google.auth.crypt package¶
Cryptography helpers for verifying and signing messages.
The simplest way to verify signatures is using verify_signature()
:
cert = open('certs.pem').read()
valid = crypt.verify_signature(message, signature, cert)
If you’re going to verify many messages with the same certificate, you can use
RSAVerifier
:
cert = open('certs.pem').read()
verifier = crypt.RSAVerifier.from_string(cert)
valid = verifier.verify(message, signature)
To sign messages use RSASigner
with a private key:
private_key = open('private_key.pem').read()
signer = crypt.RSASigner.from_string(private_key)
signature = signer.sign(message)
The code above also works for ES256Signer
and ES256Verifier
.
Note that these two classes are only available if your cryptography dependency
version is at least 1.4.0.
- class RSASigner(private_key, key_id=None)[source]¶
Bases:
Signer
,FromServiceAccountMixin
Signs messages with an RSA private key.
- Parameters:
private_key (rsa.key.PrivateKey) – The private key to sign with.
key_id (str) – Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate.
- classmethod from_string(key, key_id=None)[source]¶
Construct an Signer instance from a private key in PEM format.
- Parameters:
- Returns:
The constructed signer.
- Return type:
- Raises:
ValueError – If the key cannot be parsed as PKCS#1 or PKCS#8 in PEM format.
- classmethod from_service_account_file(filename)¶
Creates a Signer instance from a service account .json file in Google format.
- Parameters:
filename (str) – The path to the service account .json file.
- Returns:
The constructed signer.
- Return type:
- classmethod from_service_account_info(info)¶
Creates a Signer instance instance from a dictionary containing service account info in Google format.
- Parameters:
info (
Mapping
[str
,str
]) – The service account info in Google format.- Returns:
The constructed signer.
- Return type:
- Raises:
ValueError – If the info is not in the expected format.
- class RSAVerifier(public_key)[source]¶
Bases:
Verifier
Verifies RSA cryptographic signatures using public keys.
- Parameters:
public_key (rsa.key.PublicKey) – The public key used to verify signatures.
- classmethod from_string(public_key)[source]¶
Construct an Verifier instance from a public key or public certificate string.
- Parameters:
public_key (
Union
[str
,bytes
]) – The public key in PEM format or the x509 public key certificate.- Returns:
The constructed verifier.
- Return type:
- Raises:
ValueError – If the public_key can’t be parsed.
- class Verifier[source]¶
Bases:
object
Abstract base class for crytographic signature verifiers.