Navigation

pyndn.security.identity package

Submodules

pyndn.security.identity.basic_identity_storage module

BasicIdentityStorage extends IdentityStorage to implement a basic storage of identity, public keys and certificates using SQLite.

class pyndn.security.identity.basic_identity_storage.BasicIdentityStorage(databaseFilePath=None)[source]

Bases: pyndn.security.identity.identity_storage.IdentityStorage

Create a new BasicIdentityStorage to work with an SQLite file.

Parameters:databaseFilePath (str) – (optional) The path of the SQLite file. If omitted, use the default location.
activateKey(keyName)[source]

Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.

Parameters:keyName (Name) – The name of the key.
addCertificate(certificate)[source]

Add a certificate to the identity storage.

Parameters:certificate (IdentityCertificate) – The certificate to be added. This makes a copy of the certificate.
Raises SecurityException:
 If the certificate is already installed.
addIdentity(identityName)[source]

Add a new identity. Do nothing if the identity already exists.

Parameters:identityName (Name) – The identity name.
addKey(keyName, keyType, publicKeyDer)[source]

Add a public key to the identity storage. Also call addIdentity to ensure that the identityName for the key exists.

Parameters:
  • keyName (Name) – The name of the public key to be added.
  • keyType (int from KeyType) – Type of the public key to be added.
  • publicKeyDer (Blob) – A blob of the public key DER to be added.
Raises SecurityException:
 

If a key with the keyName already exists.
deactivateKey(keyName)[source]

Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.

Parameters:keyName (Name) – The name of the key.
deleteCertificateInfo(certificateName)[source]

Remove a certificate from associated keys.

Parameters:keyName (Name) – The name of the key.
deleteIdentityInfo(identityName)[source]

Delete an identity and related public keys and certificates.

Parameters:identity (Name) – The identity name.
deletePublicKeyInfo(keyName)[source]

Remove the key and all certificates associated with it.

Parameters:keyName (Name) – The name of the key.
doesCertificateExist(certificateName)[source]

Check if the specified certificate already exists.

Parameters:certificateName (Name) – The name of the certificate.
Returns:True if the certificate exists, otherwise False.
Return type:bool
doesIdentityExist(identityName)[source]

Check if the specified identity already exists.

Parameters:identityName (Name) – The identity name.
Returns:True if the identity exists, otherwise False.
Return type:bool
doesKeyExist(keyName)[source]

Check if the specified key already exists.

Parameters:keyName (Name) – The name of the key.
Returns:True if the key exists, otherwise False.
Return type:bool
getAllKeyNamesOfIdentity(identityName, nameList, isDefault)[source]

Append all the key names of a particular identity to the nameList.

Parameters:
  • identityName (Name) – The identity name to search for.
  • nameList (Array<Name>) – Append result names to nameList.
  • isDefault (bool) – If true, add only the default key name. If false, add only the non-default key names.
getCertificate(certificateName, allowAny=False)[source]

Get a certificate from the identity storage.

Parameters:
  • certificateName (Name) – The name of the requested certificate.
  • allowAny (bool) – (optional) If False, only a valid certificate will be returned, otherwise validity is disregarded. If omitted, allowAny is False.
Returns:

The requested certificate. If not found, return None.
Return type:

IdentityCertificate
getDefaultCertificateNameForKey(keyName)[source]

Get the default certificate name for the specified key.

Parameters:keyName (Name) – The key name.
Returns:The default certificate name.
Return type:Name
Raises SecurityException:
 if the default certificate name for the key name is not set.
getDefaultIdentity()[source]

Get the default identity.

Returns:The name of default identity.
Return type:Name
Raises SecurityException:
 if the default identity is not set.
getDefaultKeyNameForIdentity(identityName)[source]

Get the default key name for the specified identity.

Parameters:identityName (Name) – The identity name.
Returns:The default key name.
Return type:Name
Raises SecurityException:
 if the default key name for the identity is not set.
getKey(keyName)[source]

Get the public key DER blob from the identity storage.

Parameters:keyName (Name) – The name of the requested public key.
Returns:The DER Blob. If not found, return a isNull() Blob.
Return type:Blob
revokeIdentity()[source]

Revoke the identity.

Returns:True if the identity was revoked, False if not.
Return type:bool
setDefaultCertificateNameForKey(keyName, certificateName)[source]

Set the default key name for the specified identity.

