tlslite.utils.rsakey module
Abstract class for RSA.
- class tlslite.utils.rsakey.RSAKey(n=0, e=0, key_type='rsa')[source]
Bases:
object
This is an abstract base class for RSA keys.
Particular implementations of RSA keys, such as
OpenSSL_RSAKey
,Python_RSAKey
, andPyCrypto_RSAKey
, inherit from this.To create or parse an RSA key, don’t use one of these classes directly. Instead, use the factory functions in
keyfactory
.- EMSA_PSS_encode(mHash, emBits, hAlg, sLen=0)[source]
Encode the passed in message
This encodes the message using selected hash algorithm
- EMSA_PSS_verify(mHash, EM, emBits, hAlg, sLen=0)[source]
Verify signature in passed in encoded message
This verifies the signature in encoded message
- MGF1(mgfSeed, maskLen, hAlg)[source]
Generate mask from passed-in seed.
This generates mask based on passed-in seed and output maskLen.
- RSASSA_PSS_sign(mHash, hAlg, sLen=0)[source]
“Sign the passed in message
This signs the message using selected hash algorithm
- RSASSA_PSS_verify(mHash, S, hAlg, sLen=0)[source]
Verify the signature in passed in message
This verifies the signature in the signed message
- __init__(n=0, e=0, key_type='rsa')[source]
Create a new RSA key.
If n and e are passed in, the new key will be initialized.
- acceptsPassword()[source]
Return True if the write() method accepts a password for use in encrypting the private key.
- Return type:
- classmethod addPKCS1Prefix(data, hashName)[source]
Add the PKCS#1 v1.5 algorithm identifier prefix to hash bytes
- classmethod addPKCS1SHA1Prefix(hashBytes, withNULL=True)[source]
Add PKCS#1 v1.5 algorithm identifier prefix to SHA1 hash bytes
- decrypt(encBytes)[source]
Decrypt the passed-in bytes.
This requires the key to have a private component. It performs PKCS#1 v1.5 decryption operation of the passed-in data.
Note: as a workaround against Bleichenbacher-like attacks, it will return a deterministically selected random message in case the padding checks failed. It returns an error (None) only in case the ciphertext is of incorrect length or encodes an integer bigger than the modulus of the key (i.e. it’s publically invalid).
- Parameters:
encBytes (bytes-like object) – The value which will be decrypted.
- Return type:
bytearray or None
- Returns:
A PKCS#1 v1.5 decryption of the passed-in data or None if the provided data is not properly formatted. Note: encrypting an empty string is correct, so it may return an empty bytearray for some ciphertexts.
- encrypt(bytes)[source]
Encrypt the passed-in bytes.
This performs PKCS1 encryption of the passed-in data.
- Parameters:
bytes (bytes-like object) – The value which will be encrypted.
- Return type:
- Returns:
A PKCS1 encryption of the passed-in data.
- static generate(bits, key_type='rsa')[source]
Generate a new key with the specified bit length.
- Return type:
RSAKey
- hashAndSign(bytes, rsaScheme='PKCS1', hAlg='sha1', sLen=0)[source]
Hash and sign the passed-in bytes.
This requires the key to have a private component. It performs a PKCS1 or PSS signature on the passed-in data with selected hash algorithm.
- Parameters:
bytes (bytes-like object) – The value which will be hashed and signed.
rsaScheme (str) – The type of RSA scheme that will be applied, “PKCS1” for RSASSA-PKCS#1 v1.5 signature and “PSS” for RSASSA-PSS with MGF1 signature method
hAlg (str) – The hash algorithm that will be used
sLen (int) – The length of intended salt value, applicable only for RSASSA-PSS signatures
- Return type:
- Returns:
A PKCS1 or PSS signature on the passed-in data.
- hashAndVerify(sigBytes, bytes, rsaScheme='PKCS1', hAlg='sha1', sLen=0)[source]
Hash and verify the passed-in bytes with the signature.
This verifies a PKCS1 or PSS signature on the passed-in data with selected hash algorithm.
- Parameters:
sigBytes (bytes-like object) – A PKCS1 or PSS signature.
bytes (bytes-like object) – The value which will be hashed and verified.
rsaScheme (str) – The type of RSA scheme that will be applied, “PKCS1” for RSASSA-PKCS#1 v1.5 signature and “PSS” for RSASSA-PSS with MGF1 signature method
hAlg (str) – The hash algorithm that will be used
sLen (int) – The length of intended salt value, applicable only for RSASSA-PSS signatures
- Return type:
- Returns:
Whether the signature matches the passed-in data.
- sign(bytes, padding='pkcs1', hashAlg=None, saltLen=None)[source]
Sign the passed-in bytes.
This requires the key to have a private component. It performs a PKCS1 signature on the passed-in data.
- Parameters:
bytes (bytes-like object) – The value which will be signed.
padding (str) – name of the rsa padding mode to use, supported: “pkcs1” for RSASSA-PKCS1_1_5 and “pss” for RSASSA-PSS.
hashAlg (str) – name of hash to be encoded using the PKCS#1 prefix for “pkcs1” padding or the hash used for MGF1 in “pss”. Parameter is mandatory for “pss” padding.
saltLen (int) – length of salt used for the PSS padding. Default is the length of the hash output used.
- Return type:
- Returns:
A PKCS1 signature on the passed-in data.
- verify(sigBytes, bytes, padding='pkcs1', hashAlg=None, saltLen=None)[source]
Verify the passed-in bytes with the signature.
This verifies a PKCS1 signature on the passed-in data.
- Parameters:
sigBytes (bytes-like object) – A PKCS1 signature.
bytes (bytes-like object) – The value which will be verified.
- Return type:
- Returns:
Whether the signature matches the passed-in data.
- tlslite.utils.rsakey.bytes_to_int(bytes, byteorder='big', *, signed=False)
Return the integer represented by the given array of bytes.
- bytes
Holds the array of bytes to convert. The argument must either support the buffer protocol or be an iterable object producing bytes. Bytes and bytearray are examples of built-in objects that support the buffer protocol.
- byteorder
The byte order used to represent the integer. If byteorder is ‘big’, the most significant byte is at the beginning of the byte array. If byteorder is ‘little’, the most significant byte is at the end of the byte array. To request the native byte order of the host system, use `sys.byteorder’ as the byte order value. Default is to use ‘big’.
- signed
Indicates whether two’s complement is used to represent the integer.