{ "content": [ { "type": "text", "text": "# rsa (pydoc)\n\n**Summary:** rsa - RSA module\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **DESCRIPTION** (6 lines)\n- **PACKAGE CONTENTS** (15 lines)\n- **CLASSES** (7 lines) — 4 subsections\n - class DecryptionError (70 lines)\n - class PrivateKey (147 lines)\n - class PublicKey (141 lines)\n - class VerificationError (70 lines)\n- **FUNCTIONS** (1 lines) — 8 subsections\n - compute_hash (8 lines)\n - decrypt (48 lines)\n - encrypt (19 lines)\n - find_signature_hash (9 lines)\n - newkeys (23 lines)\n - sign (15 lines)\n - sign_hash (13 lines)\n - verify (12 lines)\n- **DATA** (2 lines)\n- **VERSION** (2 lines)\n- **DATE** (2 lines)\n- **AUTHOR** (2 lines)\n- **FILE** (3 lines)\n\n## Full Content\n\n### NAME\n\nrsa - RSA module\n\n### DESCRIPTION\n\nModule for calculating large primes, and RSA encryption, decryption, signing\nand verification. Includes generating public and private keys.\n\nWARNING: this implementation does not use compression of the cleartext input to\nprevent repetitions, or other common security improvements. Use with care.\n\n### PACKAGE CONTENTS\n\ncompat\nasn1\ncli\ncommon\ncore\nkey\nparallel\npem\npkcs1\npkcs1v2\nprime\nrandnum\ntransform\nutil\n\n### CLASSES\n\nrsa.key.AbstractKey(builtins.object)\nrsa.key.PrivateKey\nrsa.key.PublicKey\nrsa.pkcs1.CryptoError(builtins.Exception)\nrsa.pkcs1.DecryptionError\nrsa.pkcs1.VerificationError\n\n#### class DecryptionError\n\n| Raised when decryption fails.\n|\n| Method resolution order:\n| DecryptionError\n| CryptoError\n| builtins.Exception\n| builtins.BaseException\n| builtins.object\n|\n| Data descriptors inherited from CryptoError:\n|\n| weakref\n| list of weak references to the object (if defined)\n|\n| ----------------------------------------------------------------------\n| Methods inherited from builtins.Exception:\n|\n| init(self, /, *args, kwargs)\n| Initialize self. See help(type(self)) for accurate signature.\n|\n| ----------------------------------------------------------------------\n| Static methods inherited from builtins.Exception:\n|\n| new(*args, kwargs) from builtins.type\n| Create and return a new object. See help(type) for accurate signature.\n|\n| ----------------------------------------------------------------------\n| Methods inherited from builtins.BaseException:\n|\n| delattr(self, name, /)\n| Implement delattr(self, name).\n|\n| getattribute(self, name, /)\n| Return getattr(self, name).\n|\n| reduce(...)\n| Helper for pickle.\n|\n| repr(self, /)\n| Return repr(self).\n|\n| setattr(self, name, value, /)\n| Implement setattr(self, name, value).\n|\n| setstate(...)\n|\n| str(self, /)\n| Return str(self).\n|\n| withtraceback(...)\n| Exception.withtraceback(tb) --\n| set self.traceback to tb and return self.\n|\n| ----------------------------------------------------------------------\n| Data descriptors inherited from builtins.BaseException:\n|\n| cause\n| exception cause\n|\n| context\n| exception context\n|\n| dict\n|\n| suppresscontext\n|\n| traceback\n|\n| args\n\n#### class PrivateKey\n\n| PrivateKey(n: int, e: int, d: int, p: int, q: int) -> None\n|\n| Represents a private RSA key.\n|\n| This key is also known as the 'decryption key'. It contains the 'n', 'e',\n| 'd', 'p', 'q' and other values.\n|\n| Supports attributes as well as dictionary-like access. Attribute access is\n| faster, though.\n|\n| >>> PrivateKey(3247, 65537, 833, 191, 17)\n| PrivateKey(3247, 65537, 833, 191, 17)\n|\n| exp1, exp2 and coef will be calculated:\n|\n| >>> pk = PrivateKey(3727264081, 65537, 3349121513, 65063, 57287)\n| >>> pk.exp1\n| 55063\n| >>> pk.exp2\n| 10095\n| >>> pk.coef\n| 50797\n|\n| Method resolution order:\n| PrivateKey\n| AbstractKey\n| builtins.object\n|\n| Methods defined here:\n|\n| eq(self, other: Any) -> bool\n| Return self==value.\n|\n| getitem(self, key: str) -> int\n|\n| getstate(self) -> Tuple[int, int, int, int, int, int, int, int]\n| Returns the key as tuple for pickling.