Key handling¶
Parent key class¶
Common API for all public keys.
- class paramiko.pkey.PKey(msg=None, data=None)¶
Base class for public keys.
- __cmp__(other)¶
Compare this key to another. Returns 0 if this key is equivalent to the given key, or non-0 if they are different. Only the public parts of the key are compared, so a public key will compare equal to its corresponding private key.
Parameters: other (.Pkey) – key to compare to.
- __init__(msg=None, data=None)¶
Create a new instance of this public key type. If msg is given, the key’s public part(s) will be filled in from the message. If data is given, the key’s public part(s) will be filled in from the string.
Parameters: Raises SSHException: if a key cannot be created from the data or msg given, or no key was passed in.
- __weakref__¶
list of weak references to the object (if defined)
- asbytes()¶
Return a string of an SSH Message made up of the public part(s) of this key. This string is suitable for passing to __init__ to re-create the key object later.
- can_sign()¶
Return True if this key has the private part necessary for signing data.
- classmethod from_private_key(file_obj, password=None)¶
Create a key object by reading a private key from a file (or file-like) object. If the private key is encrypted and password is not None, the given password will be used to decrypt the key (otherwise PasswordRequiredException is thrown).
Parameters: Returns: a new PKey based on the given private key
Raises: - IOError – if there was an error reading the key
- PasswordRequiredException – if the private key file is encrypted, and password is None
- SSHException – if the key file is invalid
- classmethod from_private_key_file(filename, password=None)¶
Create a key object by reading a private key file. If the private key is encrypted and password is not None, the given password will be used to decrypt the key (otherwise PasswordRequiredException is thrown). Through the magic of Python, this factory method will exist in all subclasses of PKey (such as RSAKey or DSSKey), but is useless on the abstract PKey class.
Parameters: Returns: a new PKey based on the given private key
Raises: - IOError – if there was an error reading the file
- PasswordRequiredException – if the private key file is encrypted, and password is None
- SSHException – if the key file is invalid
- get_base64()¶
Return a base64 string containing the public part of this key. Nothing secret is revealed. This format is compatible with that used to store public key files or recognized host keys.
Returns: a base64 string containing the public part of the key.
- get_bits()¶
Return the number of significant bits in this key. This is useful for judging the relative security of a key.
Returns: bits in the key (as an int)
- get_fingerprint()¶
Return an MD5 fingerprint of the public part of this key. Nothing secret is revealed.
Returns: a 16-byte string (binary) of the MD5 fingerprint, in SSH format.
- get_name()¶
Return the name of this private key implementation.
Returns: name of this private key type, in SSH terminology, as a str (for example, "ssh-rsa").
- sign_ssh_data(data)¶
Sign a blob of data with this private key, and return a Message representing an SSH signature message.
Parameters: data (str) – the data to sign. Returns: an SSH signature message.
- verify_ssh_sig(data, msg)¶
Given a blob of data, and an SSH message representing a signature of that data, verify that it was signed with this key.
Parameters: - data (str) – the data that was signed.
- msg (.Message) – an SSH signature message
Returns: True if the signature verifies correctly; False otherwise.
- write_private_key(file_obj, password=None)¶
Write private key contents into a file (or file-like) object. If the password is not None, the key is encrypted before writing.
Parameters: Raises: - IOError – if there was an error writing to the file
- SSHException – if the key is invalid
- write_private_key_file(filename, password=None)¶
Write private key contents into a file. If the password is not None, the key is encrypted before writing.
Parameters: Raises: - IOError – if there was an error writing the file
- SSHException – if the key is invalid
DSA (DSS)¶
DSS keys.
- class paramiko.dsskey.DSSKey(msg=None, data=None, filename=None, password=None, vals=None, file_obj=None)¶
Representation of a DSS key which can be used to sign an verify SSH2 data.
- static generate(bits=1024, progress_func=None)¶
Generate a new private DSS key. This factory function can be used to generate a new host key or authentication key.
Parameters: - bits (int) – number of bits the generated key should be.
- progress_func (function) – an optional function to call at key points in key generation (used by pyCrypto.PublicKey).
Returns: new DSSKey private key
RSA¶
RSA keys.
- class paramiko.rsakey.RSAKey(msg=None, data=None, filename=None, password=None, vals=None, file_obj=None)¶
Representation of an RSA key which can be used to sign and verify SSH2 data.
- static generate(bits, progress_func=None)¶
Generate a new private RSA key. This factory function can be used to generate a new host key or authentication key.
Parameters: - bits (int) – number of bits the generated key should be.
- progress_func (function) – an optional function to call at key points in key generation (used by pyCrypto.PublicKey).
Returns: new RSAKey private key
ECDSA¶
ECDSA keys
- class paramiko.ecdsakey.ECDSAKey(msg=None, data=None, filename=None, password=None, vals=None, file_obj=None, validate_point=True)¶
Representation of an ECDSA key which can be used to sign and verify SSH2 data.
- static generate(curve=<ecdsa.curves.Curve instance at 0x10cb94d88>, progress_func=None)¶
Generate a new private RSA key. This factory function can be used to generate a new host key or authentication key.
Parameters: progress_func (function) – an optional function to call at key points in key generation (used by pyCrypto.PublicKey). Returns: A new private key (RSAKey) object
Paramiko
A Python implementation of SSHv2.
Navigation
Donate
Consider supporting the authors on Gratipay: