Back to module index

Go to module by name

cryptography.x509

cryptography

cryptography.x509.extensions

This module has no docstring.

Classes

AccessDescription

access_location = <property object at 0x7ff35fe423b0>
access_method = <property object at 0x7ff35fe42360>

AuthorityInformationAccess

oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>

AuthorityKeyIdentifier

from_issuer_public_key(public_key: Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey]) -> 'AuthorityKeyIdentifier'
from_issuer_subject_key_identifier(ski: 'SubjectKeyIdentifier') -> 'AuthorityKeyIdentifier'
authority_cert_issuer = <property object at 0x7ff35fe42090>
authority_cert_serial_number = <property object at 0x7ff35fe420e0>
key_identifier = <property object at 0x7ff35fe42040>
oid = <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>

BasicConstraints

ca = <property object at 0x7ff35fe42450>
oid = <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>
path_length = <property object at 0x7ff35fe424a0>

CRLDistributionPoints

oid = <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>

CRLEntryExtensionOID

CERTIFICATE_ISSUER = <ObjectIdentifier(oid=2.5.29.29, name=certificateIssuer)>
CRL_REASON = <ObjectIdentifier(oid=2.5.29.21, name=cRLReason)>
INVALIDITY_DATE = <ObjectIdentifier(oid=2.5.29.24, name=invalidityDate)>

CRLNumber

crl_number = <property object at 0x7ff35fe32ea0>
oid = <ObjectIdentifier(oid=2.5.29.20, name=cRLNumber)>

CRLReason

oid = <ObjectIdentifier(oid=2.5.29.21, name=cRLReason)>
reason = <property object at 0x7ff36028cb80>

CertificateIssuer

get_values_for_type(self, type)
oid = <ObjectIdentifier(oid=2.5.29.29, name=certificateIssuer)>

CertificatePolicies

oid = <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>

DERReader

as_integer(self) -> int
check_empty(self)
is_empty(self)
read_any_element(self) -> Tuple[int, ForwardRef('DERReader')]
read_byte(self) -> int
read_bytes(self, n) -> memoryview
read_element(self, expected_tag: int) -> 'DERReader'
read_optional_element(self, expected_tag: int) -> Optional[ForwardRef('DERReader')]
read_single_element(self, expected_tag: int) -> 'DERReader'

DeltaCRLIndicator

crl_number = <property object at 0x7ff35fe42540>
oid = <ObjectIdentifier(oid=2.5.29.27, name=deltaCRLIndicator)>

DistributionPoint

crl_issuer = <property object at 0x7ff35fe42950>
full_name = <property object at 0x7ff35fe42860>
reasons = <property object at 0x7ff35fe42900>
relative_name = <property object at 0x7ff35fe428b0>

DuplicateExtension

with_traceback(...)

  Exception.with_traceback(tb) --
      set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>

EllipticCurvePublicKey

from_encoded_point(curve: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurve, data: bytes) -> 'EllipticCurvePublicKey'
public_bytes(self, encoding: cryptography.hazmat.primitives._serialization.Encoding, format: cryptography.hazmat.primitives._serialization.PublicFormat) -> bytes


          Returns the key serialized as bytes.
        
public_numbers(self) -> 'EllipticCurvePublicNumbers'


          Returns an EllipticCurvePublicNumbers.
        
verifier(self, signature: bytes, signature_algorithm: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm) -> cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext


          Returns an AsymmetricVerificationContext used for signing data.
        
verify(self, signature: bytes, data: bytes, signature_algorithm: cryptography.hazmat.primitives.asymmetric.ec.EllipticCurveSignatureAlgorithm) -> None


          Verifies the signature of the data.
        
curve = <abc.abstractproperty object at 0x7ff35ff7dbe0>

          The EllipticCurve that this key is on.
        
key_size = <abc.abstractproperty object at 0x7ff35ff7dc40>

          Bit size of a secret scalar for the curve.
        

Enum


    Generic enumeration.

    Derive from this class to define new enumerations.
    

ExtendedKeyUsage

oid = <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>

Extension

critical = <property object at 0x7ff36028c900>
oid = <property object at 0x7ff36028c8b0>
value = <property object at 0x7ff36028c950>

ExtensionNotFound

with_traceback(...)

  Exception.with_traceback(tb) --
      set self.__traceback__ to tb and return self.
args = <attribute 'args' of 'BaseException' objects>

ExtensionOID

AUTHORITY_INFORMATION_ACCESS = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.1, name=authorityInfoAccess)>
AUTHORITY_KEY_IDENTIFIER = <ObjectIdentifier(oid=2.5.29.35, name=authorityKeyIdentifier)>
BASIC_CONSTRAINTS = <ObjectIdentifier(oid=2.5.29.19, name=basicConstraints)>
CERTIFICATE_POLICIES = <ObjectIdentifier(oid=2.5.29.32, name=certificatePolicies)>
CRL_DISTRIBUTION_POINTS = <ObjectIdentifier(oid=2.5.29.31, name=cRLDistributionPoints)>
CRL_NUMBER = <ObjectIdentifier(oid=2.5.29.20, name=cRLNumber)>
DELTA_CRL_INDICATOR = <ObjectIdentifier(oid=2.5.29.27, name=deltaCRLIndicator)>
EXTENDED_KEY_USAGE = <ObjectIdentifier(oid=2.5.29.37, name=extendedKeyUsage)>
FRESHEST_CRL = <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>
INHIBIT_ANY_POLICY = <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>
ISSUER_ALTERNATIVE_NAME = <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>
ISSUING_DISTRIBUTION_POINT = <ObjectIdentifier(oid=2.5.29.28, name=issuingDistributionPoint)>
KEY_USAGE = <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>
NAME_CONSTRAINTS = <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>
OCSP_NO_CHECK = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>
POLICY_CONSTRAINTS = <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>
POLICY_MAPPINGS = <ObjectIdentifier(oid=2.5.29.33, name=policyMappings)>
PRECERT_POISON = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>
PRECERT_SIGNED_CERTIFICATE_TIMESTAMPS = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>
SIGNED_CERTIFICATE_TIMESTAMPS = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>
SUBJECT_ALTERNATIVE_NAME = <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>
SUBJECT_DIRECTORY_ATTRIBUTES = <ObjectIdentifier(oid=2.5.29.9, name=subjectDirectoryAttributes)>
SUBJECT_INFORMATION_ACCESS = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>
SUBJECT_KEY_IDENTIFIER = <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>
TLS_FEATURE = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>

ExtensionType

oid = <abc.abstractproperty object at 0x7ff35ff1dca0>

          Returns the oid associated with the given extension type.
        

Extensions

get_extension_for_class(self, extclass) -> 'Extension'
get_extension_for_oid(self, oid: cryptography.hazmat._oid.ObjectIdentifier) -> 'Extension'

FreshestCRL

oid = <ObjectIdentifier(oid=2.5.29.46, name=freshestCRL)>

GeneralName

value = <abc.abstractproperty object at 0x7ff35fe1fa60>

          Return the value of the object
        

GeneralNames

get_values_for_type(self, type: Type[cryptography.x509.general_name.GeneralName])

IPAddress

value = <property object at 0x7ff35fe32c20>

InhibitAnyPolicy

oid = <ObjectIdentifier(oid=2.5.29.54, name=inhibitAnyPolicy)>
skip_certs = <property object at 0x7ff36028c3b0>

InvalidityDate

invalidity_date = <property object at 0x7ff36028cc20>
oid = <ObjectIdentifier(oid=2.5.29.24, name=invalidityDate)>

IssuerAlternativeName

get_values_for_type(self, type)
oid = <ObjectIdentifier(oid=2.5.29.18, name=issuerAltName)>

