msl.network.cryptography module

Functions to create a self-signed certificate for the secure SSL/TLS protocol.

msl.network.cryptography.generate_key(*, path=None, algorithm='RSA', password=None, size=2048, curve='SECP384R1')[source]

Generate a new private key.

Parameters:

path (str, optional) – The path to save the private key to. If not specified then save the private key in the default directory with the default filename.
algorithm (str, optional) –
The encryption algorithm to use to generate the private key. Options are:
- RSA - Rivest, Shamir, and Adleman algorithm.
- DSA - Digital Signature Algorithm.
- ECC - Elliptic Curve Cryptography.
password (str, optional) – The password to use to encrypt the key.
size (int, optional) – The size (number of bits) of the key. Only used if algorithm is RSA or DSA.
curve (str, optional) – The name of the elliptic curve to use. Only used if algorithm is ECC. See Elliptic Curves for example elliptic-curve names.

Returns:

str – The path to the private key.

msl.network.cryptography.load_key(path, *, password=None)[source]

Load a private key from a file.

Parameters:

path (str) – The path to a key file.
password (str, optional) – The password to use to decrypt the private key.

Returns:

RSAPrivateKey, DSAPrivateKey or EllipticCurvePrivateKey – The private key.

msl.network.cryptography.generate_certificate(*, path=None, key_path=None, key_password=None, algorithm='SHA256', years_valid=None, digest_size=None, name=None, extensions=None)[source]

Generate a self-signed certificate.

Changed in version 1.0: Added the digest_size, name and extensions keyword arguments.

Parameters:

path (str, optional) – The path to save the certificate to. If not specified then save the certificate in the default directory with the default filename.
key_path (str, optional) – The path to the private key which will be used to digitally sign the certificate. If not specified then automatically generates a new private key (overwriting the default private key if one already exists).
key_password (str, optional) – The password to use to decrypt the private key.
algorithm (str or HashAlgorithm, optional) – The hash algorithm to use. See Message digests (Hashing) for allowed hash algorithms.
years_valid (int or float, optional) – The number of years that the certificate is valid for. If you want to specify that the certificate is valid for 3 months then set years_valid to be 0.25. Default is 100 years for 64-bit platforms and 15 years for 32-bit platforms.
digest_size (int, optional) – The digest size (if the hash algorithm requires one).
name (Name, optional) – The object to use for the subject_name() and the issuer_name(). If not specified then a default name is used.
extensions (list of ExtensionType, optional) – The extensions to add to the certificate.

Returns:

str – The path to the self-signed certificate that was generated.

msl.network.cryptography.load_certificate(cert)[source]

Load a PEM certificate.

Parameters:: cert (str or bytes) – If str then the path to the certificate file. If bytes then the raw certificate data.
Returns:: Certificate – The PEM certificate.
Raises:: TypeError – If cert is not of type str or bytes.

msl.network.cryptography.get_default_cert_path()[source]: str: Returns the default certificate path.

msl.network.cryptography.get_default_key_path()[source]: str: Returns the default key path.

msl.network.cryptography.get_fingerprint(cert, *, algorithm='SHA1', digest_size=None)[source]

Get the fingerprint of a certificate.

Changed in version 1.0: Added the digest_size keyword argument and allow algorithm to be a string.

Parameters:

cert (Certificate) – The PEM certificate.
algorithm (str or HashAlgorithm, optional) – The hash algorithm to use. See Message digests (Hashing) for allowed hash algorithms.
digest_size (int, optional) – The digest size (if the hash algorithm requires one).

Returns:

str – The fingerprint as a colon-separated hex string.

msl.network.cryptography.get_metadata(cert)[source]

Get the metadata of a certificate.

Parameters:: cert (Certificate) – The certificate.
Returns:: dict – The metadata of the certificate.

msl.network.cryptography.get_metadata_as_string(cert)[source]

Returns the metadata of a certificate as a human-readable string.

Parameters:: cert (Certificate) – The certificate.
Returns:: str – The metadata of the certificate.

msl.network.cryptography.get_ssl_context(*, cert_file=None, host=None, port=None, auto_save=False, **kwargs)[source]

Get the SSL context.

Gets the context either from connecting to a remote server or from loading it from a file.

To get the context from a remote server you must specify both host and port.

Changed in version 0.4: Renamed certificate to certfile.

Changed in version 1.0: Renamed certfile to cert_file. Added the auto_save keyword argument and **kwargs.

Parameters:

cert_file (str, optional) – The path to a certificate file to load. If specified then host, port and auto_save are ignored.
host (str, optional) – The hostname or IP address of the remote server to connect to.
port (int, optional) – The port number of the remote server to connect to.
auto_save (bool, optional) – Whether to automatically save the certificate from the server. Default is to ask before saving.
**kwargs – All additional keyword arguments are passed to ssl.get_server_certificate().

Returns:

str – The path to the certificate file that was loaded.
ssl.SSLContext – The SSL context.