Package Crypto :: Package PublicKey :: Module RSA :: Class _RSAobj
[frames] | no frames]

Class _RSAobj

pubkey.pubkey --+
                |
               _RSAobj

Class defining an actual RSA key.
Instance Methods
 
__init__(self, implementation, key, randfunc=None)
 
encrypt(self, plaintext, K)
Encrypt a piece of data with RSA.
 
decrypt(self, ciphertext)
Decrypt a piece of data with RSA.
 
sign(self, M, K)
Sign a piece of data with RSA.
 
verify(self, M, signature)
Verify the validity of an RSA signature.
 
has_private(self)
Tell if the key object contains private components.
 
size(self)
Tell the maximum number of bits that can be handled by this key.
 
can_blind(self)
Tell if the algorithm can deal with data blinding.
 
can_encrypt(self)
Tell if the algorithm can deal with data encryption.
 
can_sign(self)
Tell if the algorithm can deal with cryptographic signatures.
 
publickey(self)
Construct a new key carrying only the public information.
 
exportKey(self, format='PEM', passphrase=None, pkcs=1)
Export this RSA key.

Inherited from pubkey.pubkey: blind, unblind

Class Variables
  keydata = ['n', 'e', 'd', 'p', 'q', 'u']
Dictionary of RSA parameters.
Method Details

__init__(self, implementation, key, randfunc=None)
(Constructor)

 
Overrides: pubkey.pubkey.__init__

encrypt(self, plaintext, K)

 
Encrypt a piece of data with RSA.
Parameters:
  • plaintext (byte string or long) - The piece of data to encrypt with RSA. It may not be numerically larger than the RSA module (n).
  • K (byte string or long) - A random parameter (for compatibility only. This value will be ignored)
Returns:
A tuple with two items. The first item is the ciphertext of the same type as the plaintext (string or long). The second item is always None.
Overrides: pubkey.pubkey.encrypt

Attention: this function performs the plain, primitive RSA encryption (textbook). In real applications, you always need to use proper cryptographic padding, and you should not directly encrypt data with this method. Failure to do so may lead to security vulnerabilities. It is recommended to use modules Crypto.Cipher.PKCS1_OAEP or Crypto.Cipher.PKCS1_v1_5 instead.

decrypt(self, ciphertext)

 

Decrypt a piece of data with RSA.

Decryption always takes place with blinding.

Parameters:
  • ciphertext (byte string, long or a 2-item tuple as returned by encrypt) - The piece of data to decrypt with RSA. It may not be numerically larger than the RSA module (n). If a tuple, the first item is the actual ciphertext; the second item is ignored.
Returns:
A byte string if ciphertext was a byte string or a tuple of byte strings. A long otherwise.
Overrides: pubkey.pubkey.decrypt

Attention: this function performs the plain, primitive RSA decryption (textbook). In real applications, you always need to use proper cryptographic padding, and you should not directly decrypt data with this method. Failure to do so may lead to security vulnerabilities. It is recommended to use modules Crypto.Cipher.PKCS1_OAEP or Crypto.Cipher.PKCS1_v1_5 instead.

sign(self, M, K)

 

Sign a piece of data with RSA.

Signing always takes place with blinding.

Parameters:
  • M (byte string or long) - The piece of data to sign with RSA. It may not be numerically larger than the RSA module (n).
  • K (byte string or long) - A random parameter (for compatibility only. This value will be ignored)
Returns:
A 2-item tuple. The first item is the actual signature (a long). The second item is always None.
Overrides: pubkey.pubkey.sign

Attention: this function performs the plain, primitive RSA decryption (textbook). In real applications, you always need to use proper cryptographic padding, and you should not directly sign data with this method. Failure to do so may lead to security vulnerabilities. It is recommended to use modules Crypto.Signature.PKCS1_PSS or Crypto.Signature.PKCS1_v1_5 instead.

verify(self, M, signature)

 
Verify the validity of an RSA signature.
Parameters:
  • M (byte string or long) - The expected message.
  • signature (A 2-item tuple as return by sign) - The RSA signature to verify. The first item of the tuple is the actual signature (a long not larger than the modulus n), whereas the second item is always ignored.
Returns:
True if the signature is correct, False otherwise.
Overrides: pubkey.pubkey.verify

Attention: this function performs the plain, primitive RSA encryption (textbook). In real applications, you always need to use proper cryptographic padding, and you should not directly verify data with this method. Failure to do so may lead to security vulnerabilities. It is recommended to use modules Crypto.Signature.PKCS1_PSS or Crypto.Signature.PKCS1_v1_5 instead.

has_private(self)

 
Tell if the key object contains private components.
Returns:
bool
Overrides: pubkey.pubkey.has_private
(inherited documentation)

size(self)

 
Tell the maximum number of bits that can be handled by this key.
Returns:
int
Overrides: pubkey.pubkey.size
(inherited documentation)

can_blind(self)

 

Tell if the algorithm can deal with data blinding.

This property concerns the algorithm, not the key itself. It may happen that this particular key object hasn't got the private information required carry out blinding.

Returns:
boolean
Overrides: pubkey.pubkey.can_blind
(inherited documentation)

can_encrypt(self)

 

Tell if the algorithm can deal with data encryption.

This property concerns the algorithm, not the key itself. It may happen that this particular key object hasn't got the private information required to decrypt data.

Returns:
boolean
Overrides: pubkey.pubkey.can_encrypt
(inherited documentation)

can_sign(self)

 

Tell if the algorithm can deal with cryptographic signatures.

This property concerns the algorithm, not the key itself. It may happen that this particular key object hasn't got the private information required to generate a signature.

Returns:
boolean
Overrides: pubkey.pubkey.can_sign
(inherited documentation)

publickey(self)

 
Construct a new key carrying only the public information.
Returns:
A new pubkey object.
Overrides: pubkey.pubkey.publickey
(inherited documentation)

exportKey(self, format='PEM', passphrase=None, pkcs=1)

 

Export this RSA key.

Parameters:
  • format (string) - The format to use for wrapping the key.

    • 'DER'. Binary encoding, always unencrypted.
    • 'PEM'. Textual encoding, done according to RFC1421/RFC1423. Unencrypted (default) or encrypted.
    • 'OpenSSH'. Textual encoding, done according to OpenSSH specification. Only suitable for public keys (not private keys).
  • passphrase (string) - In case of PEM, the pass phrase to derive the encryption key from.
  • pkcs (integer) - The PKCS standard to follow for assembling the key. You have two choices:

    • with 1, the public key is embedded into an X.509 SubjectPublicKeyInfo DER SEQUENCE. The private key is embedded into a PKCS#1 RSAPrivateKey DER SEQUENCE. This mode is the default.
    • with 8, the private key is embedded into a PKCS#8 PrivateKeyInfo DER SEQUENCE. This mode is not available for public keys.

    PKCS standards are not relevant for the OpenSSH format.

Returns:
A byte string with the encoded public or private half.
Raises:
  • ValueError - When the format is unknown.

Class Variable Details

keydata

Dictionary of RSA parameters.

A public key will only have the following entries:

  • n, the modulus.
  • e, the public exponent.

A private key will also have:

  • d, the private exponent.
  • p, the first factor of n.
  • q, the second factor of n.
  • u, the CRT coefficient (1/p) mod q.
Value:
['n', 'e', 'd', 'p', 'q', 'u']