google.auth.crypt.es256 module

ECDSA (ES256) verifier and signer that use the cryptography library.

class ES256Verifier(public_key)[source]

Bases: google.auth.crypt.base.Verifier

Verifies ECDSA cryptographic signatures using public keys.

Parameters

( (public_key) – cryptography.hazmat.primitives.asymmetric.ec.ECDSAPublicKey): The public key used to verify signatures.

verify(message, signature)[source]

Verifies a message against a cryptographic signature.

Parameters

  • message (Union [ str, bytes ]) – The message to verify.

  • signature (Union [ str, bytes ]) – The cryptography signature to check.

Returns

True if message was signed by the private key associated with the public key that this object was constructed with.

Return type

bool

classmethod from_string(public_key)[source]

Construct an Verifier instance from a public key or public certificate string.

Parameters

public_key (Union [ str, bytes ]) – The public key in PEM format or the x509 public key certificate.

Returns

The constructed verifier.

Return type

Verifier

Raises

ValueError – If the public key can’t be parsed.

class ES256Signer(private_key, key_id=None)[source]

Bases: google.auth.crypt.base.Signer, google.auth.crypt.base.FromServiceAccountMixin

Signs messages with an ECDSA private key.

Parameters

  • ( (private_key) – cryptography.hazmat.primitives.asymmetric.ec.ECDSAPrivateKey): The private key to sign with.

  • key_id (str) – Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate.

property key_id

The key ID used to identify this private key.

Type

Optional [ str ]

sign(message)[source]

Signs a message.

Parameters

message (Union [ str, bytes ]) – The message to be signed.

Returns

The signature of the message.

Return type

bytes

classmethod from_string(key, key_id=None)[source]

Construct a RSASigner from a private key in PEM format.

Parameters

  • key (Union [ bytes, str ]) – Private key in PEM format.

  • key_id (str) – An optional key id used to identify the private key.

Returns

The constructed signer.

Return type

google.auth.crypt._cryptography_rsa.RSASigner

Raises

  • ValueError – If key is not bytes or str (unicode).

  • UnicodeDecodeError – If key is bytes but cannot be decoded into a UTF-8 str.

  • ValueError – If cryptography “Could not deserialize key data.”

classmethod from_service_account_file(filename)

Creates a Signer instance from a service account .json file in Google format.

Parameters

filename (str) – The path to the service account .json file.

Returns

The constructed signer.

Return type

google.auth.crypt.Signer

classmethod from_service_account_info(info)

Creates a Signer instance instance from a dictionary containing service account info in Google format.

Parameters

info (Mapping [ str, str ]) – The service account info in Google format.

Returns

The constructed signer.

Return type

google.auth.crypt.Signer

Raises

ValueError – If the info is not in the expected format.