ndn.security package

Introduction

The ndn.security package provides basic tools for security use.

Signer

A Signer is a class used to sign a packet during encoding.

class ndn.encoding.Signer
abstract get_signature_value_size()

Get the size of SignatureValue. If the size is variable, return the maximum possible value.

Return type

int

Returns

the size of SignatureValue.

abstract write_signature_info(signature_info)

Fill in the fields of SignatureInfo.

Parameters

signature_info – a blank SignatureInfo object.

abstract write_signature_value(wire, contents)

Calculate the SignatureValue and write it into wire. The length of wire is exactly what get_signature_value_size() returns. Basically this function should return the same value except for ECDSA.

Parameters
  • wire (Union[bytearray, memoryview]) – the buffer to contain SignatureValue.

  • contents (List[Union[bytearray, memoryview]]) – a list of memory blocks that needs to be covered.

Return type

int

Returns

the actual size of SignatureValue.

Validator

A Validator is a async function called to validate an Interest or Data packet. It takes 2 arguments: a FormalName and a SignaturePtrs, and returns whether the packet is validated.

Keychain

A Keychain is a class which contains Identities, Keys associated with Identities and associated Certificates.

class ndn.security.keychain.Keychain

The abstract Keychain class, derived from collections.abc.Mapping. It behaves like an immutable dict from FormalName to Identity. The implementation of Identity varies with concrete implementations. Generally, its methods should also accept NonStrictName as inputs. This includes operators such as in and [].

abstract get_signer(sign_args)

Get a signer from sign_args.

Parameters

sign_args (dict[str, Any]) – the signing arguments provided by the application.

Returns

a signer.

Return type

Signer

KeychainDigest

class ndn.security.keychain.keychain_digest.KeychainDigest

A signer which has no Identity and always returns a SHA-256 digest signer.

get_signer(sign_args)

Get a signer from sign_args.

Parameters

sign_args (Dict[str, Any]) – the signing arguments provided by the application.

Returns

a signer.

Return type

Signer

KeychainSqlite3

This is the default Keychain.

class ndn.security.keychain.keychain_sqlite3.Certificate(row_id, key, name, data, is_default)

A dataclass for a Certificate.

Variables
  • id (int) – its id in the database.

  • key (FormalName) – the Name of the associated Key.

  • name (FormalName) – its Name.

  • data (bytes) – the content.

  • is_default (bool) – whether this is the default Identity.

property data: Union[bytes, bytearray, memoryview]

Get the binary data of the certificate, which is the wire form of the V2 certificate Data packet.

Return type

Union[bytes, bytearray, memoryview]

Returns

Certificate binary data.

property key: List[Union[bytes, bytearray, memoryview]]

Get the Name of the Key

Return type

List[Union[bytes, bytearray, memoryview]]

Returns

Key Name.

property name: List[Union[bytes, bytearray, memoryview]]

Get the Name of the certificate

Return type

List[Union[bytes, bytearray, memoryview]]

Returns

Certificate Name.

class ndn.security.keychain.keychain_sqlite3.Identity(pib, row_id, name, is_default)

An Identity. It behaves like an immutable dict from FormalName to Key.

Variables
  • row_id (int) – its id in the database.

  • name (FormalName) – its Name.

  • is_default (bool) – whether this is the default Identity.

default_key()

Get the default Key.

Return type

Key

Returns

the default Key.

del_key(name)

Delete a specific Key.

Parameters

name (NonStrictName) – the Name of the Key to delete.

has_default_key()

Whether it has a default Key.

Return type

bool

Returns

True if there is one.

property name: List[Union[bytes, bytearray, memoryview]]

Get the Name of the identity

Return type

List[Union[bytes, bytearray, memoryview]]

Returns

Identity Name.

new_key(key_type)

Create a new key with default arguments.

Parameters

key_type (str) – the type of the Key. Can be ec or rsa.

Return type

Key

Returns

the new Key.

set_default_key(name)

Set the default Key.

Parameters

name (NonStrictName) – the Name of the new default Key.

class ndn.security.keychain.keychain_sqlite3.Key(pib, identity, row_id, name, key_bits, is_default)

A Key. It behaves like an immutable dict from FormalName to Certificate.

Variables
  • row_id (int) – its id in the database.

  • identity (FormalName.) – the Name of the associated Identity.

  • name (FormalName) – its Name.

  • key_bits (bytes) – the key bits of the public key.

  • is_default (bool) – whether this is the default Identity.

default_cert()

Get the default Certificate.

Return type

Certificate

Returns

the default Certificate.

del_cert(name)

Delete a specific Certificare.

Parameters

name (NonStrictName) – the Name of the Key to delete.

has_default_cert()

Whether it has a default Certificate.

Return type

bool

Returns

True if there is one.

property identity: List[Union[bytes, bytearray, memoryview]]

Get the Name of the Identity

Return type

List[Union[bytes, bytearray, memoryview]]

Returns

Identity Name.

property key_bits: Union[bytes, bytearray, memoryview]

Get the public key bits of the key.

Return type

Union[bytes, bytearray, memoryview]

Returns

Public key bits.

property name: List[Union[bytes, bytearray, memoryview]]

Get the Name of the key

Return type

List[Union[bytes, bytearray, memoryview]]

Returns

Key Name.

set_default_cert(name)

Set the default Certificate.

Parameters

name (NonStrictName) – the Name of the new default Certificate.

class ndn.security.keychain.keychain_sqlite3.KeychainSqlite3(path, tpm)

Store public infomation in a Sqlite3 database and private keys in a TPM.

Variables
  • path (str) – the path to the database. The default path is ~/.ndn/pib.db.

  • tpm (Tpm) – an instance of TPM.

  • tpm_locator (str) – a URI string describing the location of TPM.

default_identity()

Get the default Identity.

Return type

Identity

Returns

the default Identity.

del_cert(name)

Delete a specific Certificate.

Parameters

name (NonStrictName) – the Certificate Name.

del_identity(name)

Delete a specific Identity.

Parameters

name (NonStrictName) – the Identity Name.

del_key(name)

Delete a specific Key.

Parameters

name (NonStrictName) – the Key Name.

get_signer(sign_args)

Get a signer from sign_args.

Parameters

sign_args (dict[str, Any]) – the signing arguments provided by the application.

Returns

a signer.

Return type

Signer

has_default_identity()

Whether there is a default Identity. :rtype: bool :return: True if there is one.

new_identity(name)

Create a new Identity without a default Key. This is used to control the Keychain in a fine-grained way.

Parameters

name (NonStrictName) – the Name of the new Identity.

Return type

Identity

Returns

the Identity created.

new_key(id_name, key_type='ec', **kwargs)

Generate a new key for a specific Identity.

Parameters
  • id_name (NonStrictName) – the Name of Identity.

  • key_type (str) –

    the type of key. Can be one of the following:

    • ec: ECDSA key.

    • rsa: RSA key.

  • kwargs – keyword arguments.

Keyword Arguments
  • key_size (int) - key size in bit.

  • key_id (Union[BinaryStr, str]) - a one-Component ID of the Key.

  • key_id_type (str) - the method to generate the ID if key_id is not specified. Can be random or sha256.

Return type

Key

Returns

the new Key.

set_default_identity(name)

Set the default Identity.

Parameters

name (NonStrictName) – the Name of the new default Identity.

shutdown()

Close the connection.

touch_identity(id_name)

Get an Identity with specific name. Create a new one if it does not exist. The newly created one will automatically have a default ECC Key and self-signed Certificate.

Parameters

id_name (NonStrictName) – the Name of Identity.

Return type

Identity

Returns

the specified Identity.