API Reference#

Core#

See Core API for examples.

Parsers#

pem.parse(pem_str)#

Extract PEM-like objects from pem_str.

Returns:

list of PEM Objects

Return type:

list[AbstractPEMObject]

Changed in version 23.1.0: pem_str can now also be a… str.

pem.parse_file(file_name)#

Read file_name and parse PEM objects from it using parse().

Returns:

list of PEM Objects

Return type:

list[AbstractPEMObject]

Changed in version 23.1.0: file_name can now also be a Path.

PEM Objects#

The following objects can be returned by the parsing functions.

class pem.Certificate(AbstractPEMObject)#

A certificate.

class pem.OpenSSLTrustedCertificate(Certificate)#

An OpenSSL “trusted certificate”.

New in version 21.2.0.

class pem.Key(AbstractPEMObject)#

A key of unknown type.

class pem.PrivateKey(Key)#

A private key of unknown type.

New in version 19.1.0.

class pem.PublicKey(Key)#

A public key of unknown type.

New in version 19.1.0.

class pem.RSAPrivateKey(PrivateKey)#

A private RSA key.

class pem.RSAPublicKey(PublicKey)#

A public RSA key.

New in version 19.1.0.

class pem.ECPrivateKey(PrivateKey)#

A private EC key.

New in version 19.2.0.

class pem.DSAPrivateKey(PrivateKey)#

A private DSA key.

Also private DSA key in OpenSSH legacy PEM format.

New in version 21.1.0.

class pem.OpenSSHPrivateKey(PrivateKey)#

OpenSSH private key format

New in version 19.3.0.

class pem.SSHPublicKey(Key)#

A public key in SSH RFC 4716 format.

The Secure Shell (SSH) Public Key File Format.

New in version 21.1.0.

class pem.SSHCOMPrivateKey(PrivateKey)#

A private key in SSH.COM / Tectia format.

New in version 21.1.0.

class pem.OpenPGPPublicKey(PublicKey)#

An RFC 4880 armored OpenPGP public key.

New in version 23.1.0.

class pem.OpenPGPPrivateKey(PrivateKey)#

An RFC 4880 armored OpenPGP private key.

New in version 23.1.0.

class pem.DHParameters(AbstractPEMObject)#

Diffie-Hellman parameters for DHE.

class pem.CertificateRequest(AbstractPEMObject)#

A certificate signing request.

New in version 17.1.0.

class pem.CertificateRevocationList(AbstractPEMObject)#

A certificate revocation list.

New in version 18.2.0.

Their shared provided API is minimal:

class pem.AbstractPEMObject(pem_bytes)#

Base class for parsed objects.

__str__()#

Return the PEM-encoded content as a native str.

as_bytes()#

Return the PEM-encoded content as bytes.

New in version 16.1.0.

as_text()#

Return the PEM-encoded content as text.

New in version 18.1.0.

property bytes_payload: bytes#

The payload of the PEM-encoded content.

Possible PEM headers are removed.

New in version 23.1.0.

property decoded_payload: bytes#

The base64-decoded payload of the PEM-encoded content.

Possible PEM headers are removed.

New in version 23.1.0.

property meta_headers: dict[str, str]#

Return a dictionary of payload headers.

If the value of a header is quoted, the quotes are removed.

New in version 23.1.0.

property sha1_hexdigest: str#

A SHA-1 digest of the whole object for easy differentiation.

New in version 18.1.0.

Changed in version 20.1.0: Carriage returns are removed before hashing to give the same hashes on Windows and UNIX-like operating systems.

property text_payload: str#

The payload of the PEM-encoded content.

Possible PEM headers are removed.

New in version 23.1.0.

Twisted#

See Twisted for examples.

pem.twisted.certificateOptionsFromFiles(*pemFiles, **kw)#

Read all files named by pemFiles, and parse them using certificateOptionsFromPEMs().

Parameters:

pemFiles (str) – All positional arguments are used as filenames to read.

Returns:

A TLS context factory using

PEM objects from pemFiles.

Return type:

twisted.internet.ssl.CertificateOptions

pem.twisted.certificateOptionsFromPEMs(pemObjects, **kw)#

Load a CertificateOptions from the given collection of PEM objects (already-loaded private keys and certificates).

In those PEM objects, identify one private key and its corresponding certificate to use as the primary certificate. Then use the rest of the certificates found as chain certificates. Raise a ValueError if no certificate matching a private key is found.

Parameters:

pemObjects (list[AbstractPEMObject]) – A list of PEM objects to load.

Returns:

A TLS context factory using pemObjects

Return type:

twisted.internet.ssl.CertificateOptions