Module PKCS1_PSS
RSA digital signature protocol with appendix according to PKCS#1 PSS.
See RFC3447 or the original RSA Labs specification.
This scheme is more properly called RSASSA-PSS.
For example, a sender may authenticate a message using SHA-1 and PSS like
this:
>>> from Crypto.Signature import PKCS1_PSS
>>> from Crypto.Hash import SHA
>>> from Crypto.PublicKey import RSA
>>> from Crypto import Random
>>>
>>> message = 'To be signed'
>>> key = RSA.importKey(open('privkey.der').read())
>>> h = SHA.new()
>>> h.update(message)
>>> signer = PKCS1_PSS.new(key)
>>> signature = PKCS1_PSS.sign(key)
At the receiver side, verification can be done like using the public part of
the RSA key:
>>> key = RSA.importKey(open('pubkey.der').read())
>>> h = SHA.new()
>>> h.update(message)
>>> verifier = PKCS1_PSS.new(key)
>>> if verifier.verify(h, signature):
>>> print "The signature is authentic."
>>> else:
>>> print "The signature is not authentic."
|
|
PSS_SigScheme
This signature scheme can perform PKCS#1 PSS RSA signature or verification.
|
|
|
new(key,
mgfunc=None,
saltLen=None)
Return a signature scheme object PSS_SigScheme that
can be used to perform PKCS#1 PSS signature or verification. |
|
|
new(key,
mgfunc=None,
saltLen=None)
|
|
Return a signature scheme object PSS_SigScheme that
can be used to perform PKCS#1 PSS signature or verification.
- Parameters:
key (RSA key object) - The key to use to sign or verify the message. This is a Crypto.PublicKey.RSA object.
Signing is only possible if key is a private RSA key.mgfunc (callable) - A mask generation function that accepts two parameters: a string to
use as seed, and the lenth of the mask to generate, in bytes.
If not specified, the standard MGF1 is used.saltLen (int) - Length of the salt, in bytes. If not specified, it matches the output
size of the hash function.
|