google.auth.crypt.rsa module

RSA cryptography signer and verifier.

This file provides a shared wrapper, that defers to _python_rsa or _cryptography_rsa for implmentations using different third party libraries

class RSAVerifier(public_key)[source]

Bases: Verifier

Verifies RSA cryptographic signatures using public keys.

Parameters:

public_key (Union, cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey) – The public key used to verify signatures.

Raises:

  • ImportError – if called with an rsa.key.PublicKey, when the rsa library is not installed

  • ValueError – if an unrecognized public key is provided

verify(message, signature)[source]

Verifies a message against a cryptographic signature.

Parameters:
Returns:

True if message was signed by the private key associated with the public key that this object was constructed with.

Return type:

bool

classmethod from_string(public_key)[source]

Construct a Verifier instance from a public key or public certificate string.

Parameters:

public_key (Unionstr, bytes) – The public key in PEM format or the x509 public key certificate.

Returns:

The constructed verifier.

Return type:

google.auth.crypt.Verifier

Raises:

ValueError – If the public_key can’t be parsed.

class RSASigner(private_key, key_id=None)[source]

Bases: Signer, FromServiceAccountMixin

Signs messages with an RSA private key.

Parameters:

  • private_key (Union, cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) – The private key to sign with.

  • key_id (str) – Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate.

Raises:

  • ImportError – if called with an rsa.key.PrivateKey, when the rsa library is not installed

  • ValueError – if an unrecognized public key is provided

property key_id

The key ID used to identify this private key.

Type:

Optionalstr

sign(message)[source]

Signs a message.

Parameters:

message (Unionstr, bytes) – The message to be signed.

Returns:

The signature of the message.

Return type:

bytes

classmethod from_string(key, key_id=None)[source]

Construct a Signer instance from a private key in PEM format.

Parameters:

  • key (str) – Private key in PEM format.

  • key_id (str) – An optional key id used to identify the private key.

Returns:

The constructed signer.

Return type:

google.auth.crypt.Signer

Raises:

ValueError – If the key cannot be parsed as PKCS#1 or PKCS#8 in PEM format.

classmethod from_service_account_file(filename)

Creates a Signer instance from a service account .json file in Google format.

Parameters:

filename (str) – The path to the service account .json file.

Returns:

The constructed signer.

Return type:

google.auth.crypt.Signer

classmethod from_service_account_info(info)

Creates a Signer instance instance from a dictionary containing service account info in Google format.

Parameters:

info (Mappingstr, str) – The service account info in Google format.

Returns:

The constructed signer.

Return type:

google.auth.crypt.Signer

Raises:

ValueError – If the info is not in the expected format.