aboutsummaryrefslogtreecommitdiffstats
path: root/docs/pem.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/pem.md')
-rw-r--r--docs/pem.md79
1 files changed, 79 insertions, 0 deletions
diff --git a/docs/pem.md b/docs/pem.md
new file mode 100644
index 0000000..4f4bca7
--- /dev/null
+++ b/docs/pem.md
@@ -0,0 +1,79 @@
+# PEM Decoder and Encoder
+
+Often times DER-encoded data is wrapped in PEM encoding. This allows the binary
+DER data to be identified and reliably sent over various communication channels.
+
+The `asn1crypto.pem` module includes three functions:
+
+ - `detect(byte_string)`
+ - `unarmor(pem_bytes, multiple=False)`
+ - `armor(type_name, der_bytes, headers=None)`
+
+## detect()
+
+The `detect()` function accepts a byte string and looks for a `BEGIN` block
+line. This is useful to determine in a byte string needs to be PEM-decoded
+before parsing.
+
+```python
+from asn1crypto import pem, x509
+
+with open('/path/to/cert', 'rb') as f:
+ der_bytes = f.read()
+ if pem.detect(der_bytes):
+ _, _, der_bytes = pem.unarmor(der_bytes)
+```
+
+## unarmor()
+
+The `unarmor()` function accepts a byte string and the flag to indicates if
+more than one PEM block may be contained in the byte string. The result is
+a three-element tuple.
+
+ - The first element is a unicode string of the type of PEM block. Examples
+ include: `CERTIFICATE`, `PRIVATE KEY`, `PUBLIC KEY`.
+ - The second element is a `dict` of PEM block headers. Headers are typically
+ only used by encrypted OpenSSL private keys, and are in the format
+ `Name: Value`.
+ - The third element is a byte string of the decoded block contents.
+
+```python
+from asn1crypto import pem, x509
+
+with open('/path/to/cert', 'rb') as f:
+ der_bytes = f.read()
+ if pem.detect(der_bytes):
+ type_name, headers, der_bytes = pem.unarmor(der_bytes)
+
+cert = x509.Certificate.load(der_bytes)
+```
+
+If the `multiple` keyword argument is set to `True`, a generator will be
+returned.
+
+```python
+from asn1crypto import pem, x509
+
+certs = []
+with open('/path/to/ca_certs', 'rb') as f:
+ for type_name, headers, der_bytes in pem.unarmor(f.read(), multiple=True):
+ certs.append(x509.Certificate.load(der_bytes))
+```
+
+## armor()
+
+The `armor()` function accepts three parameters: a unicode string of the block
+type name, a byte string to encode and an optional keyword argument `headers`,
+that should be a `dict` of headers to add after the `BEGIN` line. Headers are
+typically only used by encrypted OpenSSL private keys.
+
+```python
+from asn1crypto import pem, x509
+
+# cert is an instance of x509.Certificate
+
+with open('/path/to/cert', 'wb') as f:
+ der_bytes = cert.dump()
+ pem_bytes = pem.armor('CERTIFICATE', der_bytes)
+ f.write(pem_bytes)
+```
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 22:24:22 +0000