saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

deprecate backend part 4 of n (#6522)

Browse source
This commit is contained in:
Paul Kehrer 2021-11-03 05:49:25 +08:00 committed by GitHub
parent 1040b39be5
commit e333fa3279
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 41 additions and 204 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/development/reviewing-patches.rst
View file

@ -16,7 +16,7 @@ Intent
Architecture
------------
* Is the proposed change being made in the correct place? Is it a fix in a
* Is the proposed change being made in the correct place? Is it a fix in the
backend when it should be in the primitives?
Implementation

4
docs/development/submitting-patches.rst
View file

@ -75,10 +75,6 @@ Every recipe should include a version or algorithmic marker of some sort in its
output in order to allow transparent upgrading of the algorithms in use, as
the algorithms or parameters needed to achieve a given security margin evolve.
APIs at the :doc:`/hazmat/primitives/index` and recipes layer should
automatically use the :func:`~cryptography.hazmat.backends.default_backend`,
but optionally allow specifying a different backend.
C bindings
~~~~~~~~~~

12
docs/hazmat/primitives/cryptographic-hashes.rst
View file

@ -5,7 +5,7 @@ Message digests (Hashing)
.. module:: cryptography.hazmat.primitives.hashes
.. class:: Hash(algorithm, backend=None)
.. class:: Hash(algorithm)
A cryptographic hash function takes an arbitrary block of data and
calculates a fixed-size bit string (a digest), such that different data
@ -27,10 +27,6 @@ Message digests (Hashing)
>>> digest.finalize()
b'l\xa1=R\xcap\xc8\x83\xe0\xf0\xbb\x10\x1eBZ\x89\xe8bM\xe5\x1d\xb2\xd29%\x93\xafj\x84\x11\x80\x90'
If the backend doesn't support the requested ``algorithm`` an
:class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
raised.
Keep in mind that attacks against cryptographic hashes only get stronger
with time, and that often algorithms that were once thought to be strong,
become broken. Because of this it's important to include a plan for
@ -41,13 +37,9 @@ Message digests (Hashing)
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
instance such as those described in
:ref:`below <cryptographic-hash-algorithms>`.
:param backend: An optional
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`
instance.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`
provided ``algorithm`` is unsupported.
.. method:: update(data)

85
docs/hazmat/primitives/key-derivation-functions.rst
View file

@ -36,7 +36,7 @@ PBKDF2
.. currentmodule:: cryptography.hazmat.primitives.kdf.pbkdf2
.. class:: PBKDF2HMAC(algorithm, length, salt, iterations, backend=None)
.. class:: PBKDF2HMAC(algorithm, length, salt, iterations)
.. versionadded:: 0.2
@ -85,12 +85,6 @@ PBKDF2
takes. Higher numbers help mitigate brute force attacks against derived
keys. A `more detailed description`_ can be consulted for additional
information.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.PBKDF2HMACBackend`
:raises TypeError: This exception is raised if ``salt`` is not ``bytes``.
@ -139,7 +133,7 @@ Scrypt
.. currentmodule:: cryptography.hazmat.primitives.kdf.scrypt
.. class:: Scrypt(salt, length, n, r, p, backend=None)
.. class:: Scrypt(salt, length, n, r, p)
.. versionadded:: 1.6
@ -181,8 +175,6 @@ Scrypt
power of 2.
:param int r: Block size parameter.
:param int p: Parallelization parameter.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.ScryptBackend`.
The computational and memory cost of Scrypt can be adjusted by manipulating
the 3 parameters: ``n``, ``r``, and ``p``. In general, the memory cost of
@ -196,9 +188,8 @@ Scrypt
minimum value of ``n=2**14`` for interactive logins (t < 100ms), or
``n=2**20`` for more sensitive files (t < 5s).
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.ScryptBackend`
:raises cryptography.exceptions.UnsupportedAlgorithm: If Scrypt is not
supported by the OpenSSL version ``cryptography`` is using.
:raises TypeError: This exception is raised if ``salt`` is not ``bytes``.