\n|\n| hash(self) -> int\n| Return hash(self).\n|\n| init(self, n: int, e: int, d: int, p: int, q: int) -> None\n| Initialize self. See help(type(self)) for accurate signature.\n|\n| ne(self, other: Any) -> bool\n| Return self!=value.\n|\n| repr(self) -> str\n| Return repr(self).\n|\n| setstate(self, state: Tuple[int, int, int, int, int, int, int, int]) -> None\n| Sets the key from tuple.\n|\n| blindeddecrypt(self, encrypted: int) -> int\n| Decrypts the message using blinding to prevent side-channel attacks.\n|\n| :param encrypted: the encrypted message\n| :type encrypted: int\n|\n| :returns: the decrypted message\n| :rtype: int\n|\n| blindedencrypt(self, message: int) -> int\n| Encrypts the message using blinding to prevent side-channel attacks.\n|\n| :param message: the message to encrypt\n| :type message: int\n|\n| :returns: the encrypted message\n| :rtype: int\n|\n| ----------------------------------------------------------------------\n| Data descriptors defined here:\n|\n| coef\n|\n| d\n|\n| e\n|\n| exp1\n|\n| exp2\n|\n| n\n|\n| p\n|\n| q\n|\n| ----------------------------------------------------------------------\n| Methods inherited from AbstractKey:\n|\n| blind(self, message: int) -> Tuple[int, int]\n| Performs blinding on the message.\n|\n| :param message: the message, as integer, to blind.\n| :param r: the random number to blind with.\n| :return: tuple (the blinded message, the inverse of the used blinding factor)\n|\n| The blinding is such that message = unblind(decrypt(blind(encrypt(message))).\n|\n| See https://en.wikipedia.org/wiki/Blinding%28cryptography%29\n|\n| savepkcs1(self, format: str = 'PEM') -> bytes\n| Saves the key in PKCS#1 DER or PEM format.\n|\n| :param format: the format to save; 'PEM' or 'DER'\n| :type format: str\n| :returns: the DER- or PEM-encoded key.\n| :rtype: bytes\n|\n| unblind(self, blinded: int, blindfacinverse: int) -> int\n| Performs blinding on the message using random number 'blindfacinverse'.\n|\n| :param blinded: the blinded message, as integer, to unblind.\n| :param blindfac: the factor to unblind with.\n| :return: the original message.\n|\n| The blinding is such that message = unblind(decrypt(blind(encrypt(message))).\n|\n| See https://en.wikipedia.org/wiki/Blinding%28cryptography%29\n|\n| ----------------------------------------------------------------------\n| Class methods inherited from AbstractKey:\n|\n| loadpkcs1(keyfile: bytes, format: str = 'PEM') -> 'AbstractKey' from builtins.type\n| Loads a key in PKCS#1 DER or PEM format.\n|\n| :param keyfile: contents of a DER- or PEM-encoded file that contains\n| the key.\n| :type keyfile: bytes\n| :param format: the format of the file to load; 'PEM' or 'DER'\n| :type format: str\n|\n| :return: the loaded key\n| :rtype: AbstractKey\n|\n| ----------------------------------------------------------------------\n| Data descriptors inherited from AbstractKey:\n|\n| blindfac\n|\n| blindfacinverse\n|\n| mutex\n\n#### class PublicKey\n\n| PublicKey(n: int, e: int) -> None\n|\n| Represents a public RSA key.\n|\n| This key is also known as the 'encryption key'. It contains the 'n' and 'e'\n| values.\n|\n| Supports attributes as well as dictionary-like access. Attribute access is\n| faster, though.\n|\n| >>> PublicKey(5, 3)\n| PublicKey(5, 3)\n|\n| >>> key = PublicKey(5, 3)\n| >>> key.n\n| 5\n| >>> key['n']\n| 5\n| >>> key.e\n| 3\n| >>> key['e']\n| 3\n|\n| Method resolution order:\n| PublicKey\n| AbstractKey\n| builtins.object\n|\n| Methods defined here:\n|\n| eq(self, other: Any) -> bool\n| Return self==value.\n|\n| getitem(self, key: str) -> int\n|\n| getstate(self) -> Tuple[int, int]\n| Returns the key as tuple for pickling.\n|\n| hash(self) -> int\n| Return hash(self).\n|\n| ne(self, other: Any) -> bool\n| Return self!=value.\n|\n| repr(self) -> str\n| Return repr(self).\n|\n| setstate(self, state: Tuple[int, int]) -> None\n| Sets the key from tuple.\n|\n| ----------------------------------------------------------------------\n| Class methods defined here:\n|\n| loadpkcs1opensslder(keyfile: bytes) -> 'PublicKey' from builtins.type\n| Loads a PKCS#1 DER-encoded public key file from OpenSSL.\n|\n| :param keyfile: contents of a DER-encoded file that contains the public\n| key, from OpenSSL.\n| :return: a PublicKey object\n|\n| loadpkcs1opensslpem(keyfile: bytes) -> 'PublicKey' from builtins.type\n| Loads a PKCS#1.5 PEM-encoded public key file from OpenSSL.\n|\n| These files can be recognised in that they start with BEGIN PUBLIC KEY\n| rather than BEGIN RSA PUBLIC KEY.\n|\n| The contents of the file before the \"-----BEGIN PUBLIC KEY-----\" and\n| after the \"-----END PUBLIC KEY-----\" lines is ignored.\n|\n| :param keyfile: contents of a PEM-encoded file that contains the public\n| key, from OpenSSL.\n| :type keyfile: bytes\n| :return: a PublicKey object\n|\n| ----------------------------------------------------------------------\n| Data descriptors defined here:\n|\n| e\n|\n| n\n|\n| ----------------------------------------------------------------------\n| Methods inherited from AbstractKey:\n|\n| init(self, n: int, e: int) -> None\n| Initialize self. See help(type(self)) for accurate signature.\n|\n| blind(self, message: int) -> Tuple[int, int]\n| Performs blinding on the message.\n|\n| :param message: the message, as integer, to blind.\n| :param r: the random number to blind with.\n| :return: tuple (the blinded message, the inverse of the used blinding factor)\n|\n| The blinding is such that message = unblind(decrypt(blind(encrypt(message))).\n|\n| See https://en.wikipedia.org/wiki/Blinding%28cryptography%29\n|\n| savepkcs1(self, format: str = 'PEM') -> bytes\n| Saves the key in PKCS#1 DER or PEM format.\n|\n| :param format: the format to save; 'PEM' or 'DER'\n| :type format: str\n| :returns: the DER- or PEM-encoded key.\n| :rtype: bytes\n|\n| unblind(self, blinded: int, blindfacinverse: int) -> int\n| Performs blinding on the message using random number 'blindfacinverse'.\n|\n| :param blinded: the blinded message, as integer, to unblind.\n| :param blindfac: the factor to unblind with.\n| :return: the original message.\n|\n| The blinding is such that message = unblind(decrypt(blind(encrypt(message))).\n|\n| See https://en.wikipedia.org/wiki/Blinding%28cryptography%29\n|\n| ----------------------------------------------------------------------\n| Class methods inherited from AbstractKey:\n|\n| loadpkcs1(keyfile: bytes, format: str = 'PEM') -> 'AbstractKey' from builtins.type\n| Loads a key in PKCS#1 DER or PEM format.\n|\n| :param keyfile: contents of a DER- or PEM-encoded file that contains\n| the key.\n| :type keyfile: bytes\n| :param format: the format of the file to load; 'PEM' or 'DER'\n| :type format: str\n|\n| :return: the loaded key\n| :rtype: AbstractKey\n|\n| ----------------------------------------------------------------------\n| Data descriptors inherited from AbstractKey:\n|\n| blindfac\n|\n| blindfacinverse\n|\n| mutex\n\n#### class VerificationError\n\n| Raised when verification fails.\n|\n| Method resolution order:\n| VerificationError\n| CryptoError\n| builtins.Exception\n| builtins.BaseException\n| builtins.object\n|\n| Data descriptors inherited from CryptoError:\n|\n| weakref\n| list of weak references to the object (if defined)\n|\n| ----------------------------------------------------------------------\n| Methods inherited from builtins.Exception:\n|\n| init(self, /, *args, kwargs)\n| Initialize self. See help(type(self)) for accurate signature.\n|\n| ----------------------------------------------------------------------\n| Static methods inherited from builtins.Exception:\n|\n| new(*args, kwargs) from builtins.type\n| Create and return a new object. See help(type) for accurate signature.\n|\n| ----------------------------------------------------------------------\n| Methods inherited from builtins.BaseException:\n|\n| delattr(self, name, /)\n| Implement delattr(self, name).