asyncua.crypto package#
asyncua.crypto.permission_rules module#
- class asyncua.crypto.permission_rules.PermissionRuleset#
Bases:
object
Base class for permission ruleset
- check_validity(user, action_type, body)#
- class asyncua.crypto.permission_rules.SimpleRoleRuleset#
Bases:
PermissionRuleset
Standard simple role-based ruleset. Admins alone can write, admins and users can read, and anonymous users can’t do anything.
- check_validity(user, action_type_id, body)#
asyncua.crypto.security_policies module#
- class asyncua.crypto.security_policies.Cryptography(mode=MessageSecurityMode.Sign)#
Bases:
CryptographyNone
Security policy: Sign or SignAndEncrypt
- decrypt(data)#
- encrypt(data)#
- encrypted_block_size()#
Size of encrypted text block for block cipher.
- min_padding_size()#
- padding(size)#
Create padding for a block of given size. plain_size = size + len(padding) + signature_size() plain_size = N * plain_block_size()
- plain_block_size()#
Size of plain text block for block cipher.
- remove_padding(data)#
- revolved_expired_key()#
Remove expired keys as soon as possible
- signature(data)#
- signature_size()#
- property use_prev_key#
- verify(data, sig)#
Verify signature and raise exception if signature is invalid
- vsignature_size()#
- class asyncua.crypto.security_policies.Decryptor#
Bases:
object
Abstract base class for decryption algorithm
- abstract decrypt(data)#
- abstract encrypted_block_size()#
- abstract plain_block_size()#
- reset()#
- class asyncua.crypto.security_policies.DecryptorAesCbc(key, init_vec)#
Bases:
Decryptor
- decrypt(data)#
- encrypted_block_size()#
- plain_block_size()#
- class asyncua.crypto.security_policies.DecryptorRsa(client_pk, dec_fn, padding_size)#
Bases:
Decryptor
- decrypt(data)#
- encrypted_block_size()#
- plain_block_size()#
- class asyncua.crypto.security_policies.Encryptor#
Bases:
object
Abstract base class for encryption algorithm
- abstract encrypt(data)#
- abstract encrypted_block_size()#
- abstract plain_block_size()#
- class asyncua.crypto.security_policies.EncryptorAesCbc(key, init_vec)#
Bases:
Encryptor
- encrypt(data)#
- encrypted_block_size()#
- plain_block_size()#
- class asyncua.crypto.security_policies.EncryptorRsa(server_cert, enc_fn, padding_size)#
Bases:
Encryptor
- encrypt(data)#
- encrypted_block_size()#
- plain_block_size()#
- class asyncua.crypto.security_policies.SecurityPolicyAes128Sha256RsaOaep(peer_cert, host_cert, client_pk, mode, permission_ruleset=None)#
Bases:
SecurityPolicy
Security Aes128 Sha256 RsaOaep A suite of algorithms that uses Sha256 as Key-Wrap-algorithm and 128-Bit (16 bytes) for encryption algorithms.
