API Reference

Core

See Core API for examples.

Parsers

pem.parse(pem_str: bytes) → List[AbstractPEMObject]

Extract PEM-like objects from pem_str.

Parameters: pem_str (bytes) – String to parse.
Returns: list of PEM Objects

pem.parse_file(file_name: str) → List[AbstractPEMObject]: Read file_name and parse PEM objects from it using parse().

PEM Objects

The following objects can be returned by the parsing functions.

class pem.Certificate(AbstractPEMObject): A certificate.

class pem.OpenSSLTrustedCertificate(Certificate): An OpenSSL “trusted certificate”.

New in version 21.2.0.

class pem.Key(AbstractPEMObject): A key of unknown type.

class pem.PrivateKey(Key): A private key of unknown type.

New in version 19.1.0.

class pem.PublicKey(Key): A public key of unknown type.

New in version 19.1.0.

class pem.RSAPrivateKey(PrivateKey): A private RSA key.

class pem.RSAPublicKey(PublicKey): A public RSA key.

New in version 19.1.0.

class pem.ECPrivateKey(PrivateKey): A private EC key.

New in version 19.2.0.

class pem.DSAPrivateKey(PrivateKey)

A private DSA key.

Also private DSA key in OpenSSH legacy PEM format.

New in version 21.1.0.

class pem.OpenSSHPrivateKey(PrivateKey): OpenSSH private key format

New in version 19.3.0.

class pem.SSHPublicKey(Key)

A public key in SSH RFC 4716 format.

The Secure Shell (SSH) Public Key File Format.

New in version 21.1.0.

class pem.SSHCOMPrivateKey(PrivateKey): A private key in SSH.COM / Tectia format.

New in version 21.1.0.

class pem.DHParameters(AbstractPEMObject): Diffie-Hellman parameters for DHE.

class pem.CertificateRequest(AbstractPEMObject): A certificate signing request.

New in version 17.1.0.

class pem.CertificateRevocationList(AbstractPEMObject): A certificate revocation list.

New in version 18.2.0.

Their shared provided API is minimal:

class pem.AbstractPEMObject(pem_bytes: Union[text_type, bytes])

Base class for parsed objects.

__str__() → str: Return the PEM-encoded content as a native str.

as_bytes() → bytes: Return the PEM-encoded content as bytes.

New in version 16.1.0.

as_text() → str: Return the PEM-encoded content as Unicode text.

New in version 18.1.0.

property sha1_hexdigest: A SHA-1 digest of the whole object for easy differentiation.

New in version 18.1.0.

Changed in version 20.1.0: Carriage returns are removed before hashing to give the same hashes on Windows and UNIX-like operating systems.

Twisted

See Twisted for examples.

pem.twisted.certificateOptionsFromFiles(*pemFiles: str, **kw: Any) → ssl.CertificateOptions: Read all files named by pemFiles, and parse them using certificateOptionsFromPEMs().

pem.twisted.certificateOptionsFromPEMs(pemObjects: List[AbstractPEMObject], **kw: Any) → ssl.CerticateOptions

Load a CertificateOptions from the given collection of PEM objects (already-loaded private keys and certificates).

In those PEM objects, identify one private key and its corresponding certificate to use as the primary certificate. Then use the rest of the certificates found as chain certificates. Raise a ValueError if no certificate matching a private key is found.

Returns: A TLS context factory using pemObjects
Return type: twisted.internet.ssl.CertificateOptions