ndn.security
package
Introduction
The ndn.security
package provides basic tools for security use.
Signer
A Signer
is a class used to sign a packet during encoding.
- class ndn.encoding.Signer
- abstract get_signature_value_size()
Get the size of SignatureValue. If the size is variable, return the maximum possible value.
- Return type:
int
- Returns:
the size of SignatureValue.
- abstract write_signature_info(signature_info)
Fill in the fields of SignatureInfo.
- Parameters:
signature_info – a blank SignatureInfo object.
- abstract write_signature_value(wire, contents)
Calculate the SignatureValue and write it into wire. The length of wire is exactly what
get_signature_value_size()
returns. Basically this function should return the same value except for ECDSA.- Parameters:
wire (
Union
[bytearray
,memoryview
]) – the buffer to contain SignatureValue.contents (
List
[Union
[bytearray
,memoryview
]]) – a list of memory blocks that needs to be covered.
- Return type:
int
- Returns:
the actual size of SignatureValue.
Validator
A Validator
is a async function called to validate an Interest or Data packet.
It takes 2 arguments: a FormalName
and a SignaturePtrs
,
and returns whether the packet is validated.
Keychain
A Keychain
is a class which contains Identities, Keys associated with Identities and associated Certificates.
- class ndn.security.keychain.Keychain
The abstract Keychain class, derived from
collections.abc.Mapping
. It behaves like an immutable dict fromFormalName
to Identity. The implementation of Identity varies with concrete implementations. Generally, its methods should also acceptNonStrictName
as inputs. This includes operators such asin
and[]
.
KeychainDigest
- class ndn.security.keychain.keychain_digest.KeychainDigest
A signer which has no Identity and always returns a SHA-256 digest signer.
KeychainSqlite3
This is the default Keychain.
- class ndn.security.keychain.keychain_sqlite3.Certificate(row_id, key, name, data, is_default)
A dataclass for a Certificate.
- Variables:
id (int) – its id in the database.
key (
FormalName
) – the Name of the associated Key.name (
FormalName
) – its Name.data (bytes) – the content.
is_default (bool) – whether this is the default Identity.
- property data: bytes | bytearray | memoryview
Get the binary data of the certificate, which is the wire form of the V2 certificate Data packet.
- Returns:
Certificate binary data.
- property key: List[bytes | bytearray | memoryview]
Get the Name of the Key
- Returns:
Key Name.
- property name: List[bytes | bytearray | memoryview]
Get the Name of the certificate
- Returns:
Certificate Name.
- class ndn.security.keychain.keychain_sqlite3.Identity(pib, row_id, name, is_default)
An Identity. It behaves like an immutable
dict
fromFormalName
toKey
.- Variables:
row_id (int) – its id in the database.
name (
FormalName
) – its Name.is_default (bool) – whether this is the default Identity.
- del_key(name)
Delete a specific Key.
- Parameters:
name (
NonStrictName
) – the Name of the Key to delete.
- has_default_key()
Whether it has a default Key.
- Return type:
bool
- Returns:
True
if there is one.
- property name: List[bytes | bytearray | memoryview]
Get the Name of the identity
- Returns:
Identity Name.
- new_key(key_type)
Create a new key with default arguments.
- Parameters:
key_type (
str
) – the type of the Key. Can beec
orrsa
.- Return type:
- Returns:
the new Key.
- set_default_key(name)
Set the default Key.
- Parameters:
name (
NonStrictName
) – the Name of the new default Key.
- class ndn.security.keychain.keychain_sqlite3.Key(pib, identity, row_id, name, key_bits, is_default)
A Key. It behaves like an immutable
dict
fromFormalName
toCertificate
.- Variables:
row_id (int) – its id in the database.
identity (
FormalName
.) – the Name of the associated Identity.name (
FormalName
) – its Name.key_bits (bytes) – the key bits of the public key.
is_default (bool) – whether this is the default Identity.
- default_cert()
Get the default Certificate.
- Return type:
- Returns:
the default Certificate.
- del_cert(name)
Delete a specific Certificare.
- Parameters:
name (
NonStrictName
) – the Name of the Key to delete.
- has_default_cert()
Whether it has a default Certificate.
- Return type:
bool
- Returns:
True
if there is one.
- property identity: List[bytes | bytearray | memoryview]
Get the Name of the Identity
- Returns:
Identity Name.
- property key_bits: bytes | bytearray | memoryview
Get the public key bits of the key.
- Returns:
Public key bits.
- property name: List[bytes | bytearray | memoryview]
Get the Name of the key
- Returns:
Key Name.
- set_default_cert(name)
Set the default Certificate.
- Parameters:
name (
NonStrictName
) – the Name of the new default Certificate.
- class ndn.security.keychain.keychain_sqlite3.KeychainSqlite3(path, tpm)
Store public infomation in a Sqlite3 database and private keys in a TPM.
- Variables:
path (str) – the path to the database. The default path is
~/.ndn/pib.db
.tpm (
Tpm
) – an instance of TPM.tpm_locator (str) – a URI string describing the location of TPM.
- del_cert(name)
Delete a specific Certificate.
- Parameters:
name (
NonStrictName
) – the Certificate Name.
- del_identity(name)
Delete a specific Identity.
- Parameters:
name (
NonStrictName
) – the Identity Name.
- del_key(name)
Delete a specific Key.
- Parameters:
name (
NonStrictName
) – the Key Name.
- get_signer(sign_args)
Get a signer from sign_args.
- Parameters:
sign_args (
dict
[str
,Any
]) – the signing arguments provided by the application.- Returns:
a signer.
- Return type:
- has_default_identity()
Whether there is a default Identity. :rtype:
bool
:return:True
if there is one.
- new_identity(name)
Create a new Identity without a default Key. This is used to control the Keychain in a fine-grained way.
- Parameters:
name (
NonStrictName
) – the Name of the new Identity.- Return type:
- Returns:
the Identity created.
- new_key(id_name, key_type='ec', **kwargs)
Generate a new key for a specific Identity.
- Parameters:
id_name (
NonStrictName
) – the Name of Identity.key_type (
str
) –the type of key. Can be one of the following:
ec
: ECDSA key.rsa
: RSA key.
kwargs – keyword arguments.
- Keyword Arguments:
key_size (
int
) - key size in bit.key_id (Union[
BinaryStr
,str
]) - a one-Component ID of the Key.key_id_type (
str
) - the method to generate the ID if key_id is not specified. Can berandom
orsha256
.
- Return type:
- Returns:
the new Key.
- set_default_identity(name)
Set the default Identity.
- Parameters:
name (
NonStrictName
) – the Name of the new default Identity.
- shutdown()
Close the connection.
- touch_identity(id_name)
Get an Identity with specific name. Create a new one if it does not exist. The newly created one will automatically have a default ECC Key and self-signed Certificate.
- Parameters:
id_name (
NonStrictName
) – the Name of Identity.- Return type:
- Returns:
the specified Identity.