Parameters:
  • keyName (Name) – The key name.
  • certificateName (Name) – The certificate name.
setDefaultIdentity(identityName)[source]

Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() raises an exception.

Parameters:identityName (Name) – The default identity name.
setDefaultKeyNameForIdentity(keyName, identityNameCheck=None)[source]

Set a key as the default key of an identity. The identity name is inferred from keyName.

Parameters:
  • keyName (Name) – The name of the key.
  • identityNameCheck (Name) – (optional) The identity name to check that the keyName contains the same identity name. If an empty name, it is ignored.

pyndn.security.identity.file_private_key_storage module

This module defines the FilePrivateKeyStorage class which extends PrivateKeyStorage to implement private key storage using files.

class pyndn.security.identity.file_private_key_storage.FilePrivateKeyStorage[source]

Bases: pyndn.security.identity.private_key_storage.PrivateKeyStorage

Create a new FilePrivateKeyStorage to connect to the default directory.

decrypt(keyName, data, isSymmetric=False)[source]

Decrypt data.

Parameters:
  • keyName (Name) – The name of the decrypting key.
  • data (An array type with int elements) – The byte buffer to be decrypted.
  • isSymmetric (bool) – (optional) If True symmetric encryption is used, otherwise asymmetric encryption is used. If omitted, use asymmetric encryption.
Returns:

The decrypted data.
Return type:

Blob
deleteKeyPair(keyName)[source]

Delete a pair of asymmetric keys. If the key doesn’t exist, do nothing.

Parameters:keyName (Name) – The name of the key pair.
doesKeyExist(keyName, keyClass)[source]

Check if a particular key exists.

Parameters:
  • keyName (Name) – The name of the key.
  • keyClass (int from KeyClass) – The class of the key, e.g. KeyClass.PUBLIC, KeyClass.PRIVATE, or KeyClass.SYMMETRIC.
Returns:

True if the key exists, otherwise false.
Return type:

bool
encrypt(keyName, data, isSymmetric=False)[source]

Encrypt data.

Parameters:
  • keyName (Name) – The name of the encrypting key.
  • data (An array type with int elements) – The byte buffer to be encrypted.
  • isSymmetric (bool) – (optional) If True symmetric encryption is used, otherwise asymmetric encryption is used. If omitted, use asymmetric encryption.
Returns:

The encrypted data.
Return type:

Blob
generateKey(keyName, params)[source]

Generate a symmetric key.

Parameters:
  • keyName (Name) – The name of the key.
  • params (KeyParams) – The parameters of the key.
  • keySize (int) – (optional) The size of the key. If omitted, use 256.
generateKeyPair(keyName, params)[source]

Generate a pair of asymmetric keys.

Parameters:
  • keyName (Name) – The name of the key pair.
  • params (KeyParams) – The parameters of the key.
getPublicKey(keyName)[source]

Get the public key with the keyName.

Parameters:keyName (Name) – The name of public key.
Returns:The public key.
Return type:PublicKey
nameTransform(keyName, extension)[source]

Create a file path from keyName and the extension

Parameters:
  • keyName (str) – The key name URI.
  • extension (str) – The desired file name extension, e.g. ”.pri”.
Returns:

The file path.
Return type:

str
sign(data, keyName, digestAlgorithm=1)[source]

Fetch the private key for keyName and sign the data, returning a signature Blob.

Parameters:
  • data (An array type with int elements) – Pointer the input byte buffer to sign.
  • keyName (Name) – The name of the signing key.
  • digestAlgorithm (int from DigestAlgorithm) – (optional) the digest algorithm. If omitted, use DigestAlgorithm.SHA256.
Returns:

The signature Blob.
Return type:

Blob

pyndn.security.identity.identity_manager module

This module defines the IdentityManager class which is the interface of operations related to identity, keys, and certificates.

class pyndn.security.identity.identity_manager.IdentityManager(identityStorage=None, privateKeyStorage=None)[source]

Bases: object

Create a new IdentityManager to use the optional identityStorage and privateKeyStorage.

Parameters:
  • identityStorage (IdentityStorage) – (optional) An object of a subclass of IdentityStorage. If omitted, use BasicIdentityStorage.
  • privateKeyStorage (PrivateKeyStorage) – (optional) An object of a subclass of PrivateKeyStorage. If omitted, use the default PrivateKeyStorage for your system, which is OSXPrivateKeyStorage for OS X, otherwise FilePrivateKeyStorage.
addCertificate(certificate)[source]

Add a certificate into the public key identity storage.

