tlslite.utils.rsakey module

Abstract class for RSA.

class tlslite.utils.rsakey.RSAKey(n=0, e=0)

Bases: object

This is an abstract base class for RSA keys.

Particular implementations of RSA keys, such as OpenSSL_RSAKey, Python_RSAKey, and PyCrypto_RSAKey, inherit from this.

To create or parse an RSA key, don’t use one of these classes directly. Instead, use the factory functions in keyfactory.

EMSA_PSS_encode(mHash, emBits, hAlg, sLen=0)

Encode the passed in message

This encodes the message using selected hash algorithm

Parameters:
  • mHash (bytearray) – Hash of message to be encoded

  • emBits (int) – maximal length of returned EM

  • hAlg (str) – hash algorithm to be used

  • sLen (int) – length of salt

EMSA_PSS_verify(mHash, EM, emBits, hAlg, sLen=0)

Verify signature in passed in encoded message

This verifies the signature in encoded message

Parameters:
  • mHash (bytearray) – Hash of the original not signed message

  • EM (bytearray) – Encoded message

  • emBits (int) – Length of the encoded message in bits

  • hAlg (str) – hash algorithm to be used

  • sLen (int) – Length of salt

MGF1(mgfSeed, maskLen, hAlg)

Generate mask from passed-in seed.

This generates mask based on passed-in seed and output maskLen.

Parameters:
  • mgfSeed (bytearray) – Seed from which mask will be generated.

  • maskLen (int) – Wished length of the mask, in octets

Return type:

bytearray

Returns:

Mask

RSASSA_PSS_sign(mHash, hAlg, sLen=0)

“Sign the passed in message

This signs the message using selected hash algorithm

Parameters:
  • mHash (bytearray) – Hash of message to be signed

  • hAlg (str) – hash algorithm to be used

  • sLen (int) – length of salt

RSASSA_PSS_verify(mHash, S, hAlg, sLen=0)

Verify the signature in passed in message

This verifies the signature in the signed message

Parameters:
  • mHash (bytearray) – Hash of original message

  • S (bytearray) – Signed message

  • hAlg (str) – Hash algorithm to be used

  • sLen (int) – Length of salt

__init__(n=0, e=0)

Create a new RSA key.

If n and e are passed in, the new key will be initialized.

Parameters:
  • n (int) – RSA modulus.

  • e (int) – RSA public exponent.

acceptsPassword()

Return True if the write() method accepts a password for use in encrypting the private key.

Return type:

bool

classmethod addPKCS1Prefix(data, hashName)

Add the PKCS#1 v1.5 algorithm identifier prefix to hash bytes

classmethod addPKCS1SHA1Prefix(hashBytes, withNULL=True)

Add PKCS#1 v1.5 algorithm identifier prefix to SHA1 hash bytes

decrypt(encBytes)

Decrypt the passed-in bytes.

This requires the key to have a private component. It performs PKCS1 decryption of the passed-in data.

Parameters:

encBytes (bytearray) – The value which will be decrypted.

Return type:

bytearray or None

Returns:

A PKCS1 decryption of the passed-in data or None if the data is not properly formatted.

encrypt(bytes)

Encrypt the passed-in bytes.

This performs PKCS1 encryption of the passed-in data.

Parameters:

bytes (bytearray) – The value which will be encrypted.

Return type:

bytearray

Returns:

A PKCS1 encryption of the passed-in data.

static generate(bits)

Generate a new key with the specified bit length.

Return type:

RSAKey

hasPrivateKey()

Return whether or not this key has a private component.

Return type:

bool

hashAndSign(bytes, rsaScheme='PKCS1', hAlg='sha1', sLen=0)

Hash and sign the passed-in bytes.

This requires the key to have a private component. It performs a PKCS1 or PSS signature on the passed-in data with selected hash algorithm.

Parameters:
  • bytes (str or bytearray) – The value which will be hashed and signed.

  • rsaScheme (str) – The type of RSA scheme that will be applied, “PKCS1” for RSASSA-PKCS#1 v1.5 signature and “PSS” for RSASSA-PSS with MGF1 signature method

  • hAlg (str) – The hash algorithm that will be used

  • sLen (int) – The length of intended salt value, applicable only for RSASSA-PSS signatures

Return type:

bytearray

Returns:

A PKCS1 or PSS signature on the passed-in data.

hashAndVerify(sigBytes, bytes, rsaScheme='PKCS1', hAlg='sha1', sLen=0)

Hash and verify the passed-in bytes with the signature.

This verifies a PKCS1 or PSS signature on the passed-in data with selected hash algorithm.

Parameters:
  • sigBytes (bytearray) – A PKCS1 or PSS signature.

  • bytes (str or bytearray) – The value which will be hashed and verified.

  • rsaScheme (str) – The type of RSA scheme that will be applied, “PKCS1” for RSASSA-PKCS#1 v1.5 signature and “PSS” for RSASSA-PSS with MGF1 signature method

  • hAlg (str) – The hash algorithm that will be used

  • sLen (int) – The length of intended salt value, applicable only for RSASSA-PSS signatures

Return type:

bool

Returns:

Whether the signature matches the passed-in data.

sign(bytes, padding='pkcs1', hashAlg=None, saltLen=None)

Sign the passed-in bytes.

This requires the key to have a private component. It performs a PKCS1 signature on the passed-in data.

Parameters:
  • bytes (bytearray) – The value which will be signed.

  • padding (str) – name of the rsa padding mode to use, supported: “pkcs1” for RSASSA-PKCS1_1_5 and “pss” for RSASSA-PSS.

  • hashAlg (str) – name of hash to be encoded using the PKCS#1 prefix for “pkcs1” padding or the hash used for MGF1 in “pss”. Parameter is mandatory for “pss” padding.

  • saltLen (int) – length of salt used for the PSS padding. Default is the length of the hash output used.

Return type:

bytearray

Returns:

A PKCS1 signature on the passed-in data.

verify(sigBytes, bytes, padding='pkcs1', hashAlg=None, saltLen=None)

Verify the passed-in bytes with the signature.

This verifies a PKCS1 signature on the passed-in data.

Parameters:
  • sigBytes (bytearray) – A PKCS1 signature.

  • bytes (bytearray) – The value which will be verified.

Return type:

bool

Returns:

Whether the signature matches the passed-in data.

write(password=None)

Return a string containing the key.

Return type:

str

Returns:

A string describing the key, in whichever format (PEM) is native to the implementation.