Certificate¶

Parsing for Tor Ed25519 certificates, which are used to for a variety of purposes…

• validating the key used to sign server descriptors

• validating the key used to sign hidden service v3 descriptors

• signing and encrypting hidden service v3 indroductory points

Module Overview:

Ed25519Certificate - Ed25519 signing key certificate
  | +- Ed25519CertificateV1 - version 1 Ed25519 certificate
  |      |- is_expired - checks if certificate is presently expired
  |      |- signing_key - certificate signing key
  |      +- validate - validates a descriptor's signature
  |
  |- from_base64 - decodes a base64 encoded certificate
  |- to_base64 - base64 encoding of this certificate
  |
  |- unpack - decodes a byte encoded certificate
  +- pack - byte encoding of this certificate

Ed25519Extension - extension included within an Ed25519Certificate

stem.descriptor.certificate.CertType(enum)¶

Purpose of Ed25519 certificate. For more information see…

• cert-spec.txt section A.1

• rend-spec-v3.txt appendix E

Deprecated since version 1.8.0: Replaced with stem.client.datatype.CertType

CertType	Description
SIGNING	signing key with an identity key
LINK_CERT	TLS link certificate signed with ed25519 signing key
AUTH	authentication key signed with ed25519 signing key
HS_V3_DESC_SIGNING	hidden service v3 short-term descriptor signing key
HS_V3_INTRO_AUTH	hidden service v3 introductory point authentication key
HS_V3_INTRO_ENCRYPT	hidden service v3 introductory point encryption key

stem.descriptor.certificate.ExtensionType(enum)¶

Recognized exception types.

ExtensionType	Description
HAS_SIGNING_KEY	includes key used to sign the certificate

stem.descriptor.certificate.ExtensionFlag(enum)¶

Flags that can be assigned to Ed25519 certificate extensions.

ExtensionFlag	Description
AFFECTS_VALIDATION	extension affects whether the certificate is valid
UNKNOWN	extension includes flags not yet recognized by stem