SymmetricSignatureAlgorithm_HMAC-SHA2-256 https://tools.ietf.org/html/rfc4634
SymmetricEncryptionAlgorithm_AES128-CBC http://www.w3.org/2001/04/xmlenc#aes256-cbc
AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1 http://www.w3.org/2001/04/xmlenc#rsa-oaep
KeyDerivationAlgorithm_P-SHA2-256 http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha256
CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- Aes128Sha256RsaOaep_Limits
-> DerivedSignatureKeyLength: 256 bits -> MinAsymmetricKeyLength: 2048 bits -> MaxAsymmetricKeyLength: 4096 bits -> SecureChannelNonceLength: 32 bytes
- AsymmetricEncryptionURI = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep'#
- URI = 'http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep'#
- static encrypt_asymmetric(pubkey, data)#
- make_local_symmetric_key(secret, seed)#
- make_remote_symmetric_key(secret, seed, lifetime)#
- class asyncua.crypto.security_policies.SecurityPolicyAes256Sha256RsaPss(peer_cert, host_cert, client_pk, mode, permission_ruleset=None)#
Bases:
SecurityPolicy
Security policy Aes256_Sha256_RsaPss implementation
SymmetricSignatureAlgorithm_HMAC-SHA2-256 https://tools.ietf.org/html/rfc4634
SymmetricEncryptionAlgorithm_AES256-CBC http://www.w3.org/2001/04/xmlenc#aes256-cbc
AsymmetricSignatureAlgorithm_RSA-PSS-SHA2-256 http://opcfoundation.org/UA/security/rsa-pss-sha2-256
AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA2-256 http://opcfoundation.org/UA/security/rsa-oaep-sha2-256
KeyDerivationAlgorithm_P-SHA2-256 http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha256
CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- Aes256Sha256RsaPss_Limits
-> DerivedSignatureKeyLength: 256 bits -> MinAsymmetricKeyLength: 2048 bits -> MaxAsymmetricKeyLength: 4096 bits -> SecureChannelNonceLength: 32 bytes
- AsymmetricEncryptionURI = 'http://opcfoundation.org/UA/security/rsa-oaep-sha2-256'#
- URI = 'http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss'#
- static encrypt_asymmetric(pubkey, data)#
- make_local_symmetric_key(secret, seed)#
- make_remote_symmetric_key(secret, seed, lifetime)#
- class asyncua.crypto.security_policies.SecurityPolicyBasic128Rsa15(peer_cert, host_cert, client_pk, mode, permission_ruleset=None)#
Bases:
SecurityPolicy
DEPRECATED, do not use anymore!
Security Basic 128Rsa15 A suite of algorithms that uses RSA15 as Key-Wrap-algorithm and 128-Bit (16 bytes) for encryption algorithms. - SymmetricSignatureAlgorithm - HmacSha1
SymmetricEncryptionAlgorithm - Aes128 (http://www.w3.org/2001/04/xmlenc#aes128-cbc)
AsymmetricSignatureAlgorithm - RsaSha1 (http://www.w3.org/2000/09/xmldsig#rsa-sha1)
AsymmetricKeyWrapAlgorithm - KwRsa15 (http://www.w3.org/2001/04/xmlenc#rsa-1_5)
AsymmetricEncryptionAlgorithm - Rsa15 (http://www.w3.org/2001/04/xmlenc#rsa-1_5)
KeyDerivationAlgorithm - PSha1 (http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
DerivedSignatureKeyLength - 128 (16 bytes)
MinAsymmetricKeyLength - 1024 (128 bytes)
MaxAsymmetricKeyLength - 2048 (256 bytes)
CertificateSignatureAlgorithm - Sha1
If a certificate or any certificate in the chain is not signed with a hash that is Sha1 or stronger than the certificate shall be rejected.
- AsymmetricEncryptionURI = 'http://www.w3.org/2001/04/xmlenc#rsa-1_5'#
- URI = 'http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15'#
- static encrypt_asymmetric(pubkey, data)#
- make_local_symmetric_key(secret, seed)#
- make_remote_symmetric_key(secret, seed, lifetime)#
- class asyncua.crypto.security_policies.SecurityPolicyBasic256(peer_cert, host_cert, client_pk, mode, permission_ruleset=None)#
Bases:
SecurityPolicy
DEPRECATED, do not use anymore!
Security Basic 256 A suite of algorithms that are for 256-Bit (32 bytes) encryption, algorithms include: - SymmetricSignatureAlgorithm - HmacSha1
SymmetricEncryptionAlgorithm - Aes256 (http://www.w3.org/2001/04/xmlenc#aes256-cbc)
AsymmetricSignatureAlgorithm - RsaSha1 (http://www.w3.org/2000/09/xmldsig#rsa-sha1)
AsymmetricKeyWrapAlgorithm - KwRsaOaep (http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p)
AsymmetricEncryptionAlgorithm - RsaOaep (http://www.w3.org/2001/04/xmlenc#rsa-oaep)
KeyDerivationAlgorithm - PSha1 (http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1)
DerivedSignatureKeyLength - 192 (24 bytes)
MinAsymmetricKeyLength - 1024 (128 bytes)
MaxAsymmetricKeyLength - 2048 (256 bytes)
CertificateSignatureAlgorithm - Sha1
If a certificate or any certificate in the chain is not signed with a hash that is Sha1 or stronger than the certificate shall be rejected.
