tlslite.utils.ecdsakey module

Abstract class for ECDSA.

class tlslite.utils.ecdsakey.ECDSAKey(public_key, private_key)[source]

Bases: object

This is an abstract base class for ECDSA keys.

Particular implementations of ECDSA keys, such as Python_ECDSAKey … more coming inherit from this.

To create or parse an ECDSA key, don’t use one of these classes directly. Instead, use the factory functions in keyfactory.

__init__(public_key, private_key)[source]

Create a new ECDSA key.

If public_key or private_key are passed in, the new key will be initialized.

Parameters:

  • public_key – ECDSA public key.

  • private_key – ECDSA private key.

acceptsPassword()[source]

Return True if the write() method accepts a password for use in encrypting the private key.

Return type:

bool

static generate(bits)[source]

Generate a new key with the specified curve.

Return type:

ECDSAKey

hasPrivateKey()[source]

Return whether or not this key has a private component.

Return type:

bool

hashAndSign(bytes, rsaScheme=None, hAlg='sha1', sLen=None)[source]

Hash and sign the passed-in bytes.

This requires the key to have a private component. It performs a signature on the passed-in data with selected hash algorithm.

Parameters:

  • bytes (bytes-like object) – The value which will be hashed and signed.

  • rsaScheme (str) – Ignored, present for API compatibility with RSA

  • hAlg (str) – The hash algorithm that will be used to hash data

  • sLen (int) – Ignored, present for API compatibility with RSA

Return type:

bytearray

Returns:

An ECDSA signature on the passed-in data.

hashAndVerify(sigBytes, bytes, rsaScheme=None, hAlg='sha1', sLen=None)[source]

Hash and verify the passed-in bytes with the signature.

This verifies an ECDSA signature on the passed-in data with selected hash algorithm.

Parameters:

  • sigBytes (bytearray) – An ECDSA signature, DER encoded.

  • bytes (str or bytearray) – The value which will be hashed and verified.

  • rsaScheme (str) – Ignored, present for API compatibility with RSA

  • hAlg (str) – The hash algorithm that will be used

  • sLen (int) – Ignored, present for API compatibility with RSA

Return type:

bool

Returns:

Whether the signature matches the passed-in data.

sign(bytes, padding=None, hashAlg='sha1', saltLen=None)[source]

Sign the passed-in bytes.

This requires the key to have a private component. It performs an ECDSA signature on the passed-in data.

Parameters:

  • bytes (bytearray) – The value which will be signed (generally a binary encoding of hash output.

  • padding (str) – Ignored, present for API compatibility with RSA

  • hashAlg (str) – name of hash that was used for calculating the bytes

  • saltLen (int) – Ignored, present for API compatibility with RSA

Return type:

bytearray

Returns:

An ECDSA signature on the passed-in data.

verify(sigBytes, bytes, padding=None, hashAlg=None, saltLen=None)[source]

Verify the passed-in bytes with the signature.

This verifies a PKCS1 signature on the passed-in data.

Parameters:

  • sigBytes (bytearray) – A PKCS1 signature.

  • bytes (bytearray) – The value which will be verified.

  • padding (str) – Ignored, present for API compatibility with RSA

Return type:

bool

Returns:

Whether the signature matches the passed-in data.

write(password=None)[source]

Return a string containing the key.

Return type:

str

Returns:

A string describing the key, in whichever format (PEM) is native to the implementation.