google.auth.crypt.es256 module

ECDSA (ES256) verifier and signer that use the cryptography library.

class ES256Verifier(public_key)[source]

Bases: google.auth.crypt.base.Verifier

Verifies ECDSA cryptographic signatures using public keys.

Parameters:( (public_key) – The public key used to verify signatures.
verify(message, signature)[source]

Verifies a message against a cryptographic signature.

  • message (Union [ str, bytes ]) – The message to verify.
  • signature (Union [ str, bytes ]) – The cryptography signature to check.

True if message was signed by the private key associated with the public key that this object was constructed with.

Return type:


classmethod from_string(public_key)[source]

Construct an Verifier instance from a public key or public certificate string.

Parameters:public_key (Union [ str, bytes ]) – The public key in PEM format or the x509 public key certificate.
Returns:The constructed verifier.
Return type:Verifier
Raises:ValueError – If the public key can’t be parsed.
class ES256Signer(private_key, key_id=None)[source]

Bases: google.auth.crypt.base.Signer, google.auth.crypt.base.FromServiceAccountMixin

Signs messages with an ECDSA private key.

  • ( (private_key) – The private key to sign with.
  • key_id (str) – Optional key ID used to identify this private key. This can be useful to associate the private key with its associated public key or certificate.

The key ID used to identify this private key.

Type:Optional [ str ]

Signs a message.

Parameters:message (Union [ str, bytes ]) – The message to be signed.
Returns:The signature of the message.
Return type:bytes
classmethod from_string(key, key_id=None)[source]

Construct a RSASigner from a private key in PEM format.

  • key (Union [ bytes, str ]) – Private key in PEM format.
  • key_id (str) – An optional key id used to identify the private key.

The constructed signer.

Return type:


  • ValueError – If key is not bytes or str (unicode).
  • UnicodeDecodeError – If key is bytes but cannot be decoded into a UTF-8 str.
  • ValueError – If cryptography “Could not deserialize key data.”
classmethod from_service_account_file(filename)

Creates a Signer instance from a service account .json file in Google format.

Parameters:filename (str) – The path to the service account .json file.
Returns:The constructed signer.
Return type:google.auth.crypt.Signer
classmethod from_service_account_info(info)

Creates a Signer instance instance from a dictionary containing service account info in Google format.

Parameters:info (Mapping [ str, str ]) – The service account info in Google format.
Returns:The constructed signer.
Return type:google.auth.crypt.Signer
Raises:ValueError – If the info is not in the expected format.