generated in 2015 this should be at least 2048. Note that some applications (such as SSH) have not yet gained support for larger key sizes specified in FIPS 186-3 and are still restricted to only the 1024-bit keys specified in FIPS 186-2. |
---|---|
Returns: | A new instance of DSAParameters. |
Parameters: | parameters – An instance of DSAParameters. |
---|---|
Returns: | A new instance of DSAPrivateKey. |
Raises ValueError: | |
This is raised if the key size is not one of 1024, 2048, or 3072. |
Parameters: | key_size (int) – The length of the modulus in bits. It should be either 1024, 2048 or 3072. For keys generated in 2015 this should be at least 2048. Note that some applications (such as SSH) have not yet gained support for larger key sizes specified in FIPS 186-3 and are still restricted to only the 1024-bit keys specified in FIPS 186-2. |
---|---|
Returns: | A new instance of DSAPrivateKey. |
Raises ValueError: | |
This is raised if the key size is not supported by the backend. |
Parameters: | algorithm – An instance of HashAlgorithm. |
---|---|
Returns: | True if the specified algorithm is supported by this backend, otherwise False. |
Parameters: |
|
---|---|
Returns: | True if the given values of p, q, and g are supported by this backend, otherwise False. |
Parameters: | numbers – An instance of DSAParameterNumbers. |
---|---|
Returns: | An instance of DSAParameters. |
Raises cryptography.exceptions.UnsupportedAlgorithm: | |
This is raised when any backend specific criteria are not met. |
Parameters: | numbers – An instance of DSAPrivateNumbers. |
---|---|
Returns: | An instance of DSAPrivateKey. |
Raises cryptography.exceptions.UnsupportedAlgorithm: | |
This is raised when any backend specific criteria are not met. |
Parameters: | numbers – An instance of DSAPublicNumbers. |
---|---|
Returns: | An instance of DSAPublicKey. |
Raises cryptography.exceptions.UnsupportedAlgorithm: | |
This is raised when any backend specific criteria are not met. |
New in version 0.5.
Parameters: | curve – An instance of EllipticCurve. |
---|---|
Returns: | True if the elliptic curve is supported by this backend. |
Parameters: |
|
---|---|
Returns: | True if the signature algorithm and curve are supported by this backend. |
Parameters: | curve – An instance of EllipticCurve. |
---|
Parameters: | numbers – An instance of EllipticCurvePrivateNumbers. |
---|---|
Returns: | An instance of EllipticCurvePrivateKey. |
Parameters: | numbers – An instance of EllipticCurvePublicNumbers. |
---|---|
Returns: | An instance of EllipticCurvePublicKey. |
Parameters: |
|
---|---|
Returns: | An instance of EllipticCurvePrivateKey. |
New in version 0.6.
A backend with methods for working with any PEM encoded keys.
Parameters: |
|
---|---|
Returns: | A new instance of the appropriate type of private key that the serialized data contains. |
Raises: |
|
Parameters: | data (bytes) – PEM data to load. |
---|---|
Returns: | A new instance of the appropriate type of public key serialized data contains. |
Raises ValueError: | |
If the data could not be deserialized. |
New in version 0.8.
A backend with methods for working with DER encoded keys.
Parameters: |
|
---|---|
Returns: | A new instance of the appropriate type of private key that the serialized data contains. |
Raises: |
|
Parameters: | data (bytes) – DER data to load. |
---|---|
Returns: | A new instance of the appropriate type of public key serialized data contains. |
Raises ValueError: | |
If the data could not be deserialized. |
New in version 0.7.
A backend with methods for working with X.509 objects.
Parameters: | data (bytes) – PEM formatted certificate data. |
---|---|
Returns: | An instance of Certificate. |
Parameters: | data (bytes) – DER formatted certificate data. |
---|---|
Returns: | An instance of Certificate. |
New in version 0.9.
Parameters: | data (bytes) – PEM formatted certificate signing request data. |
---|---|
Returns: | An instance of CertificateSigningRequest. |
New in version 0.9.
Parameters: | data (bytes) – DER formatted certificate signing request data. |
---|---|
Returns: | An instance of CertificateSigningRequest. |
New in version 1.0.
Parameters: |
|
---|---|
Returns: | A new instance of CertificateSigningRequest. |
New in version 1.0.
Parameters: |
|
---|---|
Returns: | A new instance of Certificate. |
New in version 1.2.
Parameters: |
|
---|---|
Returns: | A new instance of CertificateRevocationList. |
New in version 1.2.
Parameters: | builder – An instance of RevokedCertificateBuilder. |
---|---|
Returns: | A new instance of RevokedCertificate. |
New in version 0.9.
A backend with methods for doing Diffie-Hellman key exchange.
Parameters: |
|
---|---|
Returns: | A new instance of DHParameters. |
Raises ValueError: | |
If key_size is not at least 512. |
Parameters: | parameters – An instance of DHParameters. |
---|---|
Returns: | A new instance of DHPrivateKey. |
Parameters: |
|
---|---|
Returns: | A new instance of DHPrivateKey. |
Raises ValueError: | |
If key_size is not at least 512. |
Parameters: | numbers – A DHPrivateNumbers instance. |
---|---|
Returns: | A new instance of DHPrivateKey. |
Raises cryptography.exceptions.UnsupportedAlgorithm: | |
This is raised when any backend specific criteria are not met. |
Parameters: | numbers – A DHPublicNumbers instance. |
---|---|
Returns: | A new instance of DHPublicKey. |
Raises cryptography.exceptions.UnsupportedAlgorithm: | |
This is raised when any backend specific criteria are not met. |
Parameters: | numbers – A DHParameterNumbers instance. |
---|---|
Returns: | A new instance of DHParameters. |
Raises cryptography.exceptions.UnsupportedAlgorithm: | |
This is raised when any backend specific criteria are not met. |
Parameters: |
|
---|---|
Returns: | True if the given values of p, g and q are supported by this backend, otherwise False. |
New in version 1.8.
Returns: | True if serialization of DH objects with subgroup order (q) is supported by this backend. |
---|
New in version 1.6.
A backend with methods for using Scrypt.
The following backends implement this interface:
Parameters: |
|
---|---|
Return bytes: | Derived key. |