deprecate signer/verifier on asymmetric keys (#3663)
* deprecate signer/verifier on asymmetric keys
* review feedback, switch deprecated_call to work around a bug
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 484bcf0..22411d1 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,19 @@
.. note:: This version is not yet released and is under active development.
+* Deprecated the use of ``signer`` on
+ :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey`,
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
+ and
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey`
+ in favor of ``sign``.
+* Deprecated the use of ``verifier`` on
+ :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`,
+ :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`,
+ and
+ :class:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey`
+ in favor of ``verify``.
+
1.9 - 2017-05-29
~~~~~~~~~~~~~~~~
@@ -618,12 +631,9 @@
:class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`
was moved from ``cryptography.hazmat.primitives.interfaces`` to
:mod:`~cryptography.hazmat.primitives.asymmetric.padding`.
-*
- :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
- and
- :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
+* ``AsymmetricSignatureContext`` and ``AsymmetricVerificationContext``
were moved from ``cryptography.hazmat.primitives.interfaces`` to
- :mod:`~cryptography.hazmat.primitives.asymmetric`.
+ ``cryptography.hazmat.primitives.asymmetric``.
* :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParametersWithNumbers`,
:class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey`,
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst
index d4c2525..13cd041 100644
--- a/docs/hazmat/primitives/asymmetric/dsa.rst
+++ b/docs/hazmat/primitives/asymmetric/dsa.rst
@@ -72,15 +72,6 @@
... key_size=1024,
... backend=default_backend()
... )
- >>> signer = private_key.signer(hashes.SHA256())
- >>> data = b"this is some data I'd like to sign"
- >>> signer.update(data)
- >>> signature = signer.finalize()
-
-There is a shortcut to sign sufficiently short messages directly:
-
-.. doctest::
-
>>> data = b"this is some data I'd like to sign"
>>> signature = private_key.sign(
... data,
@@ -91,6 +82,23 @@
described in :rfc:`3279`. This can be decoded using
:func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`.
+If your data is too large to be passed in a single call, you can hash it
+separately and pass that value using
+:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`.
+
+.. doctest::
+
+ >>> from cryptography.hazmat.primitives.asymmetric import utils
+ >>> chosen_hash = hashes.SHA256()
+ >>> hasher = hashes.Hash(chosen_hash, default_backend())
+ >>> hasher.update(b"data & ")
+ >>> hasher.update(b"more data")
+ >>> digest = hasher.finalize()
+ >>> sig = private_key.sign(
+ ... digest,
+ ... utils.Prehashed(chosen_hash)
+ ... )
+
Verification
~~~~~~~~~~~~
@@ -106,26 +114,35 @@
.. doctest::
>>> public_key = private_key.public_key()
- >>> verifier = public_key.verifier(signature, hashes.SHA256())
- >>> verifier.update(data)
- >>> verifier.verify()
-
-There is a shortcut to verify sufficiently short messages directly:
-
-.. doctest::
-
>>> public_key.verify(
... signature,
... data,
... hashes.SHA256()
... )
-``verifier()`` takes the signature in the same format as is returned by
-``signer.finalize()``.
+``verify()`` takes the signature in the same format as is returned by
+``sign()``.
``verify()`` will raise an :class:`~cryptography.exceptions.InvalidSignature`
exception if the signature isn't valid.
+If your data is too large to be passed in a single call, you can hash it
+separately and pass that value using
+:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`.
+
+.. doctest::
+
+ >>> chosen_hash = hashes.SHA256()
+ >>> hasher = hashes.Hash(chosen_hash, default_backend())
+ >>> hasher.update(b"data & ")
+ >>> hasher.update(b"more data")
+ >>> digest = hasher.finalize()
+ >>> public_key.verify(
+ ... sig,
+ ... digest,
+ ... utils.Prehashed(chosen_hash)
+ ... )
+
Numbers
~~~~~~~
@@ -275,23 +292,6 @@
The DSAParameters object associated with this private key.
- .. method:: signer(algorithm, backend)
-
- .. versionadded:: 0.4
-
- Sign data which can be verified later by others using the public key.
- The signature is formatted as DER-encoded bytes, as specified in
- :rfc:`3279`.
-
- :param algorithm: An instance of
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
-
- :param backend: An instance of
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
-
- :returns:
- :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
-
.. attribute:: key_size
:type: int
@@ -380,25 +380,6 @@
The DSAParameters object associated with this public key.
- .. method:: verifier(signature, algorithm, backend)
-
- .. versionadded:: 0.4
-
- Verify data was signed by the private key associated with this public
- key.
-
- :param bytes signature: The signature to verify. DER encoded as
- specified in :rfc:`3279`.
-
- :param algorithm: An instance of
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
-
- :param backend: An instance of
- :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
-
- :returns:
- :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
-
.. method:: public_numbers()
Create a
diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index 5514617..113168f 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -58,15 +58,6 @@
>>> private_key = ec.generate_private_key(
... ec.SECP384R1(), default_backend()
... )
- >>> signer = private_key.signer(ec.ECDSA(hashes.SHA256()))
- >>> signer.update(b"this is some data I'd like")
- >>> signer.update(b" to sign")
- >>> signature = signer.finalize()
-
- There is a shortcut to sign sufficiently short messages directly:
-
- .. doctest::
-
>>> data = b"this is some data I'd like to sign"
>>> signature = private_key.sign(
... data,
@@ -77,20 +68,51 @@
described in :rfc:`3279`. This can be decoded using
:func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`.
+ If your data is too large to be passed in a single call, you can hash it
+ separately and pass that value using
+ :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`.
+
+ .. doctest::
+
+ >>> from cryptography.hazmat.primitives.asymmetric import utils
+ >>> chosen_hash = hashes.SHA256()
+ >>> hasher = hashes.Hash(chosen_hash, default_backend())
+ >>> hasher.update(b"data & ")
+ >>> hasher.update(b"more data")
+ >>> digest = hasher.finalize()
+ >>> sig = private_key.sign(
+ ... digest,
+ ... ec.ECDSA(utils.Prehashed(chosen_hash))
+ ... )
+
Verification requires the public key, the signature itself, the signed
data, and knowledge of the hashing algorithm that was used when producing
the signature:
>>> public_key = private_key.public_key()
- >>> verifier = public_key.verifier(signature, ec.ECDSA(hashes.SHA256()))
- >>> verifier.update(b"this is some data I'd like")
- >>> verifier.update(b" to sign")
- >>> verifier.verify()
+ >>> public_key.verify(signature, data, ec.ECDSA(hashes.SHA256()))
If the signature is not valid, an
:class:`~cryptography.exceptions.InvalidSignature` exception will be raised.
+ If your data is too large to be passed in a single call, you can hash it
+ separately and pass that value using
+ :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`.
+
+ .. doctest::
+
+ >>> chosen_hash = hashes.SHA256()
+ >>> hasher = hashes.Hash(chosen_hash, default_backend())
+ >>> hasher.update(b"data & ")
+ >>> hasher.update(b"more data")
+ >>> digest = hasher.finalize()
+ >>> public_key.verify(
+ ... sig,
+ ... digest,
+ ... ec.ECDSA(utils.Prehashed(chosen_hash))
+ ... )
+
.. note::
Although in this case the public key was derived from the private one,
in a typical setting you will not possess the private key. The
@@ -421,18 +443,6 @@
An elliptic curve private key for use with an algorithm such as `ECDSA`_ or
`EdDSA`_.
- .. method:: signer(signature_algorithm)
-
- Sign data which can be verified later by others using the public key.
- The signature is formatted as DER-encoded bytes, as specified in
- :rfc:`3279`.
-
- :param signature_algorithm: An instance of
- :class:`EllipticCurveSignatureAlgorithm`.
-
- :returns:
- :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
-
.. method:: exchange(algorithm, peer_public_key)
.. versionadded:: 1.1
@@ -526,20 +536,6 @@
An elliptic curve public key.
- .. method:: verifier(signature, signature_algorithm)
-
- Verify data was signed by the private key associated with this public
- key.
-
- :param bytes signature: The signature to verify. DER encoded as
- specified in :rfc:`3279`.
-
- :param signature_algorithm: An instance of
- :class:`EllipticCurveSignatureAlgorithm`.
-
- :returns:
- :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
-
.. attribute:: curve
:type: :class:`EllipticCurve`
diff --git a/docs/hazmat/primitives/asymmetric/index.rst b/docs/hazmat/primitives/asymmetric/index.rst
index e0080f0..e14ce0d 100644
--- a/docs/hazmat/primitives/asymmetric/index.rst
+++ b/docs/hazmat/primitives/asymmetric/index.rst
@@ -28,7 +28,6 @@
rsa
dh
serialization
- interfaces
utils
diff --git a/docs/hazmat/primitives/asymmetric/interfaces.rst b/docs/hazmat/primitives/asymmetric/interfaces.rst
deleted file mode 100644
index a5dbc67..0000000
--- a/docs/hazmat/primitives/asymmetric/interfaces.rst
+++ /dev/null
@@ -1,44 +0,0 @@
-.. hazmat::
-
-.. module:: cryptography.hazmat.primitives.asymmetric
-
-Signature Interfaces
-====================
-
-.. class:: AsymmetricSignatureContext
-
- .. versionadded:: 0.2
-
- .. note::
-
- :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
- is not supported by this context. You must use the ``sign`` method
- on the private key object.
-
- .. method:: update(data)
-
- :param bytes data: The data you want to sign.
-
- .. method:: finalize()
-
- :return bytes signature: The signature.
-
-
-.. class:: AsymmetricVerificationContext
-
- .. versionadded:: 0.2
-
- .. note::
-
- :class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`
- is not supported by this context. You must use the ``verify`` method
- on the public key object.
-
- .. method:: update(data)
-
- :param bytes data: The data you wish to verify using the signature.
-
- .. method:: verify()
-
- :raises cryptography.exceptions.InvalidSignature: If the signature does
- not validate.
diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst
index 6cf0e49..121f156 100644
--- a/docs/hazmat/primitives/asymmetric/rsa.rst
+++ b/docs/hazmat/primitives/asymmetric/rsa.rst
@@ -141,22 +141,6 @@
>>> from cryptography.hazmat.primitives import hashes
>>> from cryptography.hazmat.primitives.asymmetric import padding
-
- >>> signer = private_key.signer(
- ... padding.PSS(
- ... mgf=padding.MGF1(hashes.SHA256()),
- ... salt_length=padding.PSS.MAX_LENGTH
- ... ),
- ... hashes.SHA256()
- ... )
- >>> message = b"A message I want to sign"
- >>> signer.update(message)
- >>> signature = signer.finalize()
-
-There is a shortcut to sign sufficiently short messages directly:
-
-.. doctest::
-
>>> message = b"A message I want to sign"
>>> signature = private_key.sign(
... message,
@@ -173,6 +157,27 @@
is the recommended choice for any new protocols or applications, ``PKCS1v15``
should only be used to support legacy protocols.
+If your data is too large to be passed in a single call, you can hash it
+separately and pass that value using
+:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`.
+
+.. doctest::
+
+ >>> from cryptography.hazmat.primitives.asymmetric import utils
+ >>> chosen_hash = hashes.SHA256()
+ >>> hasher = hashes.Hash(chosen_hash, default_backend())
+ >>> hasher.update(b"data & ")
+ >>> hasher.update(b"more data")
+ >>> digest = hasher.finalize()
+ >>> sig = private_key.sign(
+ ... digest,
+ ... padding.PSS(
+ ... mgf=padding.MGF1(hashes.SHA256()),
+ ... salt_length=padding.PSS.MAX_LENGTH
+ ... ),
+ ... utils.Prehashed(chosen_hash)
+ ... )
+
Verification
~~~~~~~~~~~~
@@ -190,24 +195,6 @@
.. doctest::
>>> public_key = private_key.public_key()
- >>> verifier = public_key.verifier(
- ... signature,
- ... padding.PSS(
- ... mgf=padding.MGF1(hashes.SHA256()),
- ... salt_length=padding.PSS.MAX_LENGTH
- ... ),
- ... hashes.SHA256()
- ... )
- >>> verifier.update(message)
- >>> verifier.verify()
-
-If the signature does not match, ``verify()`` will raise an
-:class:`~cryptography.exceptions.InvalidSignature` exception.
-
-There is a shortcut to verify sufficiently short messages directly:
-
-.. doctest::
-
>>> public_key.verify(
... signature,
... message,
@@ -218,6 +205,30 @@
... hashes.SHA256()
... )
+If the signature does not match, ``verify()`` will raise an
+:class:`~cryptography.exceptions.InvalidSignature` exception.
+
+If your data is too large to be passed in a single call, you can hash it
+separately and pass that value using
+:class:`~cryptography.hazmat.primitives.asymmetric.utils.Prehashed`.
