mbedtls.x509 Module API

Structure and functions for parsing and writing X.509 certificates.

class mbedtls.x509.BasicConstraints

The basic constraints for the certificate.

class mbedtls.x509.CRL

X.509 revocation list.

from_DER()
from_PEM()
from_file()
issuer_name

Entity that has signed and issued the certificate.

See also

RFC 5280, Section 5.1.2.3 Issuer Name

next_update

The date by which the next certificate will be issued.

See also

RFC 5280, Section 5.1.2.5 Next Update

revoked_certificates

The list of revoked certificates.

See also

RFC 5280, Section 5.1.2.6 Revoked Certificates

signature_value

Cryptographic algorithm used by the CA to sign this CRL.

See also

RFC 5280, Section 5.1.1.3 Signature Algorithm

tbs_certificate

The TBS (to be signed) certificate in DER format.

See also

RFC 5280, Section 5.1.1.1 TBS Certificate

this_update

The issue date of this certificate.

See also

RFC 5280, Section 5.1.2.4 This Update

to_DER()
to_PEM()
version

The version of the encoded certificate.

See also

RF 5280, Section 5.1.2.1 Version

class mbedtls.x509.CRLEntry

An entry in the revocation list.

class mbedtls.x509.CRT

X.509 certificate.

basic_constraints

ca is true if the certified public key may be used to verify certificate signatures.

See also

  • RFC 5280, Section 4.2.1.9 Basic Constraints

  • RFC 5280, max_path_length

check_revocation()

Return True if the certificate is revoked, False otherwise.

digestmod
from_DER()
from_PEM()
from_file()
issuer

Entity that has signed and issued the certificate.

See also

RFC 5280, Section 4.1.2.4 Issuer

key_usage

Key usage extension (bitfield).

See also

RFC 5280, Section 4.2.1.3 Key Usage

static new()

Return a new certificate.

not_after

End of the validity of the certificate (inclusive).

See also

RFC 5280, Section 4.1.2.5 Validity

not_before

Beginning of the validity of the certificate (inclusive).

See also

RFC 5280, Section 4.1.2.5 Validity

selfsign()

Return a new, self-signed certificate for the CSR.

serial_number

The certificate serial number.

See also

RFC 5280, Section 4.1.2.2 Serial Number

sign()

Return a new, signed certificate for the CSR.

signature_value

Digital signature of the TBS certificate.

See also

RFC 5280, Section 4.1.1.3 Signature Value

subject

Entity associated with the public key.

See also

RFC 5280, Section 4.1.2.6 Subject

subject_alternative_names

Subject alternative name extension.

See also

RFC 5280, Section 4.2.1.6 Subject Alternative Name

subject_public_key

The public key.

See also

RFC 5280, Section 4.1.2.7 Subject Public Key Info

tbs_certificate

The TBS (to be signed) certificate in DER format.

See also

RFC 5280, Section 4.1.1.1 TBS Certificate

to_DER()
to_PEM()
verify()

Verify the certificate crt.

version

The version of the encoded certificate.

See also

RF 5280, Section 4.1.2.1 Version

class mbedtls.x509.CSR

X.509 certificate signing request parser.

digestmod

Return the hash function used for the signature.

See also

RFC5280, Section 4.1.1.2 Signature Algorithm.

from_DER()
from_PEM()
from_file()
static new()

Return a new CSR.

subject

Entity associated with the public key.

See also

RFC 5280, Section 4.1.2.6 Subject

subject_public_key

The public key.

See also

RFC 5280, Section 4.1.2.7 Subject Public Key Info

to_DER()
to_PEM()
version

The version of the encoded certificate.

See also

RF 5280, Section 4.1.2.1 Version

class mbedtls.x509.Certificate
export()
from_DER()
from_PEM()
from_buffer()
from_file()
to_DER()
to_PEM()
to_bytes()
mbedtls.x509.DER_to_PEM()
class mbedtls.x509.KeyUsage

Key Usage Extension.

See also

RFC 5280 - 4.2.1.3 Key Usage.

CRL_SIGN = 2
DATA_ENCIPHERMENT = 16
DECIPHER_ONLY = 32768
DIGITAL_SIGNATURE = 128
ENCIPHER_ONLY = 1
KEY_AGREEMENT = 8
KEY_CERT_SIGN = 4
KEY_ENCIPHERMENT = 32
NON_REPUDIATION = 64
mbedtls.x509.PEM_to_DER()