Module RSA
RSA public-key cryptography algorithm (signature and encryption).
RSA is the most widespread and used public key algorithm. Its security is
based on the difficulty of factoring large integers. The algorithm has
withstood attacks for 30 years, and it is therefore considered reasonably
secure for new designs.
The algorithm can be used for both confidentiality (encryption) and
authentication (digital signature). It is worth noting that signing and
decryption are significantly slower than verification and encryption.
The cryptograhic strength is primarily linked to the length of the modulus n.
In 2012, a sufficient length is deemed to be 2048 bits. For more information,
see the most recent ECRYPT report.
Both RSA ciphertext and RSA signature are as big as the modulus n (256
bytes if n is 2048 bit long).
This module provides facilities for generating fresh, new RSA keys, constructing
them from known components, exporting them, and importing them.
>>> from Crypto.PublicKey import RSA
>>>
>>> key = RSA.generate(2048)
>>> f = open('mykey.pem','w')
>>> f.write(RSA.exportKey('PEM'))
>>> f.close()
...
>>> f = open('mykey.pem','r')
>>> key = RSA.importKey(f.read())
Even though you may choose to directly use the methods of an RSA key object
to perform the primitive cryptographic operations (e.g. _RSAobj.encrypt),
it is recommended to use one of the standardized schemes instead (like
Crypto.Cipher.PKCS1_v1_5 or Crypto.Signature.PKCS1_v1_5).
|
generate(bits,
randfunc=None,
progress_func=None,
e=65537)
Randomly generate a fresh, new RSA key object. |
|
|
|
construct(tup)
Construct an RSA key object from a tuple of valid RSA components. |
|
|
|
importKey(externKey,
passphrase=None)
Import an RSA key (public or private half), encoded in standard form. |
|
|
generate(bits,
randfunc=None,
progress_func=None,
e=65537)
|
|
Randomly generate a fresh, new RSA key object.
See RSAImplementation.generate.
- Parameters:
bits (int) - Key length, or size (in bits) of the RSA modulus.
It must be a multiple of 256, and no smaller than 1024.
randfunc (callable) - Random number generation function; it should accept
a single integer N and return a string of random data
N bytes long.
If not specified, a new one will be instantiated
from Crypto.Random.
progress_func (callable) - Optional function that will be called with a short string
containing the key parameter currently being generated;
it's useful for interactive applications where a user is
waiting for a key to be generated.
e (int) - Public RSA exponent. It must be an odd positive integer.
It is typically a small number with very few ones in its
binary representation.
The default value 65537 (= 0b10000000000000001 ) is a safe
choice: other common values are 5, 7, 17, and 257.
- Returns:
- An RSA key object (_RSAobj).
- Raises:
ValueError - When bits is too little or not a multiple of 256, or when
e is not odd or smaller than 2.
Attention:
-
You should always use a cryptographically secure random number generator,
such as the one defined in the Crypto.Random module; don't just use the
current time and the random module.
-
Exponent 3 is also widely used, but it requires very special care when padding
the message.
|
importKey(externKey,
passphrase=None)
|
|
Import an RSA key (public or private half), encoded in standard form.
See RSAImplementation.importKey.
- Parameters:
externKey (string) - The RSA key to import, encoded as a string.
An RSA public key can be in any of the following formats:
- X.509
subjectPublicKeyInfo DER SEQUENCE (binary or PEM encoding)
- PKCS#1
RSAPublicKey DER SEQUENCE (binary or PEM encoding)
- OpenSSH (textual public key only)
An RSA private key can be in any of the following formats:
- PKCS#1
RSAPrivateKey DER SEQUENCE (binary or PEM encoding)
- PKCS#8
PrivateKeyInfo DER SEQUENCE (binary or PEM encoding)
- OpenSSH (textual public key only)
For details about the PEM encoding, see RFC1421/RFC1423.
In case of PEM encoding, the private key can be encrypted with DES or 3TDES according to a certain pass phrase.
Only OpenSSL-compatible pass phrases are supported.
passphrase (string) - In case of an encrypted PEM key, this is the pass phrase from which the encryption key is derived.
- Returns:
- An RSA key object (_RSAobj).
- Raises:
ValueError/IndexError/TypeError - When the given key cannot be parsed (possibly because the pass phrase is wrong).
|