- AsymmetricEncryptionURI = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep'#
- URI = 'http://opcfoundation.org/UA/SecurityPolicy#Basic256'#
- static encrypt_asymmetric(pubkey, data)#
- make_local_symmetric_key(secret, seed)#
- make_remote_symmetric_key(secret, seed, lifetime)#
- class asyncua.crypto.security_policies.SecurityPolicyBasic256Sha256(peer_cert, host_cert, client_pk, mode, permission_ruleset=None)#
Bases:
SecurityPolicy
Security Basic 256Sha256 A suite of algorithms that uses Sha256 as Key-Wrap-algorithm and 256-Bit (32 bytes) for encryption algorithms.
SymmetricSignatureAlgorithm_HMAC-SHA2-256 https://tools.ietf.org/html/rfc4634
SymmetricEncryptionAlgorithm_AES256-CBC http://www.w3.org/2001/04/xmlenc#aes256-cbc
AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1 http://www.w3.org/2001/04/xmlenc#rsa-oaep
KeyDerivationAlgorithm_P-SHA2-256 http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha256
CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256 http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- Basic256Sha256_Limits
-> DerivedSignatureKeyLength: 256 bits -> MinAsymmetricKeyLength: 2048 bits -> MaxAsymmetricKeyLength: 4096 bits -> SecureChannelNonceLength: 32 bytes
- AsymmetricEncryptionURI = 'http://www.w3.org/2001/04/xmlenc#rsa-oaep'#
- URI = 'http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256'#
- static encrypt_asymmetric(pubkey, data)#
- make_local_symmetric_key(secret, seed)#
- make_remote_symmetric_key(secret, seed, lifetime)#
- class asyncua.crypto.security_policies.Signer#
Bases:
object
Abstract base class for cryptographic signature algorithm
- abstract signature(data)#
- abstract signature_size()#
- class asyncua.crypto.security_policies.SignerAesCbc(key)#
Bases:
Signer
- signature(data)#
- signature_size()#
- class asyncua.crypto.security_policies.SignerHMac256(key)#
Bases:
Signer
- signature(data)#
- signature_size()#
- class asyncua.crypto.security_policies.SignerPssSha256(client_pk)#
Bases:
Signer
- signature(data)#
- signature_size()#
- class asyncua.crypto.security_policies.SignerRsa(client_pk)#
Bases:
Signer
- signature(data)#
- signature_size()#
- class asyncua.crypto.security_policies.SignerSha256(client_pk)#
Bases:
Signer
- signature(data)#
- signature_size()#
- class asyncua.crypto.security_policies.Verifier#
Bases:
object
Abstract base class for cryptographic signature verification
- reset()#
- abstract signature_size()#
- abstract verify(data, signature)#
- class asyncua.crypto.security_policies.VerifierAesCbc(key)#
Bases:
Verifier
- signature_size()#
- verify(data, signature)#
- class asyncua.crypto.security_policies.VerifierHMac256(key)#
Bases:
Verifier
- signature_size()#
- verify(data, signature)#
- class asyncua.crypto.security_policies.VerifierPssSha256(server_cert)#
Bases:
Verifier
- signature_size()#
- verify(data, signature)#
- class asyncua.crypto.security_policies.VerifierRsa(server_cert)#
Bases:
Verifier
- signature_size()#
- verify(data, signature)#
- class asyncua.crypto.security_policies.VerifierSha256(server_cert)#
Bases:
Verifier
- signature_size()#
- verify(data, signature)#
- asyncua.crypto.security_policies.encrypt_asymmetric(pubkey, data, policy_uri)#
Encrypt data with pubkey using an asymmetric algorithm. The algorithm is selected by policy_uri. Returns a tuple (encrypted_data, algorithm_uri)
- asyncua.crypto.security_policies.require_cryptography(obj)#
Raise exception if cryptography module is not available. Call this function in constructors.
