API Reference¶
Core¶
See Core API for examples.
Parsers¶
- pem.parse(pem_str)¶
Extract PEM-like objects from pem_str.
- Returns:
list of PEM Objects
- Return type:
Changed in version 23.1.0: pem_str can now also be a…
str.
- pem.parse_file(file_name)¶
Read file_name and parse PEM objects from it using
parse().- Returns:
list of PEM Objects
- Return type:
Changed in version 23.1.0: file_name can now also be a
Path.
PEM Objects¶
The following objects can be returned by the parsing functions.
- class pem.Certificate(AbstractPEMObject)¶
A certificate.
- class pem.OpenSSLTrustedCertificate(Certificate)¶
An OpenSSL “trusted certificate”.
Added in version 21.2.0.
- class pem.Key(AbstractPEMObject)¶
A key of unknown type.
- class pem.PrivateKey(Key)¶
A private key of unknown type.
Added in version 19.1.0.
- class pem.PublicKey(Key)¶
A public key of unknown type.
Added in version 19.1.0.
- class pem.RSAPrivateKey(PrivateKey)¶
A private RSA key.
- class pem.RSAPublicKey(PublicKey)¶
A public RSA key.
Added in version 19.1.0.
- class pem.ECPrivateKey(PrivateKey)¶
A private EC key.
Added in version 19.2.0.
- class pem.DSAPrivateKey(PrivateKey)¶
A private DSA key.
Also private DSA key in OpenSSH legacy PEM format.
Added in version 21.1.0.
- class pem.OpenSSHPrivateKey(PrivateKey)¶
OpenSSH private key format
Added in version 19.3.0.
- class pem.SSHPublicKey(Key)¶
A public key in SSH RFC 4716 format.
The Secure Shell (SSH) Public Key File Format.
Added in version 21.1.0.
- class pem.SSHCOMPrivateKey(PrivateKey)¶
A private key in SSH.COM / Tectia format.
Added in version 21.1.0.
- class pem.OpenPGPPublicKey(PublicKey)¶
An RFC 4880 armored OpenPGP public key.
Added in version 23.1.0.
- class pem.OpenPGPPrivateKey(PrivateKey)¶
An RFC 4880 armored OpenPGP private key.
Added in version 23.1.0.
- class pem.DHParameters(AbstractPEMObject)¶
Diffie-Hellman parameters for DHE.
- class pem.CertificateRequest(AbstractPEMObject)¶
A certificate signing request.
Added in version 17.1.0.
- class pem.CertificateRevocationList(AbstractPEMObject)¶
A certificate revocation list.
Added in version 18.2.0.
Their shared provided API is minimal:
- class pem.AbstractPEMObject(pem_bytes)¶
Base class for parsed objects.
- as_text()¶
Return the PEM-encoded content as text.
Added in version 18.1.0.
- property bytes_payload: bytes¶
The payload of the PEM-encoded content.
Possible PEM headers are removed.
Added in version 23.1.0.
- property decoded_payload: bytes¶
The base64-decoded payload of the PEM-encoded content.
Possible PEM headers are removed.
Added in version 23.1.0.
- property meta_headers: dict[str, str]¶
Return a dictionary of payload headers.
If the value of a header is quoted, the quotes are removed.
Added in version 23.1.0.
Twisted¶
See Twisted for examples.
- pem.twisted.certificateOptionsFromFiles(*pemFiles, **kw)¶
Read all files named by pemFiles, and parse them using
certificateOptionsFromPEMs().- Parameters:
pemFiles (str) – All positional arguments are used as filenames to read.
- Returns:
- A TLS context factory using
PEM objects from pemFiles.
- Return type:
- pem.twisted.certificateOptionsFromPEMs(pemObjects, **kw)¶
Load a CertificateOptions from the given collection of PEM objects (already-loaded private keys and certificates).
In those PEM objects, identify one private key and its corresponding certificate to use as the primary certificate. Then use the rest of the certificates found as chain certificates. Raise a ValueError if no certificate matching a private key is found.
- Parameters:
pemObjects (list[AbstractPEMObject]) – A list of PEM objects to load.
- Returns:
A TLS context factory using pemObjects
- Return type: