Skip to content

Documentation

PyPI

Python package for signing and verifying S/MIME messages.

This package is written in Rust using PyO3. Signing and verification is handled by OpenSSL which is statically linked to the package to simplify installation and dependency management. Runtime dependencies are limited to the Python standard library.

API Reference

rsmime.Rsmime 

Rsmime(cert_file: str | PathLike[str] | None = ..., key_file: str | PathLike[str] | None = ..., *, cert_data: str | bytes | bytearray | memoryview | None = ..., key_data: str | bytes | bytearray | memoryview | None = ...)

Initialize client and load certificate material.

Parameters:

  • cert_file (str | PathLike[str] | None, default: ... ) –

    Path to certificate on disk. Mutually exclusive with cert_data.

  • key_file (str | PathLike[str] | None, default: ... ) –

    Path to private key on disk. Mutually exclusive with key_data.

  • cert_data (str | bytes | bytearray | memoryview | None, default: ... ) –

    PEM-encoded certificate contents provided as a string or bytes-like object.

  • key_data (str | bytes | bytearray | memoryview | None, default: ... ) –

    PEM-encoded private key contents provided as a string or bytes-like object.

Raises:

  • CertificateError

    If there is an error loading, parsing, or when both a file path and in-memory value are provided for the same artifact.

sign 

sign(message: bytes, *, detached: bool = False) -> bytes

Sign a message and return the signed S/MIME message.

Parameters:

  • message (bytes) –

    Message to sign.

  • detached (bool, default: False ) –

    Whether to return a detached signature. When set to True, the return value will be a multipart message with the signature in the plain text in the first part and the signature in the second part. When set to False the return value will be the signature without any additional wrapping.

Returns:

  • bytes

    Signed S/MIME message.

Raises:

  • SignError

    If there is an error signing the data.

verify staticmethod 

verify(message: bytes, raise_on_expired: bool = False) -> bytes

Verify a signed message and return the raw message data.

Parameters:

  • message (bytes) –

    The signed message to verify.

  • raise_on_expired (bool, default: False ) –

    Whether to raise an exception if any certificate in the message has expired.

Returns:

  • bytes

    Raw message data.

Raises:

  • VerifyError

    If there is an error verifying the message.

  • CertificateExpiredError

    If any certificate in the message has expired. Raise only if raise_on_expired is True.

rsmime.exceptions

RsmimeError

Bases: Exception

Base class for all exceptions in this module.

CertificateError

Bases: RsmimeError

Thrown when there is an error with the input certificate.

CertificateExpiredError

Bases: CertificateError

Thrown when any certificate in the message has expired.

SignError

Bases: RsmimeError

Thrown when there is an error signing the data.

VerifyError

Bases: RsmimeError

Thrown when there is an error verifying the data.