RSA¶
RSA is the most widespread and used public key algorithm. Its security is based on the difficulty of factoring large integers. The algorithm has withstood attacks for more than 30 years, and it is therefore considered reasonably secure for new designs.
The algorithm can be used for both confidentiality (encryption) and authentication (digital signature). It is worth noting that signing and decryption are significantly slower than verification and encryption.
The cryptographic strength is primarily linked to the length of the RSA modulus n. In 2017, a sufficient length is deemed to be 2048 bits. For more information, see the most recent ECRYPT_ report.
Both RSA ciphertexts and RSA signatures are as large as the RSA modulus n (256 bytes if n is 2048 bit long).
The module Crypto.PublicKey.RSA
provides facilities for generating new RSA keys,
reconstructing them from known components, exporting them, and importing them.
As an example, this is how you generate a new RSA key pair, save it in a file
called mykey.pem
, and then read it back:
>>> from Crypto.PublicKey import RSA
>>>
>>> key = RSA.generate(2048)
>>> f = open('mykey.pem','wb')
>>> f.write(key.export_key('PEM'))
>>> f.close()
...
>>> f = open('mykey.pem','r')
>>> key = RSA.import_key(f.read())
RSA public-key cryptography algorithm (signature and encryption).
RSA is the most widespread and used public key algorithm. Its security is based on the difficulty of factoring large integers. The algorithm has withstood attacks for 30 years, and it is therefore considered reasonably secure for new designs.
The algorithm can be used for both confidentiality (encryption) and authentication (digital signature). It is worth noting that signing and decryption are significantly slower than verification and encryption. The cryptograhic strength is primarily linked to the length of the modulus n. In 2012, a sufficient length is deemed to be 2048 bits. For more information, see the most recent ECRYPT_ report.
Both RSA ciphertext and RSA signature are as big as the modulus n (256 bytes if n is 2048 bit long).
This module provides facilities for generating fresh, new RSA keys, constructing them from known components, exporting them, and importing them.
>>> from Crypto.PublicKey import RSA
>>>
>>> key = RSA.generate(2048)
>>> f = open('mykey.pem','w')
>>> f.write(RSA.exportKey('PEM'))
>>> f.close()
...
>>> f = open('mykey.pem','r')
>>> key = RSA.importKey(f.read())
Even though you may choose to directly use the methods of an RSA key object to perform the primitive cryptographic operations (e.g. _RSAobj.encrypt), it is recommended to use one of the standardized schemes instead (like Crypto.Cipher.PKCS1_v1_5 or Crypto.Signature.PKCS1_v1_5).
- sort:
generate,construct,importKey,error
- class Crypto.PublicKey.RSA.RSAImplementation(**kwargs)¶
An RSA key factory.
This class is only internally used to implement the methods of the Crypto.PublicKey.RSA module.
- Sort:
__init__,generate,construct,importKey
- Undocumented:
_g*, _i*
- construct(tup)¶
Construct an RSA key from a tuple of valid RSA components.
The modulus n must be the product of two primes. The public exponent e must be odd and larger than 1.
In case of a private key, the following equations must apply:
e != 1
p*q = n
e*d = 1 mod (p-1)(q-1)
p*u = 1 mod q
- Parameters:
- tuptuple
A tuple of long integers, with at least 2 and no more than 6 items. The items come in the following order:
RSA modulus (n).
Public exponent (e).
Private exponent (d). Only required if the key is private.
First factor of n (p). Optional.
Second factor of n (q). Optional.
CRT coefficient, (1/p) mod q (u). Optional.
- Return:
An RSA key object (_RSAobj).
- generate(bits, randfunc=None, progress_func=None, e=65537)¶
Randomly generate a fresh, new RSA key.
- Parameters:
- bitsint
Key length, or size (in bits) of the RSA modulus. It must be a multiple of 256, and no smaller than 1024.
- randfunccallable
Random number generation function; it should accept a single integer N and return a string of random data N bytes long. If not specified, a new one will be instantiated from
Crypto.Random
.- progress_funccallable
Optional function that will be called with a short string containing the key parameter currently being generated; it’s useful for interactive applications where a user is waiting for a key to be generated.
- eint
Public RSA exponent. It must be an odd positive integer. It is typically a small number with very few ones in its binary representation. The default value 65537 (=
0b10000000000000001
) is a safe choice: other common values are 5, 7, 17, and 257.
- Attention:
You should always use a cryptographically secure random number generator, such as the one defined in the
Crypto.Random
module; don’t just use the current time and therandom
module.- Attention:
Exponent 3 is also widely used, but it requires very special care when padding the message.
- Return:
An RSA key object (_RSAobj).
- Raise ValueError:
When bits is too little or not a multiple of 256, or when e is not odd or smaller than 2.
- importKey(externKey, passphrase=None)¶
Import an RSA key (public or private half), encoded in standard form.
- Parameter externKey:
The RSA key to import, encoded as a string.
An RSA public key can be in any of the following formats:
X.509 subjectPublicKeyInfo DER SEQUENCE (binary or PEM encoding)
PKCS#1 RSAPublicKey DER SEQUENCE (binary or PEM encoding)
OpenSSH (textual public key only)
An RSA private key can be in any of the following formats:
PKCS#1 RSAPrivateKey DER SEQUENCE (binary or PEM encoding)
PKCS#8 PrivateKeyInfo DER SEQUENCE (binary or PEM encoding)
OpenSSH (textual public key only)
For details about the PEM encoding, see RFC1421/RFC1423.
In case of PEM encoding, the private key can be encrypted with DES or 3TDES according to a certain
pass phrase
. Only OpenSSL-compatible pass phrases are supported.- Type externKey:
string
- Parameter passphrase:
In case of an encrypted PEM key, this is the pass phrase from which the encryption key is derived.
- Type passphrase:
string
- Return:
An RSA key object (_RSAobj).
- Raise ValueError/IndexError/TypeError:
When the given key cannot be parsed (possibly because the pass phrase is wrong).
- Crypto.PublicKey.RSA.construct(tup)¶
Construct an RSA key object from a tuple of valid RSA components.
See RSAImplementation.construct.
- exception Crypto.PublicKey.RSA.error¶
- Crypto.PublicKey.RSA.generate(bits, randfunc=None, progress_func=None, e=65537)¶
Randomly generate a fresh, new RSA key object.
See RSAImplementation.generate.
- Crypto.PublicKey.RSA.importKey(externKey, passphrase=None)¶
Import an RSA key (public or private half), encoded in standard form.
See RSAImplementation.importKey.