Parameters:certificate (IdentityCertificate) – The certificate to to added. This makes a copy of the certificate.
addCertificateAsDefault(certificate)[source]

Add a certificate into the public key identity storage and set the certificate as the default of its corresponding key.

Parameters:certificate (IdentityCertificate) – The certificate to to added. This makes a copy of the certificate.
addCertificateAsIdentityDefault(certificate)[source]

Add a certificate into the public key identity storage and set the certificate as the default for its corresponding identity.

Parameters:certificate (IdentityCertificate) – The certificate to to added. This makes a copy of the certificate.
createIdentity(identityName, params)[source]

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.

Deprecated :

Use createIdentityAndCertificate which returns the certificate name instead of the key name. You can use IdentityCertificate.certificateNameToPublicKeyName to convert the certificate name to the key name.
Parameters:
  • identityName (Name) – The name of the identity.
  • params (KeyParams) – The key parameters if a key needs to be generated for the identity.
Returns:

The key name of the auto-generated KSK of the identity.
Return type:

Name
createIdentityAndCertificate(identityName, params)[source]

Create an identity by creating a pair of Key-Signing-Key (KSK) for this identity and a self-signed certificate of the KSK. If a key pair or certificate for the identity already exists, use it.

Parameters:
  • identityName (Name) – The name of the identity.
  • params (KeyParams) – The key parameters if a key needs to be generated for the identity.
Returns:

The name of the default certificate of the identity.
Return type:

Name
deleteIdentity(identityName)[source]

Delete the identity from the public and private key storage. If the identity to be deleted is current default system default, the method will not delete the identity and will return immediately. :param Name identityName: The name of the identity to delete.

generateRSAKeyPair(identityName, isKsk=False, keySize=2048)[source]

Generate a pair of RSA keys for the specified identity.

Parameters:
  • identityName (Name) – The name of the identity.
  • isKsk (bool) – (optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
  • keySize (int) – (optional) The size of the key. If omitted, use a default secure key size.
Returns:

The generated key name.
Return type:

Name
generateRSAKeyPairAsDefault(identityName, isKsk=False, keySize=2048)[source]

Generate a pair of RSA keys for the specified identity and set it as default key for the identity.

Parameters:
  • NameidentityName – The name of the identity.
  • isKsk (bool) – (optional) true for generating a Key-Signing-Key (KSK), false for a Data-Signing-Key (DSK). If omitted, generate a Data-Signing-Key.
  • keySize (int) – (optional) The size of the key. If omitted, use a default secure key size.
Returns:

The generated key name.
Return type:

Name
getAnyCertificate(certificateName)[source]

Get a certificate even if the certificate is not valid anymore.

Parameters:certificateName (Name) – The name of the requested certificate.
Returns:The requested certificate.
Return type:IdentityCertificate
getCertificate(certificateName)[source]

Get a certificate with the specified name.

Parameters:certificateName (Name) – The name of the requested certificate.
Returns:The requested certificate which is valid.
Return type:IdentityCertificate
getDefaultCertificate()[source]

Get the certificate of the default identity.

Returns:The requested certificate. If not found, return None.
Return type:IdentityCertificate
getDefaultCertificateName()[source]

Get the default certificate name of the default identity.

Returns:The requested certificate name.
Return type:Name
Raises SecurityException:
 if the default identity is not set or the default key name for the identity is not set or the default certificate name for the key name is not set.
getDefaultCertificateNameForIdentity(identityName)[source]

Get the default certificate name for the specified identity, which will be used when signing is performed based on identity.

Parameters:identityName (Name) – The name of the specified identity.
Returns:The requested certificate name.
Return type:Name
Raises SecurityException:
 if the default key name for the identity is not set or the default certificate name for the key name is not set.
getDefaultIdentity()[source]

Get the default identity.

Returns:The name of default identity.
Return type:Name
Raises SecurityException:
 if the default identity is not set.
getDefaultKeyNameForIdentity(identityName=None)[source]

Get the default key for an identity.

Parameters:identityName (Name) – The name of the identity.
Raises SecurityException:
 if the default key name for the identity is not set.
getPublicKey(keyName)[source]

Get the public key with the specified name.

Parameters:keyName (Name) – The name of the key.
Returns:The public key.
Return type:PublicKey
selfSign(keyName)[source]

Generate a self-signed certificate for a public key.

