openssh_key.private_key_list.PrivateKeyList

class openssh_key.private_key_list.PrivateKeyList(initlist, byte_string=None, header=None, cipher_bytes=None, kdf_options=None, decipher_bytes=None, decipher_bytes_header=None, decipher_padding=None)

Bases: collections.UserList

A container for multiple pairs of PublicKey and PrivateKey.

The format of an OpenSSH private key list file is specified in the openssh-key-v1 vendor extension, base64-encoded with a PEM-style header and footer (wrapped at 70 characters per line).

At present, OpenSSH only supports one key in a private key list file.

Parameters

• initlist (List[PublicPrivateKeyPair]) – A list of pairs of PublicKey and PrivateKey.

• byte_string (Optional[bytes]) – The original byte string from which initlist was parsed.

• header (Optional[Mapping[str, Any]]) – The values in the encoded header of the key list.

• cipher_bytes (Optional[bytes]) – The original encrypted private byte string.

• kdf_options (Optional[KDFOptions]) – The values in the key derivation function parameters.

• decipher_bytes (Optional[bytes]) – The original decrypted private byte string.

• decipher_bytes_header (Optional[Mapping[str, Any]]) – The values in the header of the decrypted private byte string.

• decipher_padding (Optional[bytes]) – The values that pad the decrypted private byte string.

__init__(initlist, byte_string=None, header=None, cipher_bytes=None, kdf_options=None, decipher_bytes=None, decipher_bytes_header=None, decipher_padding=None)

Methods

__init__(initlist[, byte_string, header, ...])
append(item)	S.append(value) -- append value to the end of the sequence
clear()
copy()
count(value)
extend(other)	S.extend(iterable) -- extend sequence by appending elements from the iterable
from_bytes(byte_string[, passphrase])	Parses a private key list from a given byte string.
from_list(key_pair_list[, cipher, kdf, ...])	Constructs and initializes a private key list from a given list of key pairs and metadata.
from_string(string[, passphrase])	Parses a private key list from a given string.
get_decipher_bytes_header_format_instructions_dict()	The Pascal-style byte stream format instructions for the header of the decrypted private byte string.
get_header_format_instructions_dict()	The Pascal-style byte stream format instructions for the encoded header of the key list.
get_openssh_private_key_footer()	rtype str
get_openssh_private_key_header()	rtype str
get_wrap_col()	rtype int
index(value, [start, [stop]])	Raises ValueError if the value is not present.
insert(i, item)	S.insert(index, value) -- insert value before index
pack_bytes([passphrase, include_indices, ...])	Packs the private key list into a byte string.
pack_string([passphrase, include_indices, ...])	Packs the private key list into a string.
pop([index])	Raise IndexError if list is empty or index is out of range.
remove(item)	S.remove(value) -- remove first occurrence of value.
reverse()	S.reverse() -- reverse IN PLACE
sort(*args, **kwds)

Attributes

DECIPHER_BYTES_HEADER_FORMAT_INSTRUCTIONS_DICT	The Pascal-style byte stream format instructions for the header of the decrypted private byte string.
HEADER_FORMAT_INSTRUCTIONS_DICT	The Pascal-style byte stream format instructions for the encoded header of the key list.
OPENSSH_PRIVATE_KEY_FOOTER
OPENSSH_PRIVATE_KEY_HEADER
WRAP_COL

DECIPHER_BYTES_HEADER_FORMAT_INSTRUCTIONS_DICT = mappingproxy({'check_int_1': '>I', 'check_int_2': '>I'})

The Pascal-style byte stream format instructions for the header of the decrypted private byte string.

HEADER_FORMAT_INSTRUCTIONS_DICT = mappingproxy({'auth_magic': '15s', 'cipher': <PascalStyleFormatInstruction.STRING: <class 'str'>>, 'kdf': <PascalStyleFormatInstruction.STRING: <class 'str'>>, 'kdf_options': <PascalStyleFormatInstruction.BYTES: <class 'bytes'>>, 'num_keys': '>i'})

The Pascal-style byte stream format instructions for the encoded header of the key list.

append(item)

S.append(value) – append value to the end of the sequence

clear() → None -- remove all items from S

count(value) → integer -- return number of occurrences of value

extend(other)

S.extend(iterable) – extend sequence by appending elements from the iterable

classmethod from_bytes(byte_string, passphrase=None)

Parses a private key list from a given byte string.

Parameters

• byte_string (bytes) – The byte string from which to parse.

• passphrase (Optional[str]) – The passphrase with which to decrypt the private byte string. If not provided, will be prompted for at standard input.

