generate_keypair¶

classmethod KeyManager.generate_keypair(alg='rsa', **kwargs) → Tuple[bytes, bytes][source]¶

Generate a key pair, returning private + public key as serialized bytes based on default_formats and the kwarg format if it’s present.

By default, private keys are generally returned in PKCS8 format with PEM encoding, while public keys are OpenSSH format and OpenSSH encoding.

Example:

>>> priv, pub = KeyManager.generate_keypair(alg='rsa', key_size=2048)
>>> priv
b'-----BEGIN PRIVATE KEY-----\nMIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAMjkl
 ...Pw6eZGFwBEYY\n-----END PRIVATE KEY-----\n'

>>> priv, pub = KeyManager.generate_keypair(alg='ecdsa', curve=ec.SECP521R1)
>>> pub
b'ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1...dJCxguBQnb1hL6aDH4fHCjpy6A=='

To override the formatting/encoding:

>>> priv, pub = KeyManager.generate_keypair(
...     alg='ecdsa', format=dict(private_format='openssl', private_encoding='der')
... )
>>> priv
b'0\x81\xa4\x02\x01\x01\x040u\x1e\x8cI\xcd\xfa\xc8\x97\x83\xf8\xed\x1f\xe5\xbd...'

Parameters

alg (str) – The algorithm to generate a key for, e.g. 'rsa'
kwargs – All kwargs are forwarded to the matching generator in generators
key_size (int) – (for rsa and similar algorithms) Number of bits for the RSA key. Minimum of 512 bits.
format (dict) – Override some or all of the default format/encoding for the keys. Dict Keys: private_format,public_format,private_encoding,public_encoding

Returns