Module PKCS1_OAEP
RSA encryption protocol according to PKCS#1 OAEP
See RFC3447 or the original RSA Labs specification .
This scheme is more properly called RSAES-OAEP.
As an example, a sender may encrypt a message in this way:
>>> from Crypto.Cipher import PKCS1_OAEP
>>> from Crypto.PublicKey import RSA
>>>
>>> message = 'To be encrypted'
>>> key = RSA.importKey(open('pubkey.der').read())
>>> cipher = PKCS1_OAEP.new(key)
>>> ciphertext = cipher.encrypt(message)
At the receiver side, decryption can be done using the private part of
the RSA key:
>>> key = RSA.importKey(open('privkey.der').read())
>>> cipher = PKCS1_OAP.new(key)
>>> message = cipher.decrypt(ciphertext)
|
PKCS1OAEP_Cipher
This cipher can perform PKCS#1 v1.5 OAEP encryption or decryption.
|
|
new(key,
hashAlgo=None,
mgfunc=None,
label='
' )
Return a cipher object PKCS1OAEP_Cipher that can be used to perform PKCS#1 OAEP encryption or decryption. |
|
|
new(key,
hashAlgo=None,
mgfunc=None,
label='
' )
|
|
Return a cipher object PKCS1OAEP_Cipher that can be used to perform PKCS#1 OAEP encryption or decryption.
- Parameters:
key (RSA key object) - The key to use to encrypt or decrypt the message. This is a Crypto.PublicKey.RSA object.
Decryption is only possible if key is a private RSA key.
hashAlgo (hash object) - The hash function to use. This can be a module under Crypto.Hash
or an existing hash object created from any of such modules. If not specified,
Crypto.Hash.SHA (that is, SHA-1) is used.
mgfunc (callable) - A mask generation function that accepts two parameters: a string to
use as seed, and the lenth of the mask to generate, in bytes.
If not specified, the standard MGF1 is used (a safe choice).
label (string) - A label to apply to this particular encryption. If not specified,
an empty string is used. Specifying a label does not improve
security.
Attention:
Modify the mask generation function only if you know what you are doing.
Sender and receiver must use the same one.
|