This module implements that PKCS #1 RSA encryption standard. It must
be used in conjunction with Crypto.PublicKey.RSA, which
provides the cryptographic primitives.
The PKCS #1 standard is available from RSA Labs. As of April 10, 2000
the url is http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/.
This module defines several classes. The primary interfaces are the
RSA_pkcs1 class and getSignatureImpl() function,
which returns an appropriate subclass of DigestWithRSA.
- RSA_pkcs1 (key)
-
The RSA_pkcs1 class is a wrapper for
Crypto.PublicKey.RSA key objects that implements the PKCS #1
standard. Its encryption and decryption methods handle objects that
are properly padded and encoded for interchange with other PKCS #1
implementations.
The constructor accepts either a key object generated by
Crypto.PublicKey.RSA or a tuple of key components that can be
used to construct one.
RSA_pkcs1 defines the following methods:
- getPublicComponents ()
-
Returns the public components of the key, e and n.
- getPrivateComponents ()
-
Returns the public components of the key, d, p and q.
- encryptPublic (plain)
-
Returns the plaintext plain encrypted with the public key.
Raises ValueError if the plaintext is too long for the key.
- decryptPublic (cipher)
-
Returns the plaintext obtained by decrypting cipher with the
public key. Raises ValueError if the ciphertext is too long for the key.
- encryptPrivate (plain)
-
Returns the plaintext plain encrypted with the private key.
Raises ValueError if the plaintext is too long for the key.
- decryptPrivate (cipher)
-
Returns the plaintext obtained by decrypting cipher with the
private key. Raises ValueError if the ciphertext is too long for the key.
- DigestWithRSA (key)
-
The DigestWithRSA is an abstract base class that defines
sign and verify methods that perform digital
signature operations as defined by PKCS #1. Subclasses of
DigestWithRSA implement a digest method that is used
to generate the approriate message digest of the signed object.
Subclasses must also define two attributes that identify the hash
algorithm: _digAlgId, a
pisces.algid.AlgorithmIdentifier, and oid, a
pisces.asn1.OID.
The constructor takes an RSA_pkcs1 instance.
DigestWithRSA defines the following methods:
- sign (data)
-
Returns a string representing the signature of data. Internally,
encrypts a digest of data with the private key.
- verify (data, sig)
-
Verify that the signature sig matches the original string
data. Returns 1 if the signature is correct and 0 if it is
not. Raises a ValueError if the hash algorithm used with
the signature does not match the hash algorithm the instance supports.
- digest (data)
-
Returns a digest of data using the hash function defined for the
instance. Note that this method is defined in subclasses of
DigestWithRSA.
- MD5withRSA (key)
-
A subclass of DigestWithRSA that supports the MD5 hash
algorithm.
- MD2withRSA (key)
-
A subclass of DigestWithRSA that supports the MD2 hash
algorithm.
- getSignatureImpl (algorithmId)
-
Returns a subclass of DigestWithRSA that supports the hash
algorithm described by algorithmId, which must be an instance of
pisces.asn1.OID. Currently, MD2 and MD5 are the only
supported hash algorithms.