Parameters:keyName (Name) – The name of the public key.
Returns:The generated certificate.
Return type:IdentityCertificate
setDefaultCertificateForKey(certificate)[source]

Set the certificate as the default for its corresponding key.

Parameters:certificate (IdentityCertificate) – The certificate.
setDefaultIdentity(identityName)[source]

Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() raises an exception.

Parameters:identityName (Name) – The default identity name.
setDefaultKeyForIdentity(keyName, identityNameCheck=None)[source]

Set a key as the default key of an identity. The identity name is inferred from keyName.

Parameters:
  • keyName (Name) – The name of the key.
  • identityNameCheck (Name) – (optional) The identity name to check that the keyName contains the same identity name. If an empty name, it is ignored.
signByCertificate(target, certificateName, wireFormat=None)[source]

Sign the target based on the certificateName. If it is a Data object, set its signature. If it is an array, return a signature object.

Parameters:
  • target – If this is a Data object, wire encode for signing, update its signature and key locator field and wireEncoding. If it is an array, sign it and return a Signature object.
  • certificateName (Name) – The Name identifying the certificate which identifies the signing key.
  • wireFormat (A subclass of WireFormat) – (optional) The WireFormat for calling encodeData, or WireFormat.getDefaultWireFormat() if omitted.
Returns:

The Signature object (only if the target is an array).
Return type:

An object of a subclass of Signature
signInterestByCertificate(interest, certificateName, wireFormat=None)[source]

Append a SignatureInfo to the Interest name, sign the name components and append a final name component with the signature bits.

Parameters:
  • interest (Interest) – The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
  • certificateName (Name) – The certificate name of the key to use for signing.
  • wireFormat (A subclass of WireFormat) – (optional) A WireFormat object used to encode the input. If omitted, use WireFormat.getDefaultWireFormat().
signInterestWithSha256(interest, wireFormat=None)[source]

Append a SignatureInfo for DigestSha256 to the Interest name, digest the name components and append a final name component with the signature bits (which is the digest).

Parameters:
  • interest (Interest) – The Interest object to be signed. This appends name components of SignatureInfo and the signature bits.
  • wireFormat (A subclass of WireFormat) – (optional) A WireFormat object used to encode the input. If omitted, use WireFormat.getDefaultWireFormat().
signWithSha256(data, wireFormat=None)[source]

Wire encode the Data object, digest it and set its SignatureInfo to a DigestSha256.

Parameters:
  • data (Data) – The Data object to be signed. This updates its signature and wireEncoding.
  • wireFormat (A subclass of WireFormat) – (optional) A WireFormat object used to encode the input. If omitted, use WireFormat.getDefaultWireFormat().

pyndn.security.identity.identity_storage module

This module defines the IdentityStorage abstract class which is a base class for the storage of identity, public keys and certificates. Private keys are stored in PrivateKeyStorage. This is an abstract base class. A subclass must implement the methods.

class pyndn.security.identity.identity_storage.IdentityStorage[source]

Bases: object

activateKey(keyName)[source]

Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.

Parameters:keyName (Name) – The name of the key.
addCertificate(certificate)[source]

Add a certificate to the identity storage.

Parameters:certificate (IdentityCertificate) – The certificate to be added. This makes a copy of the certificate.
Raises SecurityException:
 If the certificate is already installed.
addIdentity(identityName)[source]

Add a new identity. Do nothing if the identity already exists.

Parameters:identityName (Name) – The identity name.
addKey(keyName, keyType, publicKeyDer)[source]

Add a public key to the identity storage. Also call addIdentity to ensure that the identityName for the key exists.

Parameters:
  • keyName (Name) – The name of the public key to be added.
  • keyType (int from KeyType) – Type of the public key to be added.
  • publicKeyDer (Blob) – A blob of the public key DER to be added.
Raises SecurityException:
 

If a key with the keyName already exists.
deactivateKey(keyName)[source]

Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.

Parameters:keyName (Name) – The name of the key.
deleteCertificateInfo(certificateName)[source]

Remove a certificate from associated keys.

Parameters:keyName (Name) – The name of the key.
deleteIdentityInfo(identity)[source]

Delete an identity and related public keys and certificates.

Parameters:identity (Name) – The identity name.
deletePublicKeyInfo(keyName)[source]

Remove the key and all certificates associated with it.

Parameters:keyName (Name) – The name of the key.
doesCertificateExist(certificateName)[source]

Check if the specified certificate already exists.

