Parent key class
Common API for all public keys.
class paramiko.pkey.PKey(msg=None, data=None)
Base class for public keys.
__cmp__(other)
Compare this key to another. Returns 0 if this key is equivalent to the given key, or non-0 if they are different. Only the public parts of the key are compared, so a public key will compare equal to its corresponding private key.
PKey
) -- key to compare to.__init__(msg=None, data=None)
Create a new instance of this public key type. If msg
is given,
the key's public part(s) will be filled in from the message. If
data
is given, the key's public part(s) will be filled in from
the string.
__weakref__
list of weak references to the object (if defined)
asbytes()
Return a string of an SSH Message
made up of the public part(s) of
this key. This string is suitable for passing to __init__
to
re-create the key object later.
can_sign()
Return True
if this key has the private part necessary for signing
data.
classmethod from_private_key(file_obj, password=None)
Create a key object by reading a private key from a file (or file-like)
object. If the private key is encrypted and password
is not
None
, the given password will be used to decrypt the key (otherwise
PasswordRequiredException
is thrown).
- file_obj -- the file-like object to read from
- password (
str
) -- an optional password to use to decrypt the key, if it's encrypted
PKey
based on the given private keyIOError
-- if there was an error reading the keySSHException
-- if the key file is invalidclassmethod from_private_key_file(filename, password=None)
Create a key object by reading a private key file. If the private
key is encrypted and password
is not None
, the given password
will be used to decrypt the key (otherwise PasswordRequiredException
is thrown). Through the magic of Python, this factory method will
exist in all subclasses of PKey (such as RSAKey
or DSSKey
), but
is useless on the abstract PKey class.
PKey
based on the given private keyIOError
-- if there was an error reading the fileSSHException
-- if the key file is invalidget_base64()
Return a base64 string containing the public part of this key. Nothing secret is revealed. This format is compatible with that used to store public key files or recognized host keys.
string
containing the public part of the key.get_bits()
Return the number of significant bits in this key. This is useful for judging the relative security of a key.
int
)get_fingerprint()
Return an MD5 fingerprint of the public part of this key. Nothing secret is revealed.
string
(binary) of the MD5 fingerprint, in SSH
format.get_name()
Return the name of this private key implementation.
str
(for
example, "ssh-rsa"
).load_certificate(value)
Supplement the private key contents with data loaded from an OpenSSH
public key (.pub
) or certificate (-cert.pub
) file, a string
containing such a file, or a Message
object.
The .pub contents adds no real value, since the private key file includes sufficient information to derive the public key info. For certificates, however, this can be used on the client side to offer authentication requests to the server based on certificate instead of raw public key.
See: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.certkeys
Note: very little effort is made to validate the certificate contents, that is for the server to decide if it is good enough to authenticate successfully.
sign_ssh_data(data)
Sign a blob of data with this private key, and return a Message
representing an SSH signature message.
verify_ssh_sig(data, msg)
Given a blob of data, and an SSH message representing a signature of that data, verify that it was signed with this key.
write_private_key(file_obj, password=None)
Write private key contents into a file (or file-like) object. If the
password is not None
, the key is encrypted before writing.
- file_obj -- the file-like object to write into
- password (
str
) -- an optional password to use to encrypt the key
IOError
-- if there was an error writing to the fileSSHException
-- if the key is invalidwrite_private_key_file(filename, password=None)
Write private key contents into a file. If the password is not
None
, the key is encrypted before writing.
IOError
-- if there was an error writing the fileSSHException
-- if the key is invalidclass paramiko.pkey.PublicBlob(type_, blob, comment=None)
OpenSSH plain public key or OpenSSH signed public key (certificate).
Tries to be as dumb as possible and barely cares about specific per-key-type data.
- ..note::
- Most of the time you'll want to call
from_file
,from_string
orfrom_message
for useful instantiation, the main constructor is basically "I should be usingattrs
for this."
__init__(type_, blob, comment=None)
Create a new public blob of given type and contents.
__weakref__
list of weak references to the object (if defined)
classmethod from_file(filename)
Create a public blob from a -cert.pub
-style file on disk.
classmethod from_message(message)
Create a public blob from a network Message
.
Specifically, a cert-bearing pubkey auth packet, because by definition OpenSSH-style certificates 'are' their own network representation."
classmethod from_string(string)
Create a public blob from a -cert.pub
-style string.
DSA (DSS)
DSS keys.
class paramiko.dsskey.DSSKey(msg=None, data=None, filename=None, password=None, vals=None, file_obj=None)
Representation of a DSS key which can be used to sign an verify SSH2 data.
static generate(bits=1024, progress_func=None)
Generate a new private DSS key. This factory function can be used to generate a new host key or authentication key.
RSA
RSA keys.
class paramiko.rsakey.RSAKey(msg=None, data=None, filename=None, password=None, key=None, file_obj=None)
Representation of an RSA key which can be used to sign and verify SSH2 data.
static generate(bits, progress_func=None)
Generate a new private RSA key. This factory function can be used to generate a new host key or authentication key.
ECDSA
ECDSA keys
class paramiko.ecdsakey.ECDSAKey(msg=None, data=None, filename=None, password=None, vals=None, file_obj=None, validate_point=True)
Representation of an ECDSA key which can be used to sign and verify SSH2 data.
classmethod generate(curve=<cryptography.hazmat.primitives.asymmetric.ec.SECP256R1 object>, progress_func=None, bits=None)
Generate a new private ECDSA key. This factory function can be used to generate a new host key or authentication key.
ECDSAKey
) objectEd25519
class paramiko.ed25519key.Ed25519Key(msg=None, data=None, filename=None, password=None, file_obj=None)
Representation of an Ed25519 key.
Note
Ed25519 key support was added to OpenSSH in version 6.5.
New in version 2.2.
Changed in version 2.3: Added a file_obj
parameter to match other key classes.