RSA¶

class pyflocker.ciphers.backends.cryptodome_.RSA.RSAPrivateKey(n: int | None, e: int = 65537, _key: RsaKey | None = None)[source]¶

Bases: BaseRSAPrivateKey

property p: int¶: First factor of RSA modulus.

property q: int¶: Second factor of RSA modulus.

property d: int¶: RSA private exponent.

property n: int¶

RSA public modulus.

The number n is such that n == p * q.

property e: int¶: RSA public exponent.

property key_size: int¶: Size of the key, in bits.

decryptor(padding: BaseAsymmetricPadding | None = None) → DecryptorContext[source]¶

Creates a decryption context.

Parameters:: padding – The padding to use. Default is OAEP.
Returns:: object for decrypting ciphertexts.

signer(padding: BaseAsymmetricPadding | None = None) → SignerContext[source]¶

Create a signer context.

Parameters:: padding – The padding to use. Default is PSS.
Returns:: Signer object for signing messages.

Note

If the padding is PSS and salt_length is None, the salt length will be maximized, as in OpenSSL.

public_key() → RSAPublicKey[source]¶

Creates a public key from the private key.

Returns:: The RSA public key.

serialize(encoding: str = 'PEM', format: str = 'PKCS8', passphrase: bytes | None = None, *, protection: str | None = None) → bytes[source]¶

Serialize the private key.

Parameters:

encoding – PEM or DER (defaults to PEM).
format – PKCS1 or PKCS8 (defaults to PKCS8).
passphrase – a bytes object to use for encrypting the private key. If passphrase is None, the private key will be exported in the clear!

Keyword Arguments:

protection – The protection scheme to use. Supplying a value for protection has meaning only if the format is PKCS8. If None is provided scryptAndAES256-CBC is used as the protection scheme.

Returns:

Serialized key as a bytes object.

Raises:

ValueError – If the encoding or format is incorrect or, if DER is used with PKCS1 or, protection value is supplied with PKCS1 format.

classmethod load(data: bytes, passphrase: bytes | None = None) → RSAPrivateKey[source]¶

Loads the private key as bytes object and returns the Key interface.

Parameters:

data – The key as bytes object.
passphrase – The passphrase that deserializes the private key. It must be a bytes-like object if the key was encrypted while serialization, otherwise None.

Returns:

RSA private key.

Raises:

ValueError – if the key could not be deserialized.

class pyflocker.ciphers.backends.cryptodome_.RSA.RSAPublicKey(key: RsaKey)[source]¶

Bases: BaseRSAPublicKey

property n: int¶

RSA public modulus.

The number n is such that n = p * q.

property e: int¶: RSA public exponent.

property key_size: int¶: Size of the key, in bits.

encryptor(padding: BaseAsymmetricPadding | None = None) → EncryptorContext[source]¶

Creates a encryption context.

Parameters:: padding – The padding to use. Defaults to OAEP.
Returns:: object for encrypting plaintexts.

verifier(padding: BaseAsymmetricPadding | None = None) → VerifierContext[source]¶

Creates a verifier context.

Parameters:: padding – The padding to use. Defaults to PSS.
Returns:: verifier object for verification.

serialize(encoding: str = 'PEM', format: str = 'SubjectPublicKeyInfo') → bytes[source]¶

Serialize the public key.

Parameters:

encoding – PEM, DER or OpenSSH (defaults to PEM).
format –
The supported formats are:
- SubjectPublicKeyInfo
- OpenSSH
Note

format argument is not actually used by Cryptodome. It is here to maintain compatibility with pyca/cryptography backend counterpart.

Returns:

The serialized public key as bytes object.

Raises:

ValueError – if the encoding or format is not supported or invalid, or OpenSSH encoding is not used with OpenSSH format.

classmethod load(data: bytes) → RSAPublicKey[source]¶

Loads the public key as bytes object and returns the Key interface.

Parameters:: data – The key as bytes object.
Returns:: The RSA public key.
Raises:: ValueError – if the key could not be deserialized.

class pyflocker.ciphers.backends.cryptodome_.RSA.EncryptorContext(ctx: Any)[source]¶

Bases: BaseEncryptorContext

encrypt(plaintext: bytes) → bytes[source]¶

Encrypts the plaintext and returns the ciphertext.

Parameters:: plaintext – The data to encrypt.
Returns:: encrypted bytes object.

class pyflocker.ciphers.backends.cryptodome_.RSA.DecryptorContext(ctx: Any)[source]¶

Bases: BaseDecryptorContext

decrypt(plaintext: bytes) → bytes[source]¶

Decrypts the ciphertext and returns the plaintext.

Parameters:: ciphertext – The ciphertext to decrypt.
Returns:: The plaintext.
Raises:: DecryptionError – if the decryption was not successful.

class pyflocker.ciphers.backends.cryptodome_.RSA.SignerContext(ctx: Any)[source]¶

Bases: BaseSignerContext

sign(msghash: BaseHash) → bytes[source]¶

Return the signature of the message hash.

Parameters:: msghash – It must be a BaseHash object, used to digest the message to sign.
Returns:: signature of the message as bytes object.

class pyflocker.ciphers.backends.cryptodome_.RSA.VerifierContext(ctx: Any)[source]¶

Bases: BaseVerifierContext

verify(msghash: BaseHash, signature: bytes) → None[source]¶

Verifies the signature of the message hash.

Parameters:

msghash – It must be a BaseHash object, used to digest the message to sign.
signature – The signature of the message.

Raises:

SignatureError – if the signature was incorrect.

pyflocker.ciphers.backends.cryptodome_.RSA.generate(bits: int, e: int = 65537) → RSAPrivateKey[source]¶

Generate a private key with given key modulus bits and public exponent e (default 65537). Recommended size of bits > 1024.

Parameters:

bits – The bit length of the RSA key.
e – The public exponent value. Default is 65537.

Returns:

The RSA private key.

pyflocker.ciphers.backends.cryptodome_.RSA.load_public_key(data: bytes) → RSAPublicKey[source]¶

Loads the public key and returns a Key interface.

Parameters:: data – The public key (a bytes-like object) to deserialize.
Returns:: The RSA public key.

pyflocker.ciphers.backends.cryptodome_.RSA.load_private_key(data: bytes, passphrase: bytes | None = None) → RSAPrivateKey[source]¶

Loads the private key and returns a Key interface.

If the private key is not encrypted duting the serialization, passphrase must be None, otherwise it must be a bytes object.

Parameters:

data – The private key (a bytes-like object) to deserialize.
passphrase – The passphrase that is used to encrypt the private key. None if the private key is not encrypted.

Returns:

The RSA private key.