IssuingDistributionPoint

full_name = <property object at 0x7ff36028ce50>
indirect_crl = <property object at 0x7ff36029b040>
oid = <ObjectIdentifier(oid=2.5.29.28, name=issuingDistributionPoint)>
only_contains_attribute_certs = <property object at 0x7ff36029b090>
only_contains_ca_certs = <property object at 0x7ff36028cf40>
only_contains_user_certs = <property object at 0x7ff36028cef0>
only_some_reasons = <property object at 0x7ff36028cf90>
relative_name = <property object at 0x7ff36028cea0>

KeyUsage

content_commitment = <property object at 0x7ff36028c4f0>
crl_sign = <property object at 0x7ff36028c680>
data_encipherment = <property object at 0x7ff36028c590>
decipher_only = <property object at 0x7ff36028c720>
digital_signature = <property object at 0x7ff36028c4a0>
encipher_only = <property object at 0x7ff36028c6d0>
key_agreement = <property object at 0x7ff36028c5e0>
key_cert_sign = <property object at 0x7ff36028c630>
key_encipherment = <property object at 0x7ff36028c540>
oid = <ObjectIdentifier(oid=2.5.29.15, name=keyUsage)>

NameConstraints

excluded_subtrees = <property object at 0x7ff36028c810>
oid = <ObjectIdentifier(oid=2.5.29.30, name=nameConstraints)>
permitted_subtrees = <property object at 0x7ff36028c7c0>

NoticeReference

notice_numbers = <property object at 0x7ff36028c0e0>
organization = <property object at 0x7ff36028c090>

OCSPExtensionOID

NONCE = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.2, name=OCSPNonce)>

OCSPNoCheck

oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.5, name=OCSPNoCheck)>

OCSPNonce

nonce = <property object at 0x7ff36028cdb0>
oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.48.1.2, name=OCSPNonce)>

ObjectIdentifier

dotted_string = <property object at 0x7ff35ff7aae0>

OtherName

type_id = <property object at 0x7ff35fe32cc0>
value = <property object at 0x7ff35fe32d10>

PolicyConstraints

inhibit_policy_mapping = <property object at 0x7ff35fe42a40>
oid = <ObjectIdentifier(oid=2.5.29.36, name=policyConstraints)>
require_explicit_policy = <property object at 0x7ff35fe429f0>

PolicyInformation

policy_identifier = <property object at 0x7ff35fe42d60>
policy_qualifiers = <property object at 0x7ff35fe42db0>

PrecertPoison

oid = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.3, name=ctPoison)>

PrecertificateSignedCertificateTimestamps

oid = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.2, name=signedCertificateTimestampList)>

RSAPublicKey

encrypt(self, plaintext: bytes, padding: cryptography.hazmat.primitives._asymmetric.AsymmetricPadding) -> bytes


          Encrypts the given plaintext.
        
public_bytes(self, encoding: cryptography.hazmat.primitives._serialization.Encoding, format: cryptography.hazmat.primitives._serialization.PublicFormat) -> bytes


          Returns the key serialized as bytes.
        
public_numbers(self) -> 'RSAPublicNumbers'


          Returns an RSAPublicNumbers
        
recover_data_from_signature(self, signature: bytes, padding: cryptography.hazmat.primitives._asymmetric.AsymmetricPadding, algorithm: Optional[cryptography.hazmat.primitives.hashes.HashAlgorithm]) -> bytes


          Recovers the original data from the signature.
        
verifier(self, signature: bytes, padding: cryptography.hazmat.primitives._asymmetric.AsymmetricPadding, algorithm: cryptography.hazmat.primitives.hashes.HashAlgorithm) -> cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext


          Returns an AsymmetricVerificationContext used for verifying signatures.
        
verify(self, signature: bytes, data: bytes, padding: cryptography.hazmat.primitives._asymmetric.AsymmetricPadding, algorithm: Union[cryptography.hazmat.primitives.asymmetric.utils.Prehashed, cryptography.hazmat.primitives.hashes.HashAlgorithm]) -> None


          Verifies the signature of the data.
        
key_size = <abc.abstractproperty object at 0x7ff35ff91a60>

          The bit length of the public modulus.
        

