Package Crypto :: Package PublicKey :: Module RSA
[frames] | no frames]

Module RSA

RSA public-key cryptography algorithm (signature and encryption).

RSA is the most widespread and used public key algorithm. Its security is based on the difficulty of factoring large integers. The algorithm has withstood attacks for 30 years, and it is therefore considered reasonably secure for new designs.

The algorithm can be used for both confidentiality (encryption) and authentication (digital signature). It is worth noting that signing and decryption are significantly slower than verification and encryption. The cryptograhic strength is primarily linked to the length of the modulus n. In 2012, a sufficient length is deemed to be 2048 bits. For more information, see the most recent ECRYPT report.

Both RSA ciphertext and RSA signature are as big as the modulus n (256 bytes if n is 2048 bit long).

This module provides facilities for generating fresh, new RSA keys, constructing them from known components, exporting them, and importing them.

>>> from Crypto.PublicKey import RSA
>>>
>>> key = RSA.generate(2048)
>>> f = open('mykey.pem','w')
>>> f.write(RSA.exportKey('PEM'))
>>> f.close()
...
>>> f = open('mykey.pem','r')
>>> key = RSA.importKey(f.read())

Even though you may choose to directly use the methods of an RSA key object to perform the primitive cryptographic operations (e.g. _RSAobj.encrypt), it is recommended to use one of the standardized schemes instead (like Crypto.Cipher.PKCS1_v1_5 or Crypto.Signature.PKCS1_v1_5).

Classes
  error
  _RSAobj
Class defining an actual RSA key.
  RSAImplementation
An RSA key factory.
Functions
 
generate(bits, randfunc=None, progress_func=None, e=65537)
Randomly generate a fresh, new RSA key object.
 
construct(tup)
Construct an RSA key object from a tuple of valid RSA components.
 
importKey(externKey, passphrase=None)
Import an RSA key (public or private half), encoded in standard form.
Function Details

generate(bits, randfunc=None, progress_func=None, e=65537)

 

Randomly generate a fresh, new RSA key object.

See RSAImplementation.generate.

Parameters:
  • bits (int) - Key length, or size (in bits) of the RSA modulus. It must be a multiple of 256, and no smaller than 1024.
  • randfunc (callable) - Random number generation function; it should accept a single integer N and return a string of random data N bytes long. If not specified, a new one will be instantiated from Crypto.Random.
  • progress_func (callable) - Optional function that will be called with a short string containing the key parameter currently being generated; it's useful for interactive applications where a user is waiting for a key to be generated.
  • e (int) - Public RSA exponent. It must be an odd positive integer. It is typically a small number with very few ones in its binary representation. The default value 65537 (= 0b10000000000000001 ) is a safe choice: other common values are 5, 7, 17, and 257.
Returns:
An RSA key object (_RSAobj).
Raises:
  • ValueError - When bits is too little or not a multiple of 256, or when e is not odd or smaller than 2.
Attention:
  • You should always use a cryptographically secure random number generator, such as the one defined in the Crypto.Random module; don't just use the current time and the random module.
  • Exponent 3 is also widely used, but it requires very special care when padding the message.

construct(tup)

 

Construct an RSA key object from a tuple of valid RSA components.

See RSAImplementation.construct.

Parameters:
  • tup (tuple) - A tuple of long integers, with at least 2 and no more than 6 items. The items come in the following order:

    1. RSA modulus (n).
    2. Public exponent (e).
    3. Private exponent (d). Only required if the key is private.
    4. First factor of n (p). Optional.
    5. Second factor of n (q). Optional.
    6. CRT coefficient, (1/p) mod q (u). Optional.
Returns:
An RSA key object (_RSAobj).

importKey(externKey, passphrase=None)

 

Import an RSA key (public or private half), encoded in standard form.

See RSAImplementation.importKey.

Parameters:
  • externKey (string) - The RSA key to import, encoded as a string.

    An RSA public key can be in any of the following formats:

    • X.509 subjectPublicKeyInfo DER SEQUENCE (binary or PEM encoding)
    • PKCS#1 RSAPublicKey DER SEQUENCE (binary or PEM encoding)
    • OpenSSH (textual public key only)

    An RSA private key can be in any of the following formats:

    • PKCS#1 RSAPrivateKey DER SEQUENCE (binary or PEM encoding)
    • PKCS#8 PrivateKeyInfo DER SEQUENCE (binary or PEM encoding)
    • OpenSSH (textual public key only)

    For details about the PEM encoding, see RFC1421/RFC1423.

    In case of PEM encoding, the private key can be encrypted with DES or 3TDES according to a certain pass phrase. Only OpenSSL-compatible pass phrases are supported.

  • passphrase (string) - In case of an encrypted PEM key, this is the pass phrase from which the encryption key is derived.
Returns:
An RSA key object (_RSAobj).
Raises:
  • ValueError/IndexError/TypeError - When the given key cannot be parsed (possibly because the pass phrase is wrong).