:raises ValueError: This exception is raised if ``n`` is less than 2, if
@ -251,7 +242,7 @@ ConcatKDF
.. currentmodule:: cryptography.hazmat.primitives.kdf.concatkdf
.. class:: ConcatKDFHash(algorithm, length, otherinfo, backend=None)
.. class:: ConcatKDFHash(algorithm, length, otherinfo)
.. versionadded:: 1.0
@ -291,13 +282,6 @@ ConcatKDF
:param bytes otherinfo: Application specific context information.
If ``None`` is explicitly passed an empty byte string will be used.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
if the provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`
:raises TypeError: This exception is raised if ``otherinfo`` is not
``bytes``.
@ -337,7 +321,7 @@ ConcatKDF
raises an exception if they do not match.
.. class:: ConcatKDFHMAC(algorithm, length, salt, otherinfo, backend=None)
.. class:: ConcatKDFHMAC(algorithm, length, salt, otherinfo)
.. versionadded:: 1.0
@ -386,13 +370,6 @@ ConcatKDF
:param bytes otherinfo: Application specific context information.
If ``None`` is explicitly passed an empty byte string will be used.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
:raises TypeError: This exception is raised if ``salt`` or ``otherinfo``
is not ``bytes``.
@ -436,7 +413,7 @@ HKDF
.. currentmodule:: cryptography.hazmat.primitives.kdf.hkdf
.. class:: HKDF(algorithm, length, salt, info, backend=None)
.. class:: HKDF(algorithm, length, salt, info)
.. versionadded:: 0.2
@ -488,13 +465,6 @@ HKDF
:param bytes info: Application specific context information. If ``None``
is explicitly passed an empty byte string will be used.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
:raises TypeError: This exception is raised if ``salt`` or ``info`` is not
``bytes``.
@ -535,7 +505,7 @@ HKDF
raises an exception if they do not match.
.. class:: HKDFExpand(algorithm, length, info, backend=None)
.. class:: HKDFExpand(algorithm, length, info)
.. versionadded:: 0.5
@ -579,12 +549,6 @@ HKDF
:param bytes info: Application specific context information. If ``None``
is explicitly passed an empty byte string will be used.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
:raises TypeError: This exception is raised if ``info`` is not ``bytes``.
.. method:: derive(key_material)
@ -632,7 +596,7 @@ KBKDF
.. currentmodule:: cryptography.hazmat.primitives.kdf.kbkdf
.. class:: KBKDFHMAC(algorithm, mode, length, rlen, llen, location,\
label, context, fixed, backend=None)
label, context, fixed)
.. versionadded:: 1.4
@ -706,13 +670,6 @@ KBKDF
may supply your own fixed data. If ``fixed`` is specified, ``label``
and ``context`` is ignored.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
if the provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
:raises TypeError: This exception is raised if ``label`` or ``context``
is not ``bytes``. Also raised if ``rlen`` or ``llen`` is not ``int``.
@ -756,7 +713,7 @@ KBKDF
raises an exception if they do not match.
.. class:: KBKDFCMAC(algorithm, mode, length, rlen, llen, location,\
label, context, fixed, backend=None)
label, context, fixed)
.. versionadded:: 35.0
@ -831,13 +788,8 @@ KBKDF
may supply your own fixed data. If ``fixed`` is specified, ``label``
and ``context`` is ignored.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.CMACBackend`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
if the provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.CMACBackend` or
``algorithm`` is not a subclass of
if ``algorithm`` is not a subclass of
:class:`~cryptography.hazmat.primitives.ciphers.CipherAlgorithm` and
:class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`.
@ -867,12 +819,6 @@ KBKDF
:meth:`verify` is
called more than
once.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
if ``backend`` passed to
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`
constructor does not support an ``algorithm`` passed to
:class:`~cryptography.hazmat.primitives.kdf.kbkdf.KBKDFCMAC`
constructor with given ``key_material``.
Derives a new key from the input key material.
@ -921,7 +867,7 @@ X963KDF
.. currentmodule:: cryptography.hazmat.primitives.kdf.x963kdf
.. class:: X963KDF(algorithm, length, otherinfo, backend=None)
.. class:: X963KDF(algorithm, length, otherinfo)
.. versionadded:: 1.1
@ -967,13 +913,6 @@ X963KDF
:param bytes sharedinfo: Application specific context information.