+
+.. doctest::
+
+ >>> chosen_hash = hashes.SHA256()
+ >>> hasher = hashes.Hash(chosen_hash, default_backend())
+ >>> hasher.update(b"data & ")
+ >>> hasher.update(b"more data")
+ >>> digest = hasher.finalize()
+ >>> public_key.verify(
+ ... sig,
+ ... digest,
+ ... padding.PSS(
+ ... mgf=padding.MGF1(hashes.SHA256()),
+ ... salt_length=padding.PSS.MAX_LENGTH
+ ... ),
+ ... utils.Prehashed(chosen_hash)
+ ... )
+
Encryption
~~~~~~~~~~
@@ -520,22 +531,6 @@
An `RSA`_ private key.
- .. method:: signer(padding, algorithm)
-
- .. versionadded:: 0.3
-
- Get signer to sign data which can be verified later by others using
- the public key.
-
- :param padding: An instance of
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`.
-
- :param algorithm: An instance of
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
-
- :returns:
- :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricSignatureContext`
-
.. method:: decrypt(ciphertext, padding)
.. versionadded:: 0.4
@@ -634,24 +629,6 @@
An `RSA`_ public key.
- .. method:: verifier(signature, padding, algorithm)
-
- .. versionadded:: 0.3
-
- Get verifier to verify data was signed by the private key associated
- with this public key.
-
- :param bytes signature: The signature to verify.
-
- :param padding: An instance of
- :class:`~cryptography.hazmat.primitives.asymmetric.padding.AsymmetricPadding`.
-
- :param algorithm: An instance of
- :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm`.
-
- :returns:
- :class:`~cryptography.hazmat.primitives.asymmetric.AsymmetricVerificationContext`
-
.. method:: encrypt(plaintext, padding)
.. versionadded:: 0.4
diff --git a/src/cryptography/hazmat/backends/openssl/dsa.py b/src/cryptography/hazmat/backends/openssl/dsa.py
index c222325..48886e4 100644
--- a/src/cryptography/hazmat/backends/openssl/dsa.py
+++ b/src/cryptography/hazmat/backends/openssl/dsa.py
@@ -7,7 +7,8 @@
from cryptography import utils
from cryptography.exceptions import InvalidSignature
from cryptography.hazmat.backends.openssl.utils import (
- _calculate_digest_and_algorithm, _check_not_prehashed
+ _calculate_digest_and_algorithm, _check_not_prehashed,
+ _warn_sign_verify_deprecated
)
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import (
@@ -121,6 +122,7 @@
key_size = utils.read_only_property("_key_size")
def signer(self, signature_algorithm):
+ _warn_sign_verify_deprecated()
_check_not_prehashed(signature_algorithm)
return _DSASignatureContext(self._backend, self, signature_algorithm)
@@ -208,6 +210,7 @@
key_size = utils.read_only_property("_key_size")
def verifier(self, signature, signature_algorithm):
+ _warn_sign_verify_deprecated()
if not isinstance(signature, bytes):
raise TypeError("signature must be bytes.")
diff --git a/src/cryptography/hazmat/backends/openssl/ec.py b/src/cryptography/hazmat/backends/openssl/ec.py
index b70735d..69da234 100644
--- a/src/cryptography/hazmat/backends/openssl/ec.py
+++ b/src/cryptography/hazmat/backends/openssl/ec.py
@@ -9,7 +9,8 @@
InvalidSignature, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.openssl.utils import (
- _calculate_digest_and_algorithm, _check_not_prehashed
+ _calculate_digest_and_algorithm, _check_not_prehashed,
+ _warn_sign_verify_deprecated
)
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import (
@@ -140,6 +141,7 @@
return self.curve.key_size
def signer(self, signature_algorithm):
+ _warn_sign_verify_deprecated()
_check_signature_algorithm(signature_algorithm)
_check_not_prehashed(signature_algorithm.algorithm)
return _ECDSASignatureContext(
@@ -241,6 +243,7 @@
return self.curve.key_size
def verifier(self, signature, signature_algorithm):
+ _warn_sign_verify_deprecated()
if not isinstance(signature, bytes):
raise TypeError("signature must be bytes.")