Return type

TypeVar(PrivateKeyListTypeVar, bound= PrivateKeyList)

Returns

A PrivateKeyList object containing the private key list.

Raises

• ValueError – The provided byte string is not an openssh-key-v1 key list or the declared key count is negative.

• UserWarning – The check numbers in the decrypted private byte string do not match (likely due to an incorrect passphrase), the key type or parameter values of a private key do not match that of the corresponding public key in the list, or the padding bytes at the end of the decrypted private byte string are not as expected.

classmethod from_list(key_pair_list, cipher='none', kdf='none', kdf_options=None)

Constructs and initializes a private key list from a given list of key pairs and metadata.

Parameters

• key_pair_list (List[PublicPrivateKeyPair]) – The list of key pairs to add to the returned private key list.

• cipher (str) – The cipher type to add to the header of the private key list.

• kdf (str) – The key derivation function type to add to the header of the private key list.

• kdf_options (Optional[KDFOptions]) – The key derivation function parameters to add to the private key list.

Return type

TypeVar(PrivateKeyListTypeVar, bound= PrivateKeyList)

Returns

A PrivateKeyList object containing the given list of key pairs and metadata.

Raises

ValueError – The given list contains an item that is not a key pair.

classmethod from_string(string, passphrase=None)

Parses a private key list from a given string.

Parameters

• string (str) – The string from which to parse.

• passphrase (Optional[str]) – The passphrase with which to decrypt the private byte string. If not provided, will be prompted for at standard input if needed.

Return type

TypeVar(PrivateKeyListTypeVar, bound= PrivateKeyList)

Returns

A PrivateKeyList object containing the private key list.

Raises

• ValueError – The file does not have the expected PEM-style headers, the provided byte string is not an openssh-key-v1 key list, or the declared key count is negative.

• UserWarning – The check numbers in the decrypted private byte string do not match (likely due to an incorrect passphrase), the key type or parameter values of a private key do not match that of the corresponding public key in the list, or the padding bytes at the end of the decrypted private byte string are not as expected.

static get_decipher_bytes_header_format_instructions_dict()

The Pascal-style byte stream format instructions for the header of the decrypted private byte string.

Return type

Mapping[str, Union[str, PascalStyleFormatInstruction, PascalStyleFormatInstructionStringLengthSize]]

static get_header_format_instructions_dict()

The Pascal-style byte stream format instructions for the encoded header of the key list.

Return type

Mapping[str, Union[str, PascalStyleFormatInstruction, PascalStyleFormatInstructionStringLengthSize]]

index(value[, start[, stop]]) → integer -- return first index of value.

Raises ValueError if the value is not present.

Supporting start and stop arguments is optional, but recommended.

insert(i, item)

S.insert(index, value) – insert value before index

pack_bytes(passphrase=None, include_indices=None, override_public_with_private=True, retain_kdf_options_if_present=False)

Packs the private key list into a byte string.

Parameters

• passphrase (Optional[str]) – The passphrase with which to encrypt the private byte string. If not provided, will be prompted for at standard input if needed.

• include_indices (Optional[List[int]]) – A list of indices into the private key list for the key pairs to include in the returned byte string.

• override_public_with_private (bool) – If False, packs the public bytes of each key from the public key of each key pair. If True, ignores the public key of each key pair, instead packing the public bytes from the public parameters of the private key.

• retain_kdf_options_if_present (bool) – If False, packs the key derivation function parameters in this private key list object. If True, generates and packs new key derivation function parameters.

Return type

bytes

Returns

A byte string containing the private key list.

Raises

IndexError – include_indices contains an index that is out of range for this private key list.

pack_string(passphrase=None, include_indices=None, override_public_with_private=True, retain_kdf_options_if_present=False)

Packs the private key list into a string.

Parameters

• passphrase (Optional[str]) – The passphrase with which to encrypt the private byte string. If not provided, will be prompted for at standard input if needed.

• include_indices (Optional[List[int]]) – A list of indices into the private key list for the key pairs to include in the returned byte string.

• override_public_with_private (bool) – If False, packs the public bytes of each key from the public key of each key pair. If True, ignores the public key of each key pair, instead packing the public bytes from the public parameters of the private key.

• retain_kdf_options_if_present (bool) – If False, packs the key derivation function parameters in this private key list object. If True, generates and packs new key derivation function parameters.

Return type

str

Returns

A string containing the private key list.

Raises

IndexError – include_indices contains an index that is out of range for this private key list.

pop([index]) → item -- remove and return item at index (default last).

Raise IndexError if list is empty or index is out of range.

remove(item)

S.remove(value) – remove first occurrence of value. Raise ValueError if the value is not present.

reverse()

S.reverse() – reverse IN PLACE