If ``None`` is explicitly passed an empty byte string will be used.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised
if the provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HashBackend`
:raises TypeError: This exception is raised if ``sharedinfo`` is not
``bytes``.

28
docs/hazmat/primitives/keywrap.rst
View file

@ -11,7 +11,7 @@ to protect keys at rest or transmit them over insecure networks. Many of the
protections offered by key wrapping are also offered by using authenticated
:doc:`symmetric encryption </hazmat/primitives/symmetric-encryption>`.
.. function:: aes_key_wrap(wrapping_key, key_to_wrap, backend=None)
.. function:: aes_key_wrap(wrapping_key, key_to_wrap)
.. versionadded:: 1.1
@ -22,14 +22,9 @@ protections offered by key wrapping are also offered by using authenticated
:param bytes key_to_wrap: The key to wrap.
:param backend: An optional
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
instance that supports
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.
:return bytes: The wrapped key as bytes.
.. function:: aes_key_unwrap(wrapping_key, wrapped_key, backend=None)
.. function:: aes_key_unwrap(wrapping_key, wrapped_key)
.. versionadded:: 1.1
@ -40,17 +35,12 @@ protections offered by key wrapping are also offered by using authenticated
:param bytes wrapped_key: The wrapped key.
:param backend: An optional
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
instance that supports
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.
:return bytes: The unwrapped key as bytes.
:raises cryptography.hazmat.primitives.keywrap.InvalidUnwrap: This is
raised if the key is not successfully unwrapped.
.. function:: aes_key_wrap_with_padding(wrapping_key, key_to_wrap, backend=None)
.. function:: aes_key_wrap_with_padding(wrapping_key, key_to_wrap)
.. versionadded:: 2.2
@ -61,14 +51,9 @@ protections offered by key wrapping are also offered by using authenticated
:param bytes key_to_wrap: The key to wrap.
:param backend: An optional
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
instance that supports
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.
:return bytes: The wrapped key as bytes.
.. function:: aes_key_unwrap_with_padding(wrapping_key, wrapped_key, backend=None)
.. function:: aes_key_unwrap_with_padding(wrapping_key, wrapped_key)
.. versionadded:: 2.2
@ -79,11 +64,6 @@ protections offered by key wrapping are also offered by using authenticated
:param bytes wrapped_key: The wrapped key.
:param backend: An optional
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
instance that supports
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES`.
:return bytes: The unwrapped key as bytes.
:raises cryptography.hazmat.primitives.keywrap.InvalidUnwrap: This is

11
docs/hazmat/primitives/mac/cmac.rst
View file

@ -17,7 +17,7 @@ of a message.
A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`.
.. class:: CMAC(algorithm, backend=None)
.. class:: CMAC(algorithm)
.. versionadded:: 0.4
@ -33,10 +33,6 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`.
>>> c.finalize()
b'CT\x1d\xc8\x0e\x15\xbe4e\xdb\xb6\x84\xca\xd9Xk'
If the backend doesn't support the requested ``algorithm`` an
:class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
raised.
If ``algorithm`` isn't a
:class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`
instance then ``TypeError`` will be raised.
@ -55,13 +51,10 @@ A subset of CMAC with the AES-128 algorithm is described in :rfc:`4493`.
:param algorithm: An instance of
:class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`.
:param backend: An optional instance of
:class:`~cryptography.hazmat.backends.interfaces.CMACBackend`.
:raises TypeError: This is raised if the provided ``algorithm`` is not an instance of
:class:`~cryptography.hazmat.primitives.ciphers.BlockCipherAlgorithm`
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.CMACBackend`
provided ``algorithm`` is unsupported.
.. method:: update(data)

12
docs/hazmat/primitives/mac/hmac.rst
View file

@ -15,7 +15,7 @@ message authentication codes using a cryptographic hash function coupled with a
secret key. You can use an HMAC to verify both the integrity and authenticity
of a message.
.. class:: HMAC(key, algorithm, backend=None)
.. class:: HMAC(key, algorithm)
HMAC objects take a ``key`` and a
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` instance.
@ -35,10 +35,6 @@ of a message.