\n|\n| getattribute(self, name, /)\n| Return getattr(self, name).\n|\n| reduce(...)\n| Helper for pickle.\n|\n| repr(self, /)\n| Return repr(self).\n|\n| setattr(self, name, value, /)\n| Implement setattr(self, name, value).\n|\n| setstate(...)\n|\n| str(self, /)\n| Return str(self).\n|\n| withtraceback(...)\n| Exception.withtraceback(tb) --\n| set self.traceback to tb and return self.\n|\n| ----------------------------------------------------------------------\n| Data descriptors inherited from builtins.BaseException:\n|\n| cause\n| exception cause\n|\n| context\n| exception context\n|\n| dict\n|\n| suppresscontext\n|\n| traceback\n|\n| args\n\n### FUNCTIONS\n\n#### compute_hash\n\nReturns the message digest.\n\n:param message: the signed message. Can be an 8-bit string or a file-like\nobject. If ``message`` has a ``read()`` method, it is assumed to be a\nfile-like object.\n:param methodname: the hash method, must be a key of\n:py:const:`HASHMETHODS`.\n\n#### decrypt\n\nDecrypts the given message using PKCS#1 v1.5\n\nThe decryption is considered 'failed' when the resulting cleartext doesn't\nstart with the bytes 00 02, or when the 00 byte between the padding and\nthe message cannot be found.\n\n:param crypto: the crypto text as returned by :py:func:`rsa.encrypt`\n:param privkey: the :py:class:`rsa.PrivateKey` to decrypt with.\n:raise DecryptionError: when the decryption fails. No details are given as\nto why the code thinks the decryption fails, as this would leak\ninformation about the private key.\n\n\n>>> import rsa\n>>> (pubkey, privkey) = rsa.newkeys(256)\n\nIt works with strings:\n\n>>> crypto = encrypt(b'hello', pubkey)\n>>> decrypt(crypto, privkey)\nb'hello'\n\nAnd with binary data:\n\n>>> crypto = encrypt(b'\\x00\\x00\\x00\\x00\\x01', pubkey)\n>>> decrypt(crypto, privkey)\nb'\\x00\\x00\\x00\\x00\\x01'\n\nAltering the encrypted information will *likely* cause a\n:py:class:`rsa.pkcs1.DecryptionError`. If you want to be *sure*, use\n:py:func:`rsa.sign`.\n\n\n.. warning::\n\nNever display the stack trace of a\n:py:class:`rsa.pkcs1.DecryptionError` exception. It shows where in the\ncode the exception occurred, and thus leaks information about the key.\nIt's only a tiny bit of information, but every bit makes cracking the\nkeys easier.\n\n>>> crypto = encrypt(b'hello', pubkey)\n>>> crypto = crypto[0:5] + b'X' + crypto[6:] # change a byte\n>>> decrypt(crypto, privkey)\nTraceback (most recent call last):\n...\nrsa.pkcs1.DecryptionError: Decryption failed\n\n#### encrypt\n\nEncrypts the given message using PKCS#1 v1.5\n\n:param message: the message to encrypt. Must be a byte string no longer than\n``k-11`` bytes, where ``k`` is the number of bytes needed to encode\nthe ``n`` component of the public key.\n:param pubkey: the :py:class:`rsa.PublicKey` to encrypt with.\n:raise OverflowError: when the message is too large to fit in the padded\nblock.\n\n>>> from rsa import key, common\n>>> (pubkey, privkey) = key.newkeys(256)\n>>> message = b'hello'\n>>> crypto = encrypt(message, pubkey)\n\nThe crypto text should be just as long as the public key 'n' component:\n\n>>> len(crypto) == common.bytesize(pubkey.n)\nTrue\n\n#### find_signature_hash\n\nReturns the hash name detected from the signature.\n\nIf you also want to verify the message, use :py:func:`rsa.verify()` instead.\nIt also returns the name of the used hash.\n\n:param signature: the signature block, as created with :py:func:`rsa.sign`.\n:param pubkey: the :py:class:`rsa.PublicKey` of the person signing the message.\n:returns: the name of the used hash.\n\n#### newkeys\n\nGenerates public and private keys, and returns them as (pub, priv).\n\nThe public key is also known as the 'encryption key', and is a\n:py:class:`rsa.PublicKey` object. The private key is also known as the\n'decryption key' and is a :py:class:`rsa.PrivateKey` object.\n\n:param nbits: the number of bits required to store ``n = p*q``.