confidant.lib package

Submodules

confidant.lib.cryptolib module

confidant.lib.cryptolib._rsa_private_key_bare_base64(key)

Given an RSA private key, return the base64 + DER encoded private key data. This looks like PEM encoding but without the —–BEGIN PRIVATE KEY—– header and footer.

Parameters:

key (cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey) – The RSA private key

Returns:

base64-encoded DER private key data.

Return type:

string

confidant.lib.cryptolib._x509_certificate_bare_base64(certificate)

Given a certificate object, return the base64 DER encoded certificate data. This looks like PEM encoding but without the —–BEGIN CERTIFICATE—– header and footer.

Parameters:

certificate (cryptography.x509.Certificate) – The X.509 certificate

Returns:

base64-encoded DER X.509 data.

Return type:

string

confidant.lib.cryptolib.create_datakey(encryption_context, keyid, client=None)

Create a datakey from KMS.

confidant.lib.cryptolib.create_mock_datakey()

Mock encryption meant to be used for testing or development. Returns a generated data key, but the encrypted version of the key is simply the unencrypted version. If this is called for anything other than testing or development purposes, it will cause unencrypted keys to be stored along with the encrypted content, rending the encryption worthless.

confidant.lib.cryptolib.decrypt_datakey(data_key, encryption_context=None, client=None)

Decrypt a datakey.

confidant.lib.cryptolib.decrypt_mock_datakey(data_key)

Mock decryption meant to be used for testing or development. Simply returns the provided data_key.

confidant.lib.cryptolib.load_private_key_pem(path, password=None)

Load an RSA private key from a file.

Parameters:

  • path (string) – The file path to an RSA private key in PEM format.

  • password (string) – A password encrypting the file.

Returns:

An RSA private key object.

Return type:

cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey

confidant.lib.cryptolib.load_private_key_pem_as_bare_base64(path, password=None)

Load an RSA private key from a file as bare base64-encoded DER.

Parameters:

  • path (string) – The file path to an RSA private key in PEM format.

  • password (string) – A password encrypting the file.

Returns:

base64-encoded DER private key data.

Return type:

string

confidant.lib.cryptolib.load_x509_certificate_pem(path)

Load an X.509 PEM certificate from a file.

Parameters:

path (string) – The file path to an X.509 certificate in PEM format.

Returns:

X.509 certificate object

Return type:

cryptography.x509.Certificate

confidant.lib.cryptolib.load_x509_certificate_pem_as_bare_base64(path)

Load an X.509 PEM certificate from a file, return as bare base64-encoded DER.

Parameters:

path (string) – The file path to an X.509 certificate in PEM format.

Returns:

base64-encoded DER X.509 data.

Return type:

string

Module contents