>>> signature
b'k\xd9\xb29\xefS\xf8\xcf\xec\xed\xbf\x95\xe6\x97X\x18\x9e%\x11DU1\x9fq}\x9a\x9c\xe0)y`='
If the backend doesn't support the requested ``algorithm`` an
:class:`~cryptography.exceptions.UnsupportedAlgorithm` exception will be
raised.
If ``algorithm`` isn't a
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` instance
then ``TypeError`` will be raised.
@ -64,13 +60,9 @@ of a message.
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
instance such as those described in
:ref:`Cryptographic Hashes <cryptographic-hash-algorithms>`.
:param backend: An optional
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
instance.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.HMACBackend`
provided ``algorithm`` isn't supported.
.. method:: update(msg)

19
docs/hazmat/primitives/symmetric-encryption.rst
View file

@ -21,7 +21,7 @@ in an "encrypt-then-MAC" formulation as `described by Colin Percival`_.
**To minimize the risk of security issues you should evaluate Fernet to see if
it fits your needs before implementing anything using this module.**
.. class:: Cipher(algorithm, mode, backend=None)
.. class:: Cipher(algorithm, mode)
Cipher objects combine an algorithm such as
:class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` with a
@ -50,13 +50,9 @@ it fits your needs before implementing anything using this module.**
:param mode: A :class:`~cryptography.hazmat.primitives.ciphers.modes.Mode`
instance such as those described
:ref:`below <symmetric-encryption-modes>`.
:param backend: An optional
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
instance.
:raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if the
provided ``backend`` does not implement
:class:`~cryptography.hazmat.backends.interfaces.CipherBackend`
provided ``algorithm`` is unsupported.
.. method:: encryptor()
@ -64,8 +60,8 @@ it fits your needs before implementing anything using this module.**
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext`
instance.
If the backend doesn't support the requested combination of ``cipher``
and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm`
If the requested combination of ``algorithm`` and ``mode`` is
unsupported an :class:`~cryptography.exceptions.UnsupportedAlgorithm`
exception will be raised.
.. method:: decryptor()
@ -74,8 +70,8 @@ it fits your needs before implementing anything using this module.**
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext`
instance.
If the backend doesn't support the requested combination of ``cipher``
and ``mode`` an :class:`~cryptography.exceptions.UnsupportedAlgorithm`
If the requested combination of ``algorithm`` and ``mode`` is
unsupported an :class:`~cryptography.exceptions.UnsupportedAlgorithm`
exception will be raised.
.. _symmetric-encryption-algorithms:
@ -741,9 +737,6 @@ Interfaces used by the symmetric cipher modes described in
This should be the standard shorthand name for the mode, for example
Cipher-Block Chaining mode is "CBC".
The name may be used by a backend to influence the operation of a
cipher in conjunction with the algorithm's name.
.. method:: validate_for_algorithm(algorithm)
:param cryptography.hazmat.primitives.ciphers.CipherAlgorithm algorithm:

72
docs/x509/reference.rst
View file

@ -149,7 +149,7 @@ X.509 Reference
Loading Certificates
~~~~~~~~~~~~~~~~~~~~
.. function:: load_pem_x509_certificate(data, backend=None)
.. function:: load_pem_x509_certificate(data)
.. versionadded:: 0.7
@ -159,10 +159,6 @@ Loading Certificates
:param bytes data: The PEM encoded certificate data.
:param backend: An optional backend supporting the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
:returns: An instance of :class:`~cryptography.x509.Certificate`.
.. doctest::
@ -172,7 +168,7 @@ Loading Certificates
>>> cert.serial_number
2
.. function:: load_der_x509_certificate(data, backend=None)
.. function:: load_der_x509_certificate(data)
.. versionadded:: 0.7
@ -182,16 +178,12 @@ Loading Certificates
:param bytes data: The DER encoded certificate data.
:param backend: An optional backend supporting the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
:returns: An instance of :class:`~cryptography.x509.Certificate`.
Loading Certificate Revocation Lists
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. function:: load_pem_x509_crl(data, backend=None)
.. function:: load_pem_x509_crl(data)
.. versionadded:: 1.1
@ -201,10 +193,6 @@ Loading Certificate Revocation Lists
:param bytes data: The PEM encoded request data.
