Package Crypto :: Package Signature :: Module PKCS1_PSS
[frames] | no frames]

Module PKCS1_PSS

RSA digital signature protocol with appendix according to PKCS#1 PSS.

See RFC3447 or the original RSA Labs specification.

This scheme is more properly called RSASSA-PSS.

For example, a sender may authenticate a message using SHA-1 and PSS like this:

>>> from Crypto.Signature import PKCS1_PSS
>>> from Crypto.Hash import SHA
>>> from Crypto.PublicKey import RSA
>>> from Crypto import Random
>>>
>>> message = 'To be signed'
>>> key = RSA.importKey(open('privkey.der').read())
>>> h = SHA.new()
>>> h.update(message)
>>> signer = PKCS1_PSS.new(key)
>>> signature = PKCS1_PSS.sign(key)

At the receiver side, verification can be done like using the public part of the RSA key:

>>> key = RSA.importKey(open('pubkey.der').read())
>>> h = SHA.new()
>>> h.update(message)
>>> verifier = PKCS1_PSS.new(key)
>>> if verifier.verify(h, signature):
>>>     print "The signature is authentic."
>>> else:
>>>     print "The signature is not authentic."
Classes
  PSS_SigScheme
This signature scheme can perform PKCS#1 PSS RSA signature or verification.
Functions
 
new(key, mgfunc=None, saltLen=None)
Return a signature scheme object PSS_SigScheme that can be used to perform PKCS#1 PSS signature or verification.
Function Details

new(key, mgfunc=None, saltLen=None)

 
Return a signature scheme object PSS_SigScheme that can be used to perform PKCS#1 PSS signature or verification.
Parameters:
  • key (RSA key object) - The key to use to sign or verify the message. This is a Crypto.PublicKey.RSA object. Signing is only possible if key is a private RSA key.
  • mgfunc (callable) - A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. If not specified, the standard MGF1 is used.
  • saltLen (int) - Length of the salt, in bytes. If not specified, it matches the output size of the hash function.