asyncua.crypto.uacrypto module#
- class asyncua.crypto.uacrypto.CertProperties(path_or_content: bytes | pathlib.Path | str, extension: str | None = None, password: str | bytes | NoneType = None)#
Bases:
object
- asyncua.crypto.uacrypto.check_certificate(cert: Certificate, application_uri: str, hostname: str | None = None) bool #
check certificate if it matches the application_uri and log errors.
- asyncua.crypto.uacrypto.cipher_aes_cbc(key, init_vec)#
- asyncua.crypto.uacrypto.cipher_decrypt(cipher, data)#
- asyncua.crypto.uacrypto.cipher_encrypt(cipher, data)#
- asyncua.crypto.uacrypto.decrypt_rsa15(private_key, data)#
- asyncua.crypto.uacrypto.decrypt_rsa_oaep(private_key, data)#
- asyncua.crypto.uacrypto.decrypt_rsa_oaep_sha256(private_key, data)#
- asyncua.crypto.uacrypto.der_from_x509(certificate)#
- asyncua.crypto.uacrypto.encrypt_basic256(public_key, data)#
- asyncua.crypto.uacrypto.encrypt_rsa15(public_key, data)#
- asyncua.crypto.uacrypto.encrypt_rsa_oaep(public_key, data)#
- asyncua.crypto.uacrypto.encrypt_rsa_oaep_sha256(public_key, data)#
- asyncua.crypto.uacrypto.hmac_sha1(key, message)#
- asyncua.crypto.uacrypto.hmac_sha256(key, message)#
- async asyncua.crypto.uacrypto.load_certificate(path_or_content: bytes | str | Path, extension: str | None = None)#
- async asyncua.crypto.uacrypto.load_private_key(path_or_content: str | Path | bytes, password: str | bytes | None = None, extension: str | None = None)#
- asyncua.crypto.uacrypto.p_sha1(secret, seed, sizes=())#
Derive one or more keys from secret and seed. (See specs part 6, 6.7.5 and RFC 2246 - TLS v1.0) Lengths of keys will match sizes argument
- asyncua.crypto.uacrypto.p_sha256(secret, seed, sizes=())#
Derive one or more keys from secret and seed. (See specs part 6, 6.7.5 and RFC 2246 - TLS v1.0) Lengths of keys will match sizes argument
- asyncua.crypto.uacrypto.pem_from_key(private_key: RSAPrivateKey) bytes #
dumps a private key in PEM format
- Args:
private_key (rsa.RSAPrivateKey): The privatekey to dump
- Returns:
bytes: The private as PEM/PKCS8 format
- asyncua.crypto.uacrypto.sha1_size()#
- asyncua.crypto.uacrypto.sha256_size()#
- asyncua.crypto.uacrypto.sign_pss_sha256(private_key, data)#
- asyncua.crypto.uacrypto.sign_sha1(private_key, data)#
- asyncua.crypto.uacrypto.sign_sha256(private_key, data)#
- asyncua.crypto.uacrypto.verify_pss_sha256(certificate, data, signature)#
- asyncua.crypto.uacrypto.verify_sha1(certificate, data, signature)#
- asyncua.crypto.uacrypto.verify_sha256(certificate, data, signature)#
- asyncua.crypto.uacrypto.x509_from_der(data)#
- asyncua.crypto.uacrypto.x509_name_to_string(name)#
- asyncua.crypto.uacrypto.x509_to_string(cert)#
Convert x509 certificate to human-readable string