Parameters:certificateName (Name) – The name of the certificate.
Returns:True if the certificate exists, otherwise False.
Return type:bool
doesIdentityExist(identityName)[source]

Check if the specified identity already exists.

Parameters:identityName (Name) – The identity name.
Returns:True if the identity exists, otherwise False.
Return type:bool
doesKeyExist(keyName)[source]

Check if the specified key already exists.

Parameters:keyName (Name) – The name of the key.
Returns:True if the key exists, otherwise False.
Return type:bool
getAllKeyNamesOfIdentity(identityName, nameList, isDefault)[source]

Append all the key names of a particular identity to the nameList.

Parameters:
  • identityName (Name) – The identity name to search for.
  • nameList (Array<Name>) – Append result names to nameList.
  • isDefault (bool) – If true, add only the default key name. If false, add only the non-default key names.
getCertificate(certificateName, allowAny=False)[source]

Get a certificate from the identity storage.

Parameters:
  • certificateName (Name) – The name of the requested certificate.
  • allowAny (bool) – (optional) If False, only a valid certificate will be returned, otherwise validity is disregarded. If omitted, allowAny is False.
Returns:

The requested certificate. If not found, return None.
Return type:

IdentityCertificate
getDefaultCertificate()[source]

Get the certificate of the default identity.

Returns:The requested certificate. If not found, return None.
Return type:IdentityCertificate
getDefaultCertificateNameForIdentity(identityName)[source]

Get the default certificate name for the specified identity.

Parameters:identityName (Name) – The identity name.
Returns:The default certificate name.
Return type:Name
Raises SecurityException:
 if the default key name for the identity is not set or the default certificate name for the key name is not set.
getDefaultCertificateNameForKey(keyName)[source]

Get the default certificate name for the specified key.

Parameters:keyName (Name) – The key name.
Returns:The default certificate name.
Return type:Name
Raises SecurityException:
 if the default certificate name for the key name is not set.
getDefaultIdentity()[source]

Get the default identity.

Returns:The name of default identity.
Return type:Name
Raises SecurityException:
 if the default identity is not set.
getDefaultKeyNameForIdentity(identityName)[source]

Get the default key name for the specified identity.

Parameters:identityName (Name) – The identity name.
Returns:The default key name.
Return type:Name
Raises SecurityException:
 if the default key name for the identity is not set.
getKey(keyName)[source]

Get the public key DER blob from the identity storage.

Parameters:keyName (Name) – The name of the requested public key.
Returns:The DER Blob. If not found, return a isNull() Blob.
Return type:Blob
getNewKeyName(identityName, useKsk)[source]

Generate a name for a new key belonging to the identity.

Parameters:
  • identityName (Name) – The identity name.
  • useKsk (bool) – If True, generate a KSK name, otherwise a DSK name.
Returns:

The generated key name.
Return type:

Name
revokeIdentity()[source]

Revoke the identity.

Returns:True if the identity was revoked, False if not.
Return type:bool
setDefaultCertificateNameForKey(keyName, certificateName)[source]

Set the default key name for the specified identity.

Parameters:
  • keyName (Name) – The key name.
  • certificateName (Name) – The certificate name.
setDefaultIdentity(identityName)[source]

Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() raises an exception.

Parameters:identityName (Name) – The default identity name.
setDefaultKeyNameForIdentity(keyName, identityNameCheck=None)[source]

Set a key as the default key of an identity. The identity name is inferred from keyName.

Parameters:
  • keyName (Name) – The name of the key.
  • identityNameCheck (Name) – (optional) The identity name to check that the keyName contains the same identity name. If an empty name, it is ignored.

pyndn.security.identity.memory_identity_storage module

This module defines the MemoryIdentityStorage class which extends IdentityStorage and implements its methods to store identity, public key and certificate objects in memory. The application must get the objects through its own means and add the objects to the MemoryIdentityStorage object. To use permanent file-based storage, see BasicIdentityStorage.

class pyndn.security.identity.memory_identity_storage.MemoryIdentityStorage[source]

Bases: pyndn.security.identity.identity_storage.IdentityStorage

activateKey(keyName)[source]

Activate a key. If a key is marked as inactive, its private part will not be used in packet signing.

Parameters:keyName (Name) – The name of the key.
addCertificate(certificate)[source]

Add a certificate to the identity storage.

Parameters:certificate (IdentityCertificate) – The certificate to be added. This makes a copy of the certificate.
Raises SecurityException:
 If the certificate is already installed.
addIdentity(identityName)[source]

Add a new identity. Do nothing if the identity already exists.

