CryptoKeyManager Class
Properties Methods Events Configuration Settings Errors
The CryptoKeyManager class provides a simple way to load, generate and manage generic crypto keys.
Syntax
class secureblackbox.CryptoKeyManager
Remarks
CryptoKeyManager allows you to load, save, generate, import, and export low-level crypto keys. One example of such keys are raw RSA keys stored in PKCS1 format or AES256 keys. CryptoKeyManager supports asymmetric, symmetric, and HMAC keys.
CryptoKeyManager is a typical companion for low-level cryptography classes, such as PublicKeyCrypto, SymmetricCrypto, and HashFunction. It can also be used to provide external key material to certificate objects, and to derive cryptographic keys from passwords.
Use import_bytes or import_from_file method to load the key material from a buffer or file. Use import_from_cert (and remember to assign the certificate object to the certificate property before calling it) to import a key from an X.509 certificate. Once loaded, the key will be available in the key property.
To generate a new key or keypair use generate method. You can export the generated key using export_bytes or export_to_file method. You can attach the generated or loaded key to an external certificate object using the export_to_cert method.
Note: CryptoKeyManager can only work with one cryptographic key at a time. Use CryptoKeyStorage to access media containing more than one key.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| cert_bytes | Returns raw certificate data in DER format. |
| cert_ca | Indicates whether the certificate has a CA capability (a setting in BasicConstraints extension). |
| cert_ca_key_id | A unique identifier (fingerprint) of the CA certificate's private key. |
| cert_crl_distribution_points | Locations of the CRL (Certificate Revocation List) distribution points used to check this certificate's validity. |
| cert_curve | Specifies the elliptic curve of the EC public key. |
| cert_fingerprint | Contains the fingerprint (a hash imprint) of this certificate. |
| cert_friendly_name | Contains an associated alias (friendly name) of the certificate. |
| cert_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| cert_hash_algorithm | Specifies the hash algorithm to be used in the operations on the certificate (such as key signing) SB_HASH_ALGORITHM_SHA1 SHA1 SB_HASH_ALGORITHM_SHA224 SHA224 SB_HASH_ALGORITHM_SHA256 SHA256 SB_HASH_ALGORITHM_SHA384 SHA384 SB_HASH_ALGORITHM_SHA512 SHA512 SB_HASH_ALGORITHM_MD2 MD2 SB_HASH_ALGORITHM_MD4 MD4 SB_HASH_ALGORITHM_MD5 MD5 SB_HASH_ALGORITHM_RIPEMD160 RIPEMD160 SB_HASH_ALGORITHM_CRC32 CRC32 SB_HASH_ALGORITHM_SSL3 SSL3 SB_HASH_ALGORITHM_GOST_R3411_1994 GOST1994 SB_HASH_ALGORITHM_WHIRLPOOL WHIRLPOOL SB_HASH_ALGORITHM_POLY1305 POLY1305 SB_HASH_ALGORITHM_SHA3_224 SHA3_224 SB_HASH_ALGORITHM_SHA3_256 SHA3_256 SB_HASH_ALGORITHM_SHA3_384 SHA3_384 SB_HASH_ALGORITHM_SHA3_512 SHA3_512 SB_HASH_ALGORITHM_BLAKE2S_128 BLAKE2S_128 SB_HASH_ALGORITHM_BLAKE2S_160 BLAKE2S_160 SB_HASH_ALGORITHM_BLAKE2S_224 BLAKE2S_224 SB_HASH_ALGORITHM_BLAKE2S_256 BLAKE2S_256 SB_HASH_ALGORITHM_BLAKE2B_160 BLAKE2B_160 SB_HASH_ALGORITHM_BLAKE2B_256 BLAKE2B_256 SB_HASH_ALGORITHM_BLAKE2B_384 BLAKE2B_384 SB_HASH_ALGORITHM_BLAKE2B_512 BLAKE2B_512 SB_HASH_ALGORITHM_SHAKE_128 SHAKE_128 SB_HASH_ALGORITHM_SHAKE_256 SHAKE_256 SB_HASH_ALGORITHM_SHAKE_128_LEN SHAKE_128_LEN SB_HASH_ALGORITHM_SHAKE_256_LEN SHAKE_256_LEN . |
| cert_issuer | The common name of the certificate issuer (CA), typically a company name. |
| cert_issuer_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate issuer. |
| cert_key_algorithm | Specifies the public key algorithm of this certificate. |
| cert_key_bits | Returns the length of the public key. |
| cert_key_fingerprint | Returns a fingerprint of the public key contained in the certificate. |
| cert_key_usage | Indicates the purposes of the key contained in the certificate, in the form of an OR'ed flag set. |
| cert_key_valid | Returns True if the certificate's key is cryptographically valid, and False otherwise. |
| cert_ocsp_locations | Locations of OCSP (Online Certificate Status Protocol) services that can be used to check this certificate's validity, as recorded by the CA. |
| cert_origin | Returns the origin of this certificate. |
| cert_policy_i_ds | Contains identifiers (OIDs) of the applicable certificate policies. |
| cert_private_key_bytes | Contains the certificate's private key. |
| cert_private_key_exists | Indicates whether the certificate has an associated private key. |
| cert_private_key_extractable | Indicates whether the private key is extractable. |
| cert_public_key_bytes | Contains the certificate's public key in DER format. |
| cert_self_signed | Indicates whether the certificate is self-signed (root) or signed by an external CA. |
| cert_serial_number | Returns the certificate's serial number. |
| cert_sig_algorithm | Indicates the algorithm that was used by the CA to sign this certificate. |
| cert_subject | The common name of the certificate holder, typically an individual's name, a URL, an e-mail address, or a company name. |
| cert_subject_key_id | Contains a unique identifier (fingerprint) of the certificate's private key. |
| cert_subject_rdn | A collection of information, in the form of [OID, Value] pairs, uniquely identifying the certificate holder (subject). |
| cert_valid_from | The time point at which the certificate becomes valid, in UTC. |
| cert_valid_to | The time point at which the certificate expires, in UTC. |
| key_algorithm | The algorithm of the cryptographic key. |
| key_bits | The length of the key in bits. |
| key_exportable | Returns True if the key is exportable (can be serialized into an array of bytes), and False otherwise. |
| key_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| key_id | Provides access to a storage-specific key identifier. |
| key_iv | The initialization vector (IV) of a symmetric key. |
| key_key | The byte array representation of the key. |
| key_nonce | A nonce value associated with a key. |
| key_private | Returns True if the object hosts a private key, and False otherwise. |
| key_public | Returns True if the object hosts a public key, and False otherwise. |
| key_subject | Returns the key subject. |
| key_symmetric | Returns True if the object contains a symmetric key, and False otherwise. |
| key_valid | Returns True if this key is valid. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| config | Sets or retrieves a configuration setting. |
| derive_key | Generates a strong cryptographic key from a password. |
| export_bytes | Exports the key to a byte array. |
| export_to_cert | Exports the key to a certificate. |
| export_to_file | Exports the key to a file. |
| generate | Generates a new crypto key. |
| get_key_param | Returns an algorithm-specific key parameter. |
| get_key_param_str | Returns an algorithm-specific key parameter to a string. |
| import_bytes | Loads a key from a byte array. |
| import_from_cert | Loads a key from a certificate. |
| import_from_file | Loads a key from a file. |
| set_key_param | Sets an algorithm-specific key parameter. |
| set_key_param_str | Sets an algorithm-specific key parameter. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_error | Informs about an error during an operation. |
| on_notification | This event notifies the application about an underlying control flow event. |
| on_password_needed | This event is fired when a decryption password is needed. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| Argon2MemoryCost | Sets the memory cost parameter of Argon2 key derivation algorithm. |
| Argon2Parallelism | Sets the parallelism parameter of Argon2 key derivation algorithm. |
| Curve | The name of the curve of the newly added elliptic cryptography (EC) key. |
| DerivationAlgorithm | The algorithm to use for key derivation. |
| DeriveIterations | The number of iterations to use as part of key derivation routine. |
| HMACAlgorithm | Specifies the HMAC algorithm to use with the key derivation algorithm. |
| TempPath | Path for storing temporary files. |
| TempPath | Path for storing temporary files. |
| CheckKeyIntegrityBeforeUse | Enables or disable private key integrity check before use. |
| CookieCaching | Specifies whether a cookie cache should be used for HTTP(S) transports. |
| Cookies | Gets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only). |
| DefDeriveKeyIterations | Specifies the default key derivation algorithm iteration count. |
| EnableClientSideSSLFFDHE | Enables or disables finite field DHE key exchange support in TLS clients. |
| GlobalCookies | Gets or sets global cookies for all the HTTP transports. |
| HttpUserAgent | Specifies the user agent name to be used by all HTTP clients. |
| LogDestination | Specifies the debug log destination. |
| LogDetails | Specifies the debug log details to dump. |
| LogFile | Specifies the debug log filename. |
| LogFilters | Specifies the debug log filters. |
| LogFlushMode | Specifies the log flush mode. |
| LogLevel | Specifies the debug log level. |
| LogMaxEventCount | Specifies the maximum number of events to cache before further action is taken. |
| LogRotationMode | Specifies the log rotation mode. |
| MaxASN1BufferLength | Specifies the maximal allowed length for ASN.1 primitive tag data. |
| MaxASN1TreeDepth | Specifies the maximal depth for processed ASN.1 trees. |
| OCSPHashAlgorithm | Specifies the hash algorithm to be used to identify certificates in OCSP requests. |
| UseOwnDNSResolver | Specifies whether the client classes should use own DNS resolver. |
| UseSharedSystemStorages | Specifies whether the validation engine should use a global per-process copy of the system certificate stores. |
| UseSystemOAEPAndPSS | Enforces or disables the use of system-driven RSA OAEP and PSS computations. |
| UseSystemRandom | Enables or disables the use of the OS PRNG. |