openssh_key.kdf_options.bcrypt_options.BcryptKDFOptions

class openssh_key.kdf_options.bcrypt_options.BcryptKDFOptions(dict=None, /, **kwargs)

Bases: openssh_key.kdf_options.common.KDFOptions

Bcrypt-PBKDF2, as implemented by OpenSSH; viz., the RFC 2898 Password-based Key Derivation Function 2, using the Blowfish-cipher-based password hash function as the pseudorandom function.

__init__(dict=None, /, **kwargs)

Methods

__init__([dict])

clear()

copy()

derive_key(passphrase, length)

Derives a bcrypt-PBKDF2 result from a given passphrase and parameters.

fromkeys(iterable[, value])

generate_options(**kwargs)

Generates parameters to be consumed by bcrypt-PBKDF2.

get(k[,d])

get_options_format_instructions_dict()

The Pascal-style byte stream format instructions for the parameters to a key derivation function.

get_rounds()

rtype

int

get_salt_length()

rtype

int

items()

keys()

pop(k[,d])

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem()

as a 2-tuple; but raise KeyError if D is empty.

setdefault(k[,d])

update([E, ]**F)

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

values()

Attributes

OPTIONS_FORMAT_INSTRUCTIONS_DICT

The Pascal-style byte stream format instructions for the parameters to a key derivation function.

ROUNDS

SALT_LENGTH

clear() None.  Remove all items from D.
derive_key(passphrase, length)

Derives a bcrypt-PBKDF2 result from a given passphrase and parameters.

OpenSSH uses a hash length of 48 bytes: 32 for the symmetric key and 16 for the cipher initialization vector.

Parameters

  • options – Bcrypt-PBKDF2 parameters.

  • passphrase (str) – Passphrase from which to derive key.

Return type

bytes

Returns

Bcrypt-PBKDF2 result.

Raises

ValueErrorpassphrase or options['salt'] is empty, or options['rounds'] is negative.

classmethod generate_options(**kwargs)

Generates parameters to be consumed by bcrypt-PBKDF2.

Parameters

kwargs (Any) – Keyword arguments using which to generate parameters.

Return type

TypeVar(BcryptKDFOptionsTypeVar, bound= BcryptKDFOptions)

Returns

Generated key generation function parameters. Following OpenSSH, if kwargs['salt_length'] is not given, a salt of length 16 bytes is generated, and if kwargs['rounds'] is not given, 16 PBKDF2 rounds are used.

get(k[, d]) D[k] if k in D, else d.  d defaults to None.
classmethod get_options_format_instructions_dict()

The Pascal-style byte stream format instructions for the parameters to a key derivation function.

Return type

Mapping[str, Union[str, PascalStyleFormatInstruction, PascalStyleFormatInstructionStringLengthSize]]

items() a set-like object providing a view on D's items
keys() a set-like object providing a view on D's keys
pop(k[, d]) v, remove specified key and return the corresponding value.

If key is not found, d is returned if given, otherwise KeyError is raised.

popitem() (k, v), remove and return some (key, value) pair

as a 2-tuple; but raise KeyError if D is empty.

setdefault(k[, d]) D.get(k,d), also set D[k]=d if k not in D
update([E, ]**F) None.  Update D from mapping/iterable E and F.

If E present and has a .keys() method, does: for k in E: D[k] = E[k] If E present and lacks .keys() method, does: for (k, v) in E: D[k] = v In either case, this is followed by: for k, v in F.items(): D[k] = v

values() an object providing a view on D's values