Parameters:identityName (Name) – The identity name.
addKey(keyName, keyType, publicKeyDer)[source]

Add a public key to the identity storage. Also call addIdentity to ensure that the identityName for the key exists.

Parameters:
  • keyName (Name) – The name of the public key to be added.
  • keyType (int from KeyType) – Type of the public key to be added.
  • publicKeyDer (Blob) – A blob of the public key DER to be added.
Raises SecurityException:
 

If a key with the keyName already exists.
deactivateKey(keyName)[source]

Deactivate a key. If a key is marked as inactive, its private part will not be used in packet signing.

Parameters:keyName (Name) – The name of the key.
doesCertificateExist(certificateName)[source]

Check if the specified certificate already exists.

Parameters:certificateName (Name) – The name of the certificate.
Returns:True if the certificate exists, otherwise False.
Return type:bool
doesIdentityExist(identityName)[source]

Check if the specified identity already exists.

Parameters:identityName (Name) – The identity name.
Returns:True if the identity exists, otherwise False.
Return type:bool
doesKeyExist(keyName)[source]

Check if the specified key already exists.

Parameters:keyName (Name) – The name of the key.
Returns:True if the key exists, otherwise False.
Return type:bool
getCertificate(certificateName, allowAny=False)[source]

Get a certificate from the identity storage.

Parameters:
  • certificateName (Name) – The name of the requested certificate.
  • allowAny (bool) – (optional) If False, only a valid certificate will be returned, otherwise validity is disregarded. If omitted, allowAny is False.
Returns:

The requested certificate. If not found, return None.
Return type:

IdentityCertificate
getDefaultCertificateNameForKey(keyName)[source]

Get the default certificate name for the specified key.

Parameters:keyName (Name) – The key name.
Returns:The default certificate name.
Return type:Name
Raises SecurityException:
 if the default certificate name for the key name is not set.
getDefaultIdentity()[source]

Get the default identity.

Returns:The name of default identity.
Return type:Name
Raises SecurityException:
 if the default identity is not set.
getDefaultKeyNameForIdentity(identityName)[source]

Get the default key name for the specified identity.

Parameters:identityName (Name) – The identity name.
Returns:The default key name.
Return type:Name
Raises SecurityException:
 if the default key name for the identity is not set.
getKey(keyName)[source]

Get the public key DER blob from the identity storage.

Parameters:keyName (Name) – The name of the requested public key.
Returns:The DER Blob. If not found, return a isNull() Blob.
Return type:Blob
revokeIdentity()[source]

Revoke the identity.

Returns:True if the identity was revoked, False if not.
Return type:bool
setDefaultCertificateNameForKey(keyName, certificateName)[source]

Set the default key name for the specified identity.

Parameters:
  • keyName (Name) – The key name.
  • certificateName (Name) – The certificate name.
setDefaultIdentity(identityName)[source]

Set the default identity. If the identityName does not exist, then clear the default identity so that getDefaultIdentity() raises an exception.

Parameters:identityName (Name) – The default identity name.
setDefaultKeyNameForIdentity(keyName, identityNameCheck=None)[source]

Set a key as the default key of an identity. The identity name is inferred from keyName.

Parameters:
  • keyName (Name) – The name of the key.
  • identityNameCheck (Name) – (optional) The identity name to check that the keyName contains the same identity name. If an empty name, it is ignored.

pyndn.security.identity.memory_private_key_storage module

This module defines the MemoryPrivateKeyStorage class which extends PrivateKeyStorage to implement private key storage in memory.

class pyndn.security.identity.memory_private_key_storage.MemoryPrivateKeyStorage[source]

Bases: pyndn.security.identity.private_key_storage.PrivateKeyStorage

class PrivateKey(keyType, keyDer)[source]

PrivateKey is a simple class to hold a PyCrypto key object along with a KeyType.

getKeyType()[source]
getPrivateKey()[source]
MemoryPrivateKeyStorage.deleteKeyPair(keyName)[source]

Delete a pair of asymmetric keys. If the key doesn’t exist, do nothing.

Parameters:keyName (Name) – The name of the key pair.
MemoryPrivateKeyStorage.doesKeyExist(keyName, keyClass)[source]

Check if a particular key exists.

