{ "mode": "pydoc", "parameter": "rsa", "section": "", "url": "https://www.chedong.com/phpMan.php/pydoc/rsa/json", "generated": "2026-06-02T13:22:43Z", "sections": { "NAME": { "content": "rsa - RSA module\n", "subsections": [] }, "DESCRIPTION": { "content": "Module for calculating large primes, and RSA encryption, decryption, signing\nand verification. Includes generating public and private keys.\n\nWARNING: this implementation does not use compression of the cleartext input to\nprevent repetitions, or other common security improvements. Use with care.\n", "subsections": [] }, "PACKAGE CONTENTS": { "content": "compat\nasn1\ncli\ncommon\ncore\nkey\nparallel\npem\npkcs1\npkcs1v2\nprime\nrandnum\ntransform\nutil\n", "subsections": [] }, "CLASSES": { "content": "rsa.key.AbstractKey(builtins.object)\nrsa.key.PrivateKey\nrsa.key.PublicKey\nrsa.pkcs1.CryptoError(builtins.Exception)\nrsa.pkcs1.DecryptionError\nrsa.pkcs1.VerificationError\n", "subsections": [ { "name": "class DecryptionError", "content": "| Raised when decryption fails.\n|\n| Method resolution order:\n| DecryptionError\n| CryptoError\n| builtins.Exception\n| builtins.BaseException\n| builtins.object\n|\n| Data descriptors inherited from CryptoError:\n|\n| weakref\n| list of weak references to the object (if defined)\n|\n| ----------------------------------------------------------------------\n| Methods inherited from builtins.Exception:\n|\n| init(self, /, *args, kwargs)\n| Initialize self. See help(type(self)) for accurate signature.\n|\n| ----------------------------------------------------------------------\n| Static methods inherited from builtins.Exception:\n|\n| new(*args, kwargs) from builtins.type\n| Create and return a new object. See help(type) for accurate signature.\n|\n| ----------------------------------------------------------------------\n| Methods inherited from builtins.BaseException:\n|\n| delattr(self, name, /)\n| Implement delattr(self, name).\n|\n| getattribute(self, name, /)\n| Return getattr(self, name).\n|\n| reduce(...)\n| Helper for pickle.\n|\n| repr(self, /)\n| Return repr(self).\n|\n| setattr(self, name, value, /)\n| Implement setattr(self, name, value).\n|\n| setstate(...)\n|\n| str(self, /)\n| Return str(self).\n|\n| withtraceback(...)\n| Exception.withtraceback(tb) --\n| set self.traceback to tb and return self.\n|\n| ----------------------------------------------------------------------\n| Data descriptors inherited from builtins.BaseException:\n|\n| cause\n| exception cause\n|\n| context\n| exception context\n|\n| dict\n|\n| suppresscontext\n|\n| traceback\n|\n| args\n" }, { "name": "class PrivateKey", "content": "| PrivateKey(n: int, e: int, d: int, p: int, q: int) -> None\n|\n| Represents a private RSA key.\n|\n| This key is also known as the 'decryption key'. It contains the 'n', 'e',\n| 'd', 'p', 'q' and other values.\n|\n| Supports attributes as well as dictionary-like access. Attribute access is\n| faster, though.\n|\n| >>> PrivateKey(3247, 65537, 833, 191, 17)\n| PrivateKey(3247, 65537, 833, 191, 17)\n|\n| exp1, exp2 and coef will be calculated:\n|\n| >>> pk = PrivateKey(3727264081, 65537, 3349121513, 65063, 57287)\n| >>> pk.exp1\n| 55063\n| >>> pk.exp2\n| 10095\n| >>> pk.coef\n| 50797\n|\n| Method resolution order:\n| PrivateKey\n| AbstractKey\n| builtins.object\n|\n| Methods defined here:\n|\n| eq(self, other: Any) -> bool\n| Return self==value.\n|\n| getitem(self, key: str) -> int\n|\n| getstate(self) -> Tuple[int, int, int, int, int, int, int, int]\n| Returns the key as tuple for pickling.\n|\n| hash(self) -> int\n| Return hash(self).\n|\n| init(self, n: int, e: int, d: int, p: int, q: int) -> None\n| Initialize self. See help(type(self)) for accurate signature.\n|\n| ne(self, other: Any) -> bool\n| Return self!=value.\n|\n| repr(self) -> str\n| Return repr(self).\n|\n| setstate(self, state: Tuple[int, int, int, int, int, int, int, int]) -> None\n| Sets the key from tuple.\n|\n| blindeddecrypt(self, encrypted: int) -> int\n| Decrypts the message using blinding to prevent side-channel attacks.\n|\n| :param encrypted: the encrypted message\n| :type encrypted: int\n|\n| :returns: the decrypted message\n| :rtype: int\n|\n| blindedencrypt(self, message: int) -> int\n| Encrypts the message using blinding to prevent side-channel attacks.\n|\n| :param message: the message to encrypt\n| :type message: int\n|\n| :returns: the encrypted message\n| :rtype: int\n|\n| ----------------------------------------------------------------------\n| Data descriptors defined here:\n|\n| coef\n|\n| d\n|\n| e\n|\n| exp1\n|\n| exp2\n|\n| n\n|\n| p\n|\n| q\n|\n| ----------------------------------------------------------------------\n| Methods inherited from AbstractKey:\n|\n| blind(self, message: int) -> Tuple[int, int]\n| Performs blinding on the message.\n|\n| :param message: the message, as integer, to blind.\n| :param r: the random number to blind with.\n| :return: tuple (the blinded message, the inverse of the used blinding factor)\n|\n| The blinding is such that message = unblind(decrypt(blind(encrypt(message))).\n|\n| See https://en.wikipedia.org/wiki/Blinding%28cryptography%29\n|\n| savepkcs1(self, format: str = 'PEM') -> bytes\n| Saves the key in PKCS#1 DER or PEM format.\n|\n| :param format: the format to save; 'PEM' or 'DER'\n| :type format: str\n| :returns: the DER- or PEM-encoded key.\n| :rtype: bytes\n|\n| unblind(self, blinded: int, blindfacinverse: int) -> int\n| Performs blinding on the message using random number 'blindfacinverse'.\n|\n| :param blinded: the blinded message, as integer, to unblind.\n| :param blindfac: the factor to unblind with.\n| :return: the original message.\n|\n| The blinding is such that message = unblind(decrypt(blind(encrypt(message))).\n|\n| See https://en.wikipedia.org/wiki/Blinding%28cryptography%29\n|\n| ----------------------------------------------------------------------\n| Class methods inherited from AbstractKey:\n|\n| loadpkcs1(keyfile: bytes, format: str = 'PEM') -> 'AbstractKey' from builtins.type\n| Loads a key in PKCS#1 DER or PEM format.\n|\n| :param keyfile: contents of a DER- or PEM-encoded file that contains\n| the key.\n| :type keyfile: bytes\n| :param format: the format of the file to load; 'PEM' or 'DER'\n| :type format: str\n|\n| :return: the loaded key\n| :rtype: AbstractKey\n|\n| ----------------------------------------------------------------------\n| Data descriptors inherited from AbstractKey:\n|\n| blindfac\n|\n| blindfacinverse\n|\n| mutex\n" }, { "name": "class PublicKey", "content": "| PublicKey(n: int, e: int) -> None\n|\n| Represents a public RSA key.\n|\n| This key is also known as the 'encryption key'. It contains the 'n' and 'e'\n| values.\n|\n| Supports attributes as well as dictionary-like access. Attribute access is\n| faster, though.\n|\n| >>> PublicKey(5, 3)\n| PublicKey(5, 3)\n|\n| >>> key = PublicKey(5, 3)\n| >>> key.n\n| 5\n| >>> key['n']\n| 5\n| >>> key.e\n| 3\n| >>> key['e']\n| 3\n|\n| Method resolution order:\n| PublicKey\n| AbstractKey\n| builtins.object\n|\n| Methods defined here:\n|\n| eq(self, other: Any) -> bool\n| Return self==value.\n|\n| getitem(self, key: str) -> int\n|\n| getstate(self) -> Tuple[int, int]\n| Returns the key as tuple for pickling.\n|\n| hash(self) -> int\n| Return hash(self).\n|\n| ne(self, other: Any) -> bool\n| Return self!=value.\n|\n| repr(self) -> str\n| Return repr(self).\n|\n| setstate(self, state: Tuple[int, int]) -> None\n| Sets the key from tuple.\n|\n| ----------------------------------------------------------------------\n| Class methods defined here:\n|\n| loadpkcs1opensslder(keyfile: bytes) -> 'PublicKey' from builtins.type\n| Loads a PKCS#1 DER-encoded public key file from OpenSSL.\n|\n| :param keyfile: contents of a DER-encoded file that contains the public\n| key, from OpenSSL.\n| :return: a PublicKey object\n|\n| loadpkcs1opensslpem(keyfile: bytes) -> 'PublicKey' from builtins.type\n| Loads a PKCS#1.5 PEM-encoded public key file from OpenSSL.\n|\n| These files can be recognised in that they start with BEGIN PUBLIC KEY\n| rather than BEGIN RSA PUBLIC KEY.\n|\n| The contents of the file before the \"-----BEGIN PUBLIC KEY-----\" and\n| after the \"-----END PUBLIC KEY-----\" lines is ignored.\n|\n| :param keyfile: contents of a PEM-encoded file that contains the public\n| key, from OpenSSL.\n| :type keyfile: bytes\n| :return: a PublicKey object\n|\n| ----------------------------------------------------------------------\n| Data descriptors defined here:\n|\n| e\n|\n| n\n|\n| ----------------------------------------------------------------------\n| Methods inherited from AbstractKey:\n|\n| init(self, n: int, e: int) -> None\n| Initialize self. See help(type(self)) for accurate signature.\n|\n| blind(self, message: int) -> Tuple[int, int]\n| Performs blinding on the message.\n|\n| :param message: the message, as integer, to blind.\n| :param r: the random number to blind with.\n| :return: tuple (the blinded message, the inverse of the used blinding factor)\n|\n| The blinding is such that message = unblind(decrypt(blind(encrypt(message))).\n|\n| See https://en.wikipedia.org/wiki/Blinding%28cryptography%29\n|\n| savepkcs1(self, format: str = 'PEM') -> bytes\n| Saves the key in PKCS#1 DER or PEM format.\n|\n| :param format: the format to save; 'PEM' or 'DER'\n| :type format: str\n| :returns: the DER- or PEM-encoded key.\n| :rtype: bytes\n|\n| unblind(self, blinded: int, blindfacinverse: int) -> int\n| Performs blinding on the message using random number 'blindfacinverse'.\n|\n| :param blinded: the blinded message, as integer, to unblind.\n| :param blindfac: the factor to unblind with.\n| :return: the original message.\n|\n| The blinding is such that message = unblind(decrypt(blind(encrypt(message))).\n|\n| See https://en.wikipedia.org/wiki/Blinding%28cryptography%29\n|\n| ----------------------------------------------------------------------\n| Class methods inherited from AbstractKey:\n|\n| loadpkcs1(keyfile: bytes, format: str = 'PEM') -> 'AbstractKey' from builtins.type\n| Loads a key in PKCS#1 DER or PEM format.\n|\n| :param keyfile: contents of a DER- or PEM-encoded file that contains\n| the key.\n| :type keyfile: bytes\n| :param format: the format of the file to load; 'PEM' or 'DER'\n| :type format: str\n|\n| :return: the loaded key\n| :rtype: AbstractKey\n|\n| ----------------------------------------------------------------------\n| Data descriptors inherited from AbstractKey:\n|\n| blindfac\n|\n| blindfacinverse\n|\n| mutex\n" }, { "name": "class VerificationError", "content": "| Raised when verification fails.\n|\n| Method resolution order:\n| VerificationError\n| CryptoError\n| builtins.Exception\n| builtins.BaseException\n| builtins.object\n|\n| Data descriptors inherited from CryptoError:\n|\n| weakref\n| list of weak references to the object (if defined)\n|\n| ----------------------------------------------------------------------\n| Methods inherited from builtins.Exception:\n|\n| init(self, /, *args, kwargs)\n| Initialize self. See help(type(self)) for accurate signature.\n|\n| ----------------------------------------------------------------------\n| Static methods inherited from builtins.Exception:\n|\n| new(*args, kwargs) from builtins.type\n| Create and return a new object. See help(type) for accurate signature.\n|\n| ----------------------------------------------------------------------\n| Methods inherited from builtins.BaseException:\n|\n| delattr(self, name, /)\n| Implement delattr(self, name).\n|\n| getattribute(self, name, /)\n| Return getattr(self, name).\n|\n| reduce(...)\n| Helper for pickle.\n|\n| repr(self, /)\n| Return repr(self).\n|\n| setattr(self, name, value, /)\n| Implement setattr(self, name, value).\n|\n| setstate(...)\n|\n| str(self, /)\n| Return str(self).\n|\n| withtraceback(...)\n| Exception.withtraceback(tb) --\n| set self.traceback to tb and return self.\n|\n| ----------------------------------------------------------------------\n| Data descriptors inherited from builtins.BaseException:\n|\n| cause\n| exception cause\n|\n| context\n| exception context\n|\n| dict\n|\n| suppresscontext\n|\n| traceback\n|\n| args\n" } ] }, "FUNCTIONS": { "content": "", "subsections": [ { "name": "compute_hash", "content": "Returns the message digest.\n\n:param message: the signed message. Can be an 8-bit string or a file-like\nobject. If ``message`` has a ``read()`` method, it is assumed to be a\nfile-like object.\n:param methodname: the hash method, must be a key of\n:py:const:`HASHMETHODS`.\n" }, { "name": "decrypt", "content": "Decrypts the given message using PKCS#1 v1.5\n\nThe decryption is considered 'failed' when the resulting cleartext doesn't\nstart with the bytes 00 02, or when the 00 byte between the padding and\nthe message cannot be found.\n\n:param crypto: the crypto text as returned by :py:func:`rsa.encrypt`\n:param privkey: the :py:class:`rsa.PrivateKey` to decrypt with.\n:raise DecryptionError: when the decryption fails. No details are given as\nto why the code thinks the decryption fails, as this would leak\ninformation about the private key.\n\n\n>>> import rsa\n>>> (pubkey, privkey) = rsa.newkeys(256)\n\nIt works with strings:\n\n>>> crypto = encrypt(b'hello', pubkey)\n>>> decrypt(crypto, privkey)\nb'hello'\n\nAnd with binary data:\n\n>>> crypto = encrypt(b'\\x00\\x00\\x00\\x00\\x01', pubkey)\n>>> decrypt(crypto, privkey)\nb'\\x00\\x00\\x00\\x00\\x01'\n\nAltering the encrypted information will *likely* cause a\n:py:class:`rsa.pkcs1.DecryptionError`. If you want to be *sure*, use\n:py:func:`rsa.sign`.\n\n\n.. warning::\n\nNever display the stack trace of a\n:py:class:`rsa.pkcs1.DecryptionError` exception. It shows where in the\ncode the exception occurred, and thus leaks information about the key.\nIt's only a tiny bit of information, but every bit makes cracking the\nkeys easier.\n\n>>> crypto = encrypt(b'hello', pubkey)\n>>> crypto = crypto[0:5] + b'X' + crypto[6:] # change a byte\n>>> decrypt(crypto, privkey)\nTraceback (most recent call last):\n...\nrsa.pkcs1.DecryptionError: Decryption failed\n" }, { "name": "encrypt", "content": "Encrypts the given message using PKCS#1 v1.5\n\n:param message: the message to encrypt. Must be a byte string no longer than\n``k-11`` bytes, where ``k`` is the number of bytes needed to encode\nthe ``n`` component of the public key.\n:param pubkey: the :py:class:`rsa.PublicKey` to encrypt with.\n:raise OverflowError: when the message is too large to fit in the padded\nblock.\n\n>>> from rsa import key, common\n>>> (pubkey, privkey) = key.newkeys(256)\n>>> message = b'hello'\n>>> crypto = encrypt(message, pubkey)\n\nThe crypto text should be just as long as the public key 'n' component:\n\n>>> len(crypto) == common.bytesize(pubkey.n)\nTrue\n" }, { "name": "find_signature_hash", "content": "Returns the hash name detected from the signature.\n\nIf you also want to verify the message, use :py:func:`rsa.verify()` instead.\nIt also returns the name of the used hash.\n\n:param signature: the signature block, as created with :py:func:`rsa.sign`.\n:param pubkey: the :py:class:`rsa.PublicKey` of the person signing the message.\n:returns: the name of the used hash.\n" }, { "name": "newkeys", "content": "Generates public and private keys, and returns them as (pub, priv).\n\nThe public key is also known as the 'encryption key', and is a\n:py:class:`rsa.PublicKey` object. The private key is also known as the\n'decryption key' and is a :py:class:`rsa.PrivateKey` object.\n\n:param nbits: the number of bits required to store ``n = p*q``.\n:param accurate: when True, ``n`` will have exactly the number of bits you\nasked for. However, this makes key generation much slower. When False,\n`n`` may have slightly less bits.\n:param poolsize: the number of processes to use to generate the prime\nnumbers. If set to a number > 1, a parallel algorithm will be used.\nThis requires Python 2.6 or newer.\n:param exponent: the exponent for the key; only change this if you know\nwhat you're doing, as the exponent influences how difficult your\nprivate key can be cracked. A very common choice for e is 65537.\n:type exponent: int\n\n:returns: a tuple (:py:class:`rsa.PublicKey`, :py:class:`rsa.PrivateKey`)\n\nThe ``poolsize`` parameter was added in *Python-RSA 3.1* and requires\nPython 2.6 or newer.\n" }, { "name": "sign", "content": "Signs the message with the private key.\n\nHashes the message, then signs the hash with the given key. This is known\nas a \"detached signature\", because the message itself isn't altered.\n\n:param message: the message to sign. Can be an 8-bit string or a file-like\nobject. If ``message`` has a ``read()`` method, it is assumed to be a\nfile-like object.\n:param privkey: the :py:class:`rsa.PrivateKey` to sign with\n:param hashmethod: the hash method used on the message. Use 'MD5', 'SHA-1',\n'SHA-224', SHA-256', 'SHA-384' or 'SHA-512'.\n:return: a message signature block.\n:raise OverflowError: if the private key is too small to contain the\nrequested hash.\n" }, { "name": "sign_hash", "content": "Signs a precomputed hash with the private key.\n\nHashes the message, then signs the hash with the given key. This is known\nas a \"detached signature\", because the message itself isn't altered.\n\n:param hashvalue: A precomputed hash to sign (ignores message).\n:param privkey: the :py:class:`rsa.PrivateKey` to sign with\n:param hashmethod: the hash method used on the message. Use 'MD5', 'SHA-1',\n'SHA-224', SHA-256', 'SHA-384' or 'SHA-512'.\n:return: a message signature block.\n:raise OverflowError: if the private key is too small to contain the\nrequested hash.\n" }, { "name": "verify", "content": "Verifies that the signature matches the message.\n\nThe hash method is detected automatically from the signature.\n\n:param message: the signed message. Can be an 8-bit string or a file-like\nobject. If ``message`` has a ``read()`` method, it is assumed to be a\nfile-like object.\n:param signature: the signature block, as created with :py:func:`rsa.sign`.\n:param pubkey: the :py:class:`rsa.PublicKey` of the person signing the message.\n:raise VerificationError: when the signature doesn't match the message.\n:returns: the name of the used hash.\n" } ] }, "DATA": { "content": "all = ['newkeys', 'encrypt', 'decrypt', 'sign', 'verify', 'PublicK...\n", "subsections": [] }, "VERSION": { "content": "4.8\n", "subsections": [] }, "DATE": { "content": "2021-11-24\n", "subsections": [] }, "AUTHOR": { "content": "Sybren Stuvel, Barry Mead and Yesudeep Mangalapilly\n", "subsections": [] }, "FILE": { "content": "/usr/lib/python3/dist-packages/rsa/init.py\n\n", "subsections": [] } }, "summary": "rsa - RSA module", "flags": [], "examples": [], "see_also": [] }