google.auth.crypt.es256 module¶
ECDSA (ES256) verifier and signer that use the cryptography
library.
-
class
ES256Verifier
(public_key)[source]¶ Bases:
google.auth.crypt.base.Verifier
Verifies ECDSA cryptographic signatures using public keys.
Parameters: ( (public_key) – cryptography.hazmat.primitives.asymmetric.ec.ECDSAPublicKey): The public key used to verify signatures. -
verify
(message, signature)[source]¶ Verifies a message against a cryptographic signature.
Parameters: Returns: True if message was signed by the private key associated with the public key that this object was constructed with.
Return type:
-
classmethod
from_string
(public_key)[source]¶ Construct an Verifier instance from a public key or public certificate string.
Parameters: public_key ( Union
[str
,bytes
]) – The public key in PEM format or the x509 public key certificate.Returns: The constructed verifier. Return type: Verifier Raises: ValueError
– If the public key can’t be parsed.
-
-
class
ES256Signer
(private_key, key_id=None)[source]¶ Bases:
google.auth.crypt.base.Signer
,google.auth.crypt.base.FromServiceAccountMixin
Signs messages with an ECDSA private key.
Parameters: - ( (private_key) – cryptography.hazmat.primitives.asymmetric.ec.ECDSAPrivateKey): The private key to sign with.
- key_id (str) – Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate.
-
sign
(message)[source]¶ Signs a message.
Parameters: message ( Union
[str
,bytes
]) – The message to be signed.Returns: The signature of the message. Return type: bytes
-
classmethod
from_string
(key, key_id=None)[source]¶ Construct a RSASigner from a private key in PEM format.
Parameters: Returns: The constructed signer.
Return type: google.auth.crypt._cryptography_rsa.RSASigner
Raises: ValueError
– Ifkey
is notbytes
orstr
(unicode).UnicodeDecodeError
– Ifkey
isbytes
but cannot be decoded into a UTF-8str
.ValueError
– Ifcryptography
“Could not deserialize key data.”
-
classmethod
from_service_account_file
(filename)¶ Creates a Signer instance from a service account .json file in Google format.
Parameters: filename (str) – The path to the service account .json file. Returns: The constructed signer. Return type: google.auth.crypt.Signer
-
classmethod
from_service_account_info
(info)¶ Creates a Signer instance instance from a dictionary containing service account info in Google format.
Parameters: info ( Mapping
[str
,str
]) – The service account info in Google format.Returns: The constructed signer. Return type: google.auth.crypt.Signer Raises: ValueError
– If the info is not in the expected format.