Parameters:
  • keyName (Name) – The name of the key.
  • keyClass (int from KeyClass) – The class of the key, e.g. KeyClass.PUBLIC, KeyClass.PRIVATE, or KeyClass.SYMMETRIC.
Returns:

True if the key exists, otherwise false.
Return type:

bool
MemoryPrivateKeyStorage.generateKeyPair(keyName, params)[source]

Generate a pair of asymmetric keys.

Parameters:
  • keyName (Name) – The name of the key pair.
  • params (KeyParams) – The parameters of the key.
MemoryPrivateKeyStorage.getPublicKey(keyName)[source]

Get the public key with the keyName.

Parameters:keyName (Name) – The name of public key.
Returns:The public key.
Return type:PublicKey
MemoryPrivateKeyStorage.setKeyPairForKeyName(keyName, keyType, publicKeyDer, privateKeyDer=None)[source]

Set the public and private key for the keyName.

Parameters:
  • keyName (Name) – The key name.
  • keyType (an int from KeyType) – The KeyType, such as KeyType.RSA.
  • publicKeyDer (str, or an array type with int elements which is converted to str) – The public key DER byte array.
  • privateKeyDer (str, or an array type with int elements which is converted to str) – The private key DER byte array.
MemoryPrivateKeyStorage.setPrivateKeyForKeyName(keyName, keyType, privateKeyDer)[source]

Set the private key for the keyName.

Parameters:
  • keyName (Name) – The key name.
  • keyType (an int from KeyType) – The KeyType, such as KeyType.RSA.
  • privateKeyDer (str, or an array type with int elements which is converted to str) – The private key DER byte array.
MemoryPrivateKeyStorage.setPublicKeyForKeyName(keyName, keyType, publicKeyDer)[source]

Set the public key for the keyName.

Parameters:
  • keyName (Name) – The key name.
  • keyType (an int from KeyType) – The KeyType, such as KeyType.RSA.
  • publicKeyDer (str, or an array type with int elements which is converted to str) – The public key DER byte array.
MemoryPrivateKeyStorage.sign(data, keyName, digestAlgorithm=1)[source]

Fetch the private key for keyName and sign the data, returning a signature Blob.

Parameters:
  • data (an array which implements the buffer protocol) – The input byte buffer to sign.
  • keyName (Name) – The name of the signing key.
  • digestAlgorithm (int from DigestAlgorithm) – (optional) the digest algorithm. If omitted, use DigestAlgorithm.SHA256.
Returns:

The signature Blob.
Return type:

Blob
Raises SecurityException:
 

if can’t find the private key with keyName.

pyndn.security.identity.osx_private_key_storage module

This module defines the OSXPrivateKeyStorage class which extends PrivateKeyStorage to implement private key storage using the OS X Keychain.

class pyndn.security.identity.osx_private_key_storage.OSXPrivateKeyStorage[source]

Bases: pyndn.security.identity.private_key_storage.PrivateKeyStorage

decrypt(keyName, data, isSymmetric=False)[source]

Decrypt data.

Parameters:
  • keyName (Name) – The name of the decrypting key.
  • data (An array type with int elements) – The byte buffer to be decrypted.
  • isSymmetric (bool) – (optional) If True symmetric encryption is used, otherwise asymmetric encryption is used. If omitted, use asymmetric encryption.
Returns:

The decrypted data.
Return type:

Blob
deleteKeyPair(keyName)[source]

Delete a pair of asymmetric keys. If the key doesn’t exist, do nothing.

Parameters:keyName (Name) – The name of the key pair.
doesKeyExist(keyName, keyClass)[source]

Check if a particular key exists.

Parameters:
  • keyName (Name) – The name of the key.
  • keyClass (int from KeyClass) – The class of the key, e.g. KeyClass.PUBLIC, KeyClass.PRIVATE, or KeyClass.SYMMETRIC.
Returns:

True if the key exists, otherwise false.
Return type:

bool
encrypt(keyName, data, isSymmetric=False)[source]

Encrypt data.

Parameters:
  • keyName (Name) – The name of the encrypting key.
  • data (An array type with int elements) – The byte buffer to be encrypted.
  • isSymmetric (bool) – (optional) If True symmetric encryption is used, otherwise asymmetric encryption is used. If omitted, use asymmetric encryption.
Returns:

The encrypted data.
Return type:

Blob
generateKey(keyName, params)[source]

Generate a symmetric key.

Parameters:
  • keyName (Name) – The name of the key.
  • params (KeyParams) – The parameters of the key.
generateKeyPair(keyName, params)[source]

Generate a pair of asymmetric keys.

