google.auth.crypt.es256 module

ECDSA (ES256) verifier and signer that use the cryptography library.

class ES256Verifier(public_key)[source]

Bases: google.auth.crypt.base.Verifier

Verifies ECDSA cryptographic signatures using public keys.

Parameters

( (public_key) – cryptography.hazmat.primitives.asymmetric.ec.ECDSAPublicKey): The public key used to verify signatures.

verify(message, signature)[source]

Verifies a message against a cryptographic signature.

Parameters
Returns

True if message was signed by the private key associated with the public key that this object was constructed with.

Return type

bool

classmethod from_string(public_key)[source]

Construct an Verifier instance from a public key or public certificate string.

Parameters

public_key (Unionstr, bytes) – The public key in PEM format or the x509 public key certificate.

Returns

The constructed verifier.

Return type

Verifier

Raises

ValueError – If the public key can’t be parsed.

class ES256Signer(private_key, key_id=None)[source]

Bases: google.auth.crypt.base.Signer, google.auth.crypt.base.FromServiceAccountMixin

Signs messages with an ECDSA private key.

Parameters
  • ( (private_key) – cryptography.hazmat.primitives.asymmetric.ec.ECDSAPrivateKey): The private key to sign with.

  • key_id (str) – Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate.

property key_id

The key ID used to identify this private key.

Type

Optionalstr

sign(message)[source]

Signs a message.

Parameters

message (Unionstr, bytes) – The message to be signed.

Returns

The signature of the message.

Return type

bytes

classmethod from_string(key, key_id=None)[source]

Construct a RSASigner from a private key in PEM format.

Parameters
  • key (Unionbytes, str) – Private key in PEM format.

  • key_id (str) – An optional key id used to identify the private key.

Returns

The constructed signer.

Return type

google.auth.crypt._cryptography_rsa.RSASigner

Raises
  • ValueError – If key is not bytes or str (unicode).

  • UnicodeDecodeError – If key is bytes but cannot be decoded into a UTF-8 str.

  • ValueError – If cryptography “Could not deserialize key data.”

classmethod from_service_account_file(filename)

Creates a Signer instance from a service account .json file in Google format.

Parameters

filename (str) – The path to the service account .json file.

Returns

The constructed signer.

Return type

google.auth.crypt.Signer

classmethod from_service_account_info(info)

Creates a Signer instance instance from a dictionary containing service account info in Google format.

Parameters

info (Mappingstr, str) – The service account info in Google format.

Returns

The constructed signer.

Return type

google.auth.crypt.Signer

Raises

ValueError – If the info is not in the expected format.