Stem Docs



Parsing for Tor Ed25519 certificates, which are used to validate the key used to sign server descriptors.

New in version 1.6.0.

Module Overview:

Ed25519Certificate - Ed25519 signing key certificate
  | +- Ed25519CertificateV1 - version 1 Ed25519 certificate
  |      |- is_expired - checks if certificate is presently expired
  |      +- validate - validates signature of a server descriptor
  +- parse - reads base64 encoded certificate data

Ed25519Extension - extension included within an Ed25519Certificate

Purpose of Ed25519 certificate. As new certificate versions are added this enumeration will expand.

CertType Description
SIGNING signing a signing key with an identity key
LINK_CERT TLS link certificate signed with ed25519 signing key
AUTH authentication key signed with ed25519 signing key

Recognized exception types.

ExtensionType Description
HAS_SIGNING_KEY includes key used to sign the certificate

Flags that can be assigned to Ed25519 certificate extensions.

ExtensionFlag Description
AFFECTS_VALIDATION extension affects whether the certificate is valid
UNKNOWN extension includes flags not yet recognized by stem
class stem.descriptor.certificate.Ed25519Extension[source]

Bases: stem.descriptor.certificate.Ed25519Extension

Extension within an Ed25519 certificate.

  • type (int) -- extension type
  • flags (list) -- extension attribute flags
  • flag_int (int) -- integer encoding of the extension attribute flags
  • data (bytes) -- data the extension concerns
class stem.descriptor.certificate.Ed25519Certificate(version, encoded)[source]

Bases: object

Base class for an Ed25519 certificate.

  • version (int) -- certificate format version
  • encoded (str) -- base64 encoded ed25519 certificate
static parse(content)[source]

Parses the given base64 encoded data as an Ed25519 certificate.

Parameters:content (str) -- base64 encoded certificate
Returns:Ed25519Certificate subclsss for the given certificate
Raises :ValueError if content is malformed
class stem.descriptor.certificate.Ed25519CertificateV1(version, encoded, decoded)[source]

Bases: stem.descriptor.certificate.Ed25519Certificate

Version 1 Ed25519 certificate, which are used for signing tor server descriptors.

  • type (CertType) -- certificate purpose
  • expiration (datetime) -- expiration of the certificate
  • key_type (int) -- format of the key
  • key (bytes) -- key content
  • extensions (list) -- Ed25519Extension in this certificate
  • signature (bytes) -- certificate signature

Checks if this certificate is presently expired or not.

Returns:True if the certificate has expired, False otherwise

Validates our signing key and that the given descriptor content matches its Ed25519 signature.


server_descriptor (stem.descriptor.server_descriptor.Ed25519) -- relay server descriptor to validate

Raises :
  • ValueError if signing key or descriptor are invalid
  • ImportError if pynacl module is unavailable