API Reference


See Core API for examples.



Extract PEM-like objects from pem_str.


pem_str (bytes) – String to parse.


list of PEM Objects


Read file_name and parse PEM objects from it using parse().

PEM Objects

The following objects can be returned by the parsing functions.

class pem.Certificate(AbstractPEMObject)

A certificate.

class pem.OpenSSLTrustedCertificate(Certificate)

An OpenSSL “trusted certificate”.

New in version 21.2.0.

class pem.Key(AbstractPEMObject)

A key of unknown type.

class pem.PrivateKey(Key)

A private key of unknown type.

New in version 19.1.0.

class pem.PublicKey(Key)

A public key of unknown type.

New in version 19.1.0.

class pem.RSAPrivateKey(PrivateKey)

A private RSA key.

class pem.RSAPublicKey(PublicKey)

A public RSA key.

New in version 19.1.0.

class pem.ECPrivateKey(PrivateKey)

A private EC key.

New in version 19.2.0.

class pem.DSAPrivateKey(PrivateKey)

A private DSA key.

Also private DSA key in OpenSSH legacy PEM format.

New in version 21.1.0.

class pem.OpenSSHPrivateKey(PrivateKey)

OpenSSH private key format

New in version 19.3.0.

class pem.SSHPublicKey(Key)

A public key in SSH RFC 4716 format.

The Secure Shell (SSH) Public Key File Format.

New in version 21.1.0.

class pem.SSHCOMPrivateKey(PrivateKey)

A private key in SSH.COM / Tectia format.

New in version 21.1.0.

class pem.DHParameters(AbstractPEMObject)

Diffie-Hellman parameters for DHE.

class pem.CertificateRequest(AbstractPEMObject)

A certificate signing request.

New in version 17.1.0.

class pem.CertificateRevocationList(AbstractPEMObject)

A certificate revocation list.

New in version 18.2.0.

Their shared provided API is minimal:

class pem.AbstractPEMObject(pem_bytes)

Base class for parsed objects.


Return the PEM-encoded content as a native str.


Return the PEM-encoded content as bytes.

New in version 16.1.0.


Return the PEM-encoded content as Unicode text.

New in version 18.1.0.

property sha1_hexdigest

A SHA-1 digest of the whole object for easy differentiation.

New in version 18.1.0.

Changed in version 20.1.0: Carriage returns are removed before hashing to give the same hashes on Windows and UNIX-like operating systems.


See Twisted for examples.