msl.network.cryptography module
Functions to create a self-signed certificate for the secure SSL/TLS protocol.
- msl.network.cryptography.generate_key(*, path=None, algorithm='RSA', password=None, size=2048, curve='SECP384R1')[source]
Generate a new private key.
- Parameters:
path (
str
, optional) – The path to save the private key to. If not specified then save the private key in the default directory with the default filename.algorithm (
str
, optional) –The encryption algorithm to use to generate the private key. Options are:
RSA
- Rivest, Shamir, and Adleman algorithm.DSA
- Digital Signature Algorithm.ECC
- Elliptic Curve Cryptography.
password (
str
, optional) – The password to use to encrypt the key.size (
int
, optional) – The size (number of bits) of the key. Only used if algorithm isRSA
orDSA
.curve (
str
, optional) – The name of the elliptic curve to use. Only used if algorithm isECC
. See Elliptic Curves for example elliptic-curve names.
- Returns:
str
– The path to the private key.
- msl.network.cryptography.load_key(path, *, password=None)[source]
Load a private key from a file.
- Parameters:
- Returns:
RSAPrivateKey
,DSAPrivateKey
orEllipticCurvePrivateKey
– The private key.
- msl.network.cryptography.generate_certificate(*, path=None, key_path=None, key_password=None, algorithm='SHA256', years_valid=None, digest_size=None, name=None, extensions=None)[source]
Generate a self-signed certificate.
Changed in version 1.0: Added the digest_size, name and extensions keyword arguments.
- Parameters:
path (
str
, optional) – The path to save the certificate to. If not specified then save the certificate in the default directory with the default filename.key_path (
str
, optional) – The path to the private key which will be used to digitally sign the certificate. If not specified then automatically generates a new private key (overwriting the default private key if one already exists).key_password (
str
, optional) – The password to use to decrypt the private key.algorithm (
str
orHashAlgorithm
, optional) – The hash algorithm to use. See Message digests (Hashing) for allowed hash algorithms.years_valid (
int
orfloat
, optional) – The number of years that the certificate is valid for. If you want to specify that the certificate is valid for 3 months then set years_valid to be 0.25. Default is 100 years for 64-bit platforms and 15 years for 32-bit platforms.digest_size (
int
, optional) – The digest size (if the hash algorithm requires one).name (
Name
, optional) – The object to use for thesubject_name()
and theissuer_name()
. If not specified then a default name is used.extensions (
list
ofExtensionType
, optional) – The extensions to add to the certificate.
- Returns:
str
– The path to the self-signed certificate that was generated.
- msl.network.cryptography.get_default_cert_path()[source]
str
: Returns the default certificate path.
- msl.network.cryptography.get_fingerprint(cert, *, algorithm='SHA1', digest_size=None)[source]
Get the fingerprint of a certificate.
Changed in version 1.0: Added the digest_size keyword argument and allow algorithm to be a string.
- Parameters:
cert (
Certificate
) – The PEM certificate.algorithm (
str
orHashAlgorithm
, optional) – The hash algorithm to use. See Message digests (Hashing) for allowed hash algorithms.digest_size (
int
, optional) – The digest size (if the hash algorithm requires one).
- Returns:
str
– The fingerprint as a colon-separated hex string.
- msl.network.cryptography.get_metadata(cert)[source]
Get the metadata of a certificate.
- Parameters:
cert (
Certificate
) – The certificate.- Returns:
dict
– The metadata of the certificate.
- msl.network.cryptography.get_metadata_as_string(cert)[source]
Returns the metadata of a certificate as a human-readable string.
- Parameters:
cert (
Certificate
) – The certificate.- Returns:
str
– The metadata of the certificate.
- msl.network.cryptography.get_ssl_context(*, cert_file=None, host=None, port=None, auto_save=False, **kwargs)[source]
Get the SSL context.
Gets the context either from connecting to a remote server or from loading it from a file.
To get the context from a remote server you must specify both host and port.
Changed in version 0.4: Renamed certificate to certfile.
Changed in version 1.0: Renamed certfile to cert_file. Added the auto_save keyword argument and **kwargs.
- Parameters:
cert_file (
str
, optional) – The path to a certificate file to load. If specified then host, port and auto_save are ignored.host (
str
, optional) – The hostname or IP address of the remote server to connect to.port (
int
, optional) – The port number of the remote server to connect to.auto_save (
bool
, optional) – Whether to automatically save the certificate from the server. Default is to ask before saving.**kwargs – All additional keyword arguments are passed to
ssl.get_server_certificate()
.
- Returns:
str
– The path to the certificate file that was loaded.ssl.SSLContext
– The SSL context.