API Reference

Core

See Core API for examples.

Parsers

pem.parse(pem_str: bytes) → List[AbstractPEMObject]

Extract PEM-like objects from pem_str.

Parameters:

pem_str (bytes) – String to parse.

Returns:

list of PEM Objects

pem.parse_file(file_name: str) → List[AbstractPEMObject]

Read file_name and parse PEM objects from it using parse().

PEM Objects

The following objects can be returned by the parsing functions.

class pem.Certificate(AbstractPEMObject)

A certificate.

class pem.OpenSSLTrustedCertificate(Certificate)

An OpenSSL “trusted certificate”.

New in version 21.2.0.

class pem.Key(AbstractPEMObject)

A key of unknown type.

class pem.PrivateKey(Key)

A private key of unknown type.

New in version 19.1.0.

class pem.PublicKey(Key)

A public key of unknown type.

New in version 19.1.0.

class pem.RSAPrivateKey(PrivateKey)

A private RSA key.

class pem.RSAPublicKey(PublicKey)

A public RSA key.

New in version 19.1.0.

class pem.ECPrivateKey(PrivateKey)

A private EC key.

New in version 19.2.0.

class pem.DSAPrivateKey(PrivateKey)

A private DSA key.

Also private DSA key in OpenSSH legacy PEM format.

New in version 21.1.0.

class pem.OpenSSHPrivateKey(PrivateKey)

OpenSSH private key format

New in version 19.3.0.

class pem.SSHPublicKey(Key)

A public key in SSH RFC 4716 format.

The Secure Shell (SSH) Public Key File Format.

New in version 21.1.0.

class pem.SSHCOMPrivateKey(PrivateKey)

A private key in SSH.COM / Tectia format.

New in version 21.1.0.

class pem.DHParameters(AbstractPEMObject)

Diffie-Hellman parameters for DHE.

class pem.CertificateRequest(AbstractPEMObject)

A certificate signing request.

New in version 17.1.0.

class pem.CertificateRevocationList(AbstractPEMObject)

A certificate revocation list.

New in version 18.2.0.

Their shared provided API is minimal:

class pem.AbstractPEMObject(pem_bytes: Union[text_type, bytes])

Base class for parsed objects.

__str__() → str

Return the PEM-encoded content as a native str.

as_bytes() → bytes

Return the PEM-encoded content as bytes.

New in version 16.1.0.

as_text() → str

Return the PEM-encoded content as Unicode text.

New in version 18.1.0.

property sha1_hexdigest

A SHA-1 digest of the whole object for easy differentiation.

New in version 18.1.0.

Changed in version 20.1.0: Carriage returns are removed before hashing to give the same hashes on Windows and UNIX-like operating systems.

Twisted

See Twisted for examples.

pem.twisted.certificateOptionsFromFiles(*pemFiles: str, **kw: Any) → ssl.CertificateOptions

Read all files named by pemFiles, and parse them using certificateOptionsFromPEMs().

pem.twisted.certificateOptionsFromPEMs(pemObjects: List[AbstractPEMObject], **kw: Any) → ssl.CerticateOptions

Load a CertificateOptions from the given collection of PEM objects (already-loaded private keys and certificates).

In those PEM objects, identify one private key and its corresponding certificate to use as the primary certificate. Then use the rest of the certificates found as chain certificates. Raise a ValueError if no certificate matching a private key is found.

Returns:

A TLS context factory using pemObjects

Return type:

twisted.internet.ssl.CertificateOptions