\n:param accurate: when True, ``n`` will have exactly the number of bits you\nasked for. However, this makes key generation much slower. When False,\n`n`` may have slightly less bits.\n:param poolsize: the number of processes to use to generate the prime\nnumbers. If set to a number > 1, a parallel algorithm will be used.\nThis requires Python 2.6 or newer.\n:param exponent: the exponent for the key; only change this if you know\nwhat you're doing, as the exponent influences how difficult your\nprivate key can be cracked. A very common choice for e is 65537.\n:type exponent: int\n\n:returns: a tuple (:py:class:`rsa.PublicKey`, :py:class:`rsa.PrivateKey`)\n\nThe ``poolsize`` parameter was added in *Python-RSA 3.1* and requires\nPython 2.6 or newer.\n\n#### sign\n\nSigns the message with the private key.\n\nHashes the message, then signs the hash with the given key. This is known\nas a \"detached signature\", because the message itself isn't altered.\n\n:param message: the message to sign. Can be an 8-bit string or a file-like\nobject. If ``message`` has a ``read()`` method, it is assumed to be a\nfile-like object.\n:param privkey: the :py:class:`rsa.PrivateKey` to sign with\n:param hashmethod: the hash method used on the message. Use 'MD5', 'SHA-1',\n'SHA-224', SHA-256', 'SHA-384' or 'SHA-512'.\n:return: a message signature block.\n:raise OverflowError: if the private key is too small to contain the\nrequested hash.\n\n#### sign_hash\n\nSigns a precomputed hash with the private key.\n\nHashes the message, then signs the hash with the given key. This is known\nas a \"detached signature\", because the message itself isn't altered.\n\n:param hashvalue: A precomputed hash to sign (ignores message).\n:param privkey: the :py:class:`rsa.PrivateKey` to sign with\n:param hashmethod: the hash method used on the message. Use 'MD5', 'SHA-1',\n'SHA-224', SHA-256', 'SHA-384' or 'SHA-512'.\n:return: a message signature block.\n:raise OverflowError: if the private key is too small to contain the\nrequested hash.\n\n#### verify\n\nVerifies that the signature matches the message.\n\nThe hash method is detected automatically from the signature.\n\n:param message: the signed message. Can be an 8-bit string or a file-like\nobject. If ``message`` has a ``read()`` method, it is assumed to be a\nfile-like object.\n:param signature: the signature block, as created with :py:func:`rsa.sign`.\n:param pubkey: the :py:class:`rsa.PublicKey` of the person signing the message.\n:raise VerificationError: when the signature doesn't match the message.\n:returns: the name of the used hash.\n\n### DATA\n\nall = ['newkeys', 'encrypt', 'decrypt', 'sign', 'verify', 'PublicK...\n\n### VERSION\n\n4.8\n\n### DATE\n\n2021-11-24\n\n### AUTHOR\n\nSybren Stuvel, Barry Mead and Yesudeep Mangalapilly\n\n### FILE\n\n/usr/lib/python3/dist-packages/rsa/init.py\n\n" } ], "structuredContent": { "command": "rsa", "section": "", "mode": "pydoc", "summary": "rsa - RSA module", "synopsis": null, "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "DESCRIPTION", "lines": 6, "subsections": [] }, { "name": "PACKAGE CONTENTS", "lines": 15, "subsections": [] }, { "name": "CLASSES", "lines": 7, "subsections": [ { "name": "class DecryptionError", "lines": 70 }, { "name": "class PrivateKey", "lines": 147 }, { "name": "class PublicKey", "lines": 141 }, { "name": "class VerificationError", "lines": 70 } ] }, { "name": "FUNCTIONS", "lines": 1, "subsections": [ { "name": "compute_hash", "lines": 8 }, { "name": "decrypt", "lines": 48 }, { "name": "encrypt", "lines": 19 }, { "name": "find_signature_hash", "lines": 9 }, { "name": "newkeys", "lines": 23 }, { "name": "sign", "lines": 15 }, { "name": "sign_hash", "lines": 13 }, { "name": "verify", "lines": 12 } ] }, { "name": "DATA", "lines": 2, "subsections": [] }, { "name": "VERSION", "lines": 2, "subsections": [] }, { "name": "DATE", "lines": 2, "subsections": [] }, { "name": "AUTHOR", "lines": 2, "subsections": [] }, { "name": "FILE", "lines": 3, "subsections": [] } ] } }