Parameters:
  • keyName (Name) – The name of the key pair.
  • params (KeyParams) – The parameters of the key.
getPublicKey(keyName)[source]

Get the public key with the keyName.

Parameters:keyName (Name) – The name of public key.
Returns:The public key.
Return type:PublicKey
sign(data, keyName, digestAlgorithm=1)[source]

Fetch the private key for keyName and sign the data, returning a signature Blob.

Parameters:
  • data (An array type with int elements) – Pointer the input byte buffer to sign.
  • keyName (Name) – The name of the signing key.
  • digestAlgorithm (int from DigestAlgorithm) – (optional) the digest algorithm. If omitted, use DigestAlgorithm.SHA256.
Returns:

The signature Blob.
Return type:

Blob

pyndn.security.identity.private_key_storage module

This module defines the PrivateKeyStorage abstract class which declares methods for working with a private key storage. You should use a subclass.

class pyndn.security.identity.private_key_storage.PrivateKeyStorage[source]

Bases: object

decrypt(keyName, data, isSymmetric=False)[source]

Decrypt data. Your derived class should override.

Parameters:
  • keyName (Name) – The name of the decrypting key.
  • data (An array type with int elements) – The byte buffer to be decrypted.
  • isSymmetric (bool) – (optional) If True symmetric encryption is used, otherwise asymmetric encryption is used. If omitted, use asymmetric encryption.
Returns:

The decrypted data.
Return type:

Blob
Raises RuntimeError:
 

for unimplemented if the derived class does not override.
deleteKeyPair(keyName)[source]

Delete a pair of asymmetric keys. If the key doesn’t exist, do nothing. Your derived class should override.

Parameters:keyName (Name) – The name of the key pair.
Raises RuntimeError:
 for unimplemented if the derived class does not override.
doesKeyExist(keyName, keyClass)[source]

Check if a particular key exists. Your derived class should override.

Parameters:
  • keyName (Name) – The name of the key.
  • keyClass (int from KeyClass) – The class of the key, e.g. KeyClass.PUBLIC, KeyClass.PRIVATE, or KeyClass.SYMMETRIC.
Returns:

True if the key exists, otherwise false.
Return type:

bool
Raises RuntimeError:
 

for unimplemented if the derived class does not override.
encrypt(keyName, data, isSymmetric=False)[source]

Encrypt data. Your derived class should override.

Parameters:
  • keyName (Name) – The name of the encrypting key.
  • data (An array type with int elements) – The byte buffer to be encrypted.
  • isSymmetric (bool) – (optional) If True symmetric encryption is used, otherwise asymmetric encryption is used. If omitted, use asymmetric encryption.
Returns:

The encrypted data.
Return type:

Blob
Raises RuntimeError:
 

for unimplemented if the derived class does not override.
generateKey(keyName, params)[source]

Generate a symmetric key. Your derived class should override.

Parameters:
  • keyName (Name) – The name of the key.
  • params (KeyParams) – The parameters of the key.
Raises RuntimeError:
 

for unimplemented if the derived class does not override.
generateKeyPair(keyName, params)[source]

Generate a pair of asymmetric keys. Your derived class should override.

Parameters:
  • keyName (Name) – The name of the key pair.
  • params (KeyParams) – The parameters of the key.
Raises RuntimeError:
 

for unimplemented if the derived class does not override.
getPublicKey(keyName)[source]

Get the public key with the keyName. Your derived class should override.

Parameters:keyName (Name) – The name of public key.
Returns:The public key.
Return type:PublicKey
Raises RuntimeError:
 for unimplemented if the derived class does not override.
sign(data, keyName, digestAlgorithm=1)[source]

Fetch the private key for keyName and sign the data, returning a signature Blob. Your derived class should override.

Parameters:
  • data (An array type with int elements) – Pointer the input byte buffer to sign.
  • keyName (Name) – The name of the signing key.
  • digestAlgorithm (int from DigestAlgorithm) – (optional) the digest algorithm. If omitted, use DigestAlgorithm.SHA256.
Returns:

The signature Blob.
Return type:

Blob
Raises RuntimeError:
 

for unimplemented if the derived class does not override.

Module contents

Table Of Contents

Previous topic

pyndn.security.certificate package

Next topic

pyndn.security.policy package

This Page

Navigation

© Copyright 2016, Regents of the University of California. Created using Sphinx 1.1.3.