PEM

Set of functions for encapsulating data according to the PEM format.

PEM (Privacy Enhanced Mail) was an IETF standard for securing emails via a Public Key Infrastructure. It is specified in RFC 1421-1424.

Even though it has been abandoned, the simple message encapsulation it defined is still widely used today for encoding binary cryptographic objects like keys and certificates into text.

Crypto.IO.PEM.decode(pem_data, passphrase=None)

Decode a PEM block into binary.

Parameters:

• pem_data (string) – The PEM block.

• passphrase (byte string) – If given and the PEM block is encrypted, the key will be derived from the passphrase.

Returns:

A tuple with the binary data, the marker string, and a boolean to indicate if decryption was performed.

Raises:

ValueError – if decoding fails, if the PEM file is encrypted and no passphrase has been provided or if the passphrase is incorrect.

Crypto.IO.PEM.encode(data, marker, passphrase=None, randfunc=None)

Encode a piece of binary data into PEM format.

Parameters:

• data (byte string) – The piece of binary data to encode.

• marker (string) – The marker for the PEM block (e.g. “PUBLIC KEY”). Note that there is no official master list for all allowed markers. Still, you can refer to the OpenSSL source code.

• passphrase (byte string) – If given, the PEM block will be encrypted. The key is derived from the passphrase.

• randfunc (callable) – Random number generation function; it accepts an integer N and returns a byte string of random data, N bytes long. If not given, a new one is instantiated.

Returns:

The PEM block, as a string.