:param backend: An optional backend supporting the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
:returns: An instance of
:class:`~cryptography.x509.CertificateRevocationList`.
@ -216,7 +204,7 @@ Loading Certificate Revocation Lists
>>> isinstance(crl.signature_hash_algorithm, hashes.SHA256)
True
.. function:: load_der_x509_crl(data, backend=None)
.. function:: load_der_x509_crl(data)
.. versionadded:: 1.1
@ -225,17 +213,13 @@ Loading Certificate Revocation Lists
:param bytes data: The DER encoded request data.
:param backend: An optional backend supporting the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
:returns: An instance of
:class:`~cryptography.x509.CertificateRevocationList`.
Loading Certificate Signing Requests
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. function:: load_pem_x509_csr(data, backend=None)
.. function:: load_pem_x509_csr(data)
.. versionadded:: 0.9
@ -246,10 +230,6 @@ Loading Certificate Signing Requests
:param bytes data: The PEM encoded request data.
:param backend: An optional backend supporting the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
:returns: An instance of
:class:`~cryptography.x509.CertificateSigningRequest`.
@ -261,7 +241,7 @@ Loading Certificate Signing Requests
>>> isinstance(csr.signature_hash_algorithm, hashes.SHA256)
True
.. function:: load_der_x509_csr(data, backend=None)
.. function:: load_der_x509_csr(data)
.. versionadded:: 0.9
@ -270,10 +250,6 @@ Loading Certificate Signing Requests
:param bytes data: The DER encoded request data.
:param backend: An optional backend supporting the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
:returns: An instance of
:class:`~cryptography.x509.CertificateSigningRequest`.
@ -774,7 +750,7 @@ X.509 Certificate Builder
:param critical: Set to ``True`` if the extension must be understood and
handled by whoever reads the certificate.
.. method:: sign(private_key, algorithm, backend=None)
.. method:: sign(private_key, algorithm)
Sign the certificate using the CA's private key.
@ -797,11 +773,6 @@ X.509 Certificate Builder
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
otherwise.
:param backend: An optional backend used to build the certificate.
Must support the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
:returns: :class:`~cryptography.x509.Certificate`
@ -1012,7 +983,7 @@ X.509 Certificate Revocation List Builder
obtained from an existing CRL or created with
:class:`~cryptography.x509.RevokedCertificateBuilder`.
.. method:: sign(private_key, algorithm, backend=None)
.. method:: sign(private_key, algorithm)
Sign this CRL using the CA's private key.
@ -1035,11 +1006,6 @@ X.509 Certificate Revocation List Builder
:class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`
otherwise.
:param backend: An optional backend used to build the CRL.
Must support the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
:returns: :class:`~cryptography.x509.CertificateRevocationList`
X.509 Revoked Certificate Object
@ -1130,14 +1096,9 @@ X.509 Revoked Certificate Builder
:param critical: Set to ``True`` if the extension must be understood and
handled.
.. method:: build(backend=None)
.. method:: build()
Create a revoked certificate object using the provided backend.
:param backend: An optional backend used to build the revoked
certificate. Must support the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
Create a revoked certificate object.
:returns: :class:`~cryptography.x509.RevokedCertificate`
@ -1200,12 +1161,7 @@ X.509 CSR (Certificate Signing Request) Builder Object
:returns: A new
:class:`~cryptography.x509.CertificateSigningRequestBuilder`.
.. method:: sign(private_key, algorithm, backend=None)
:param backend: An optional backend used to sign the request.
Must support the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
.. method:: sign(private_key, algorithm)
:param private_key: The
:class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
@ -1282,14 +1238,10 @@ X.509 CSR (Certificate Signing Request) Builder Object
>>> cert.subject.get_attributes_for_oid(NameOID.COMMON_NAME)
[<NameAttribute(oid=<ObjectIdentifier(oid=2.5.4.3, name=commonName)>, value='Good CA')>]
.. method:: public_bytes(backend=None)
.. method:: public_bytes()
.. versionadded:: 1.6
:param backend: An optional backend supporting the
:class:`~cryptography.hazmat.backends.interfaces.X509Backend`
interface.
:return bytes: The DER encoded name.
.. method:: rfc4514_string(attr_name_overrides=None)