diff --git a/src/cryptography/hazmat/backends/openssl/rsa.py b/src/cryptography/hazmat/backends/openssl/rsa.py
index fdde458..839ef14 100644
--- a/src/cryptography/hazmat/backends/openssl/rsa.py
+++ b/src/cryptography/hazmat/backends/openssl/rsa.py
@@ -11,7 +11,8 @@
InvalidSignature, UnsupportedAlgorithm, _Reasons
)
from cryptography.hazmat.backends.openssl.utils import (
- _calculate_digest_and_algorithm, _check_not_prehashed
+ _calculate_digest_and_algorithm, _check_not_prehashed,
+ _warn_sign_verify_deprecated
)
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import (
@@ -378,6 +379,7 @@
key_size = utils.read_only_property("_key_size")
def signer(self, padding, algorithm):
+ _warn_sign_verify_deprecated()
_check_not_prehashed(algorithm)
return _RSASignatureContext(self._backend, self, padding, algorithm)
@@ -472,6 +474,7 @@
key_size = utils.read_only_property("_key_size")
def verifier(self, signature, padding, algorithm):
+ _warn_sign_verify_deprecated()
if not isinstance(signature, bytes):
raise TypeError("signature must be bytes.")
diff --git a/src/cryptography/hazmat/backends/openssl/utils.py b/src/cryptography/hazmat/backends/openssl/utils.py
index f71a62a..ff1b974 100644
--- a/src/cryptography/hazmat/backends/openssl/utils.py
+++ b/src/cryptography/hazmat/backends/openssl/utils.py
@@ -4,6 +4,9 @@
from __future__ import absolute_import, division, print_function
+import warnings
+
+from cryptography import utils
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric.utils import Prehashed
@@ -31,3 +34,12 @@
"Prehashed is only supported in the sign and verify methods. "
"It cannot be used with signer or verifier."
)
+
+
+def _warn_sign_verify_deprecated():
+ warnings.warn(
+ "signer and verifier have been deprecated. Please use sign "
+ "and verify instead.",
+ utils.PersistentlyDeprecated,
+ stacklevel=2
+ )
diff --git a/tests/hazmat/primitives/test_dsa.py b/tests/hazmat/primitives/test_dsa.py
index 6ea0577..3419777 100644
--- a/tests/hazmat/primitives/test_dsa.py
+++ b/tests/hazmat/primitives/test_dsa.py
@@ -575,7 +575,10 @@
y=vector['y']
).public_key(backend)
sig = encode_dss_signature(vector['r'], vector['s'])
- verifier = public_key.verifier(sig, algorithm())
+ verifier = pytest.deprecated_call(
+ public_key.verifier, sig, algorithm()
+ )
+
verifier.update(vector['msg'])
if vector['result'] == "F":
with pytest.raises(InvalidSignature):
@@ -685,7 +688,7 @@
),
x=vector['x']
).private_key(backend)
- signer = private_key.signer(algorithm())
+ signer = pytest.deprecated_call(private_key.signer, algorithm())
signer.update(vector['msg'])
signature = signer.finalize()
assert signature
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index d917704..82cf2fa 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -351,11 +351,13 @@
pkey = key.public_key()
assert pkey
- signer = key.signer(ec.ECDSA(hash_type()))
+ signer = pytest.deprecated_call(key.signer, ec.ECDSA(hash_type()))
signer.update(b"YELLOW SUBMARINE")
signature = signer.finalize()
- verifier = pkey.verifier(signature, ec.ECDSA(hash_type()))
+ verifier = pytest.deprecated_call(
+ pkey.verifier, signature, ec.ECDSA(hash_type())
+ )
verifier.update(b"YELLOW SUBMARINE")
verifier.verify()
diff --git a/tests/hazmat/primitives/test_rsa.py b/tests/hazmat/primitives/test_rsa.py
index 7ce2746..627248f 100644
--- a/tests/hazmat/primitives/test_rsa.py
+++ b/tests/hazmat/primitives/test_rsa.py
@@ -256,7 +256,11 @@
n=private["modulus"]
)
).private_key(backend)
- signer = private_key.signer(padding.PKCS1v15(), hashes.SHA1())
+ signer = pytest.deprecated_call(
+ private_key.signer,
+ padding.PKCS1v15(),
+ hashes.SHA1()
+ )
signer.update(binascii.unhexlify(example["message"]))
signature = signer.finalize()
assert binascii.hexlify(signature) == example["signature"]
@@ -583,7 +587,8 @@
e=public["public_exponent"],
n=public["modulus"]
).public_key(backend)
- verifier = public_key.verifier(
+ verifier = pytest.deprecated_call(
+ public_key.verifier,
binascii.unhexlify(example["signature"]),
padding.PKCS1v15(),
hashes.SHA1()