Class PSS_SigScheme

Parameters:

• key (an RSA key object) - If a private half is given, both signature and verification are possible. If a public half is given, only verification is possible.
• mgfunc (callable) - A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes.
• saltLen (int) - Length of the salt, in bytes.

Produce the PKCS#1 PSS signature of a message.

This function is named RSASSA-PSS-SIGN, and is specified in section 8.1.1 of RFC3447.

Parameters:

• mhash (hash object) - The hash that was carried out over the message. This is an object belonging to the Crypto.Hash module.

Returns:

The PSS signature encoded as a string.

Raises:

• ValueError - If the RSA key length is not sufficiently long to deal with the given hash algorithm.
• TypeError - If the RSA key has no private half.

Verify that a certain PKCS#1 PSS signature is authentic.

This function checks if the party holding the private half of the given RSA key has really signed the message.

This function is called RSASSA-PSS-VERIFY, and is specified in section 8.1.2 of RFC3447.

Parameters:

• mhash (hash object) - The hash that was carried out over the message. This is an object belonging to the Crypto.Hash module.
• S (string) - The signature that needs to be validated.

Returns:

True if verification is correct. False otherwise.