ReasonFlags

An enumeration.
aa_compromise = <ReasonFlags.aa_compromise: 'aACompromise'>
affiliation_changed = <ReasonFlags.affiliation_changed: 'affiliationChanged'>
ca_compromise = <ReasonFlags.ca_compromise: 'cACompromise'>
certificate_hold = <ReasonFlags.certificate_hold: 'certificateHold'>
cessation_of_operation = <ReasonFlags.cessation_of_operation: 'cessationOfOperation'>
key_compromise = <ReasonFlags.key_compromise: 'keyCompromise'>
name = <types.DynamicClassAttribute object at 0x7ff36084fb80>
  The name of the Enum member.
privilege_withdrawn = <ReasonFlags.privilege_withdrawn: 'privilegeWithdrawn'>
remove_from_crl = <ReasonFlags.remove_from_crl: 'removeFromCRL'>
superseded = <ReasonFlags.superseded: 'superseded'>
unspecified = <ReasonFlags.unspecified: 'unspecified'>
value = <types.DynamicClassAttribute object at 0x7ff36084fbb0>
  The value of the Enum member.

RelativeDistinguishedName

get_attributes_for_oid(self, oid) -> List[cryptography.x509.name.NameAttribute]
rfc4514_string(self) -> str


          Format as RFC4514 Distinguished Name string.

          Within each RDN, attributes are joined by '+', although that is rarely
          used in certificates.
        

SignedCertificateTimestamp

entry_type = <abc.abstractproperty object at 0x7ff360018400>

          Returns whether this is an SCT for a certificate or pre-certificate.
        
log_id = <abc.abstractproperty object at 0x7ff360018340>

          Returns an identifier indicating which log this SCT is for.
        
timestamp = <abc.abstractproperty object at 0x7ff3600183a0>

          Returns the timestamp for this SCT.
        
version = <abc.abstractproperty object at 0x7ff3600182e0>

          Returns the SCT version.
        

SignedCertificateTimestamps

oid = <ObjectIdentifier(oid=1.3.6.1.4.1.11129.2.4.5, name=signedCertificateTimestampList)>

SubjectAlternativeName

get_values_for_type(self, type)
oid = <ObjectIdentifier(oid=2.5.29.17, name=subjectAltName)>

SubjectInformationAccess

oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.11, name=subjectInfoAccess)>

SubjectKeyIdentifier

from_public_key(public_key: Union[cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey]) -> 'SubjectKeyIdentifier'
digest = <property object at 0x7ff35fe42180>
oid = <ObjectIdentifier(oid=2.5.29.14, name=subjectKeyIdentifier)>

TLSFeature

oid = <ObjectIdentifier(oid=1.3.6.1.5.5.7.1.24, name=TLSFeature)>

TLSFeatureType

An enumeration.
name = <types.DynamicClassAttribute object at 0x7ff36084fb80>
  The name of the Enum member.
status_request = <TLSFeatureType.status_request: 5>
status_request_v2 = <TLSFeatureType.status_request_v2: 17>
value = <types.DynamicClassAttribute object at 0x7ff36084fbb0>
  The value of the Enum member.

UnrecognizedExtension

oid = <property object at 0x7ff36029b130>
value = <property object at 0x7ff36029b180>

UserNotice

explicit_text = <property object at 0x7ff35fe42f40>
notice_reference = <property object at 0x7ff35fe42ef0>

Other members

BIT_STRING = 3
OBJECT_IDENTIFIER = 6
SEQUENCE = 48
utils = <cryptography.utils._ModuleWithDeprecations object at 0x7ff35ffbbb20>

Modules

abc

constant_time

datetime

hashlib

ipaddress

serialization

typing