Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 811163e609c2df4f785473376f914d224d896f07 / . / docs / hazmat / primitives / rsa.rst
blob: a19ada33f278e6e061739d62f53b82e49f7a04b9 [file] [log] [blame]
Alex Stapleton940eee22014-02-05 20:25:30 +0000[diff] [blame]1.. hazmat::
2
3RSA
4===
5
6.. currentmodule:: cryptography.hazmat.primitives.asymmetric.rsa
7
8`RSA`_ is a `public-key`_ algorithm for encrypting and signing messages.
9
10.. class:: RSAPrivateKey(p, q, private_exponent, public_exponent, modulus)
11
12 .. versionadded:: 0.2
13
14 An RSA private key is required for decryption and signing of messages.
15
Alex Stapletonb232d742014-02-08 14:18:59 +0000[diff] [blame]16 You should use
17 :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey.generate`
18 to generate new keys.
19
Alex Stapletonbe5da2d2014-02-07 08:15:39 +0000[diff] [blame]20 .. warning::
21 This method only checks a limited set of properties of its arguments.
22 Using an RSA that you do not trust or with incorrect parameters may
23 lead to insecure operation, crashes, and other undefined behavior. We
24 recommend that you only ever load private keys that were generated with
25 software you trust.
26
Alex Stapletonb232d742014-02-08 14:18:59 +0000[diff] [blame]27
Alex Stapleton940eee22014-02-05 20:25:30 +0000[diff] [blame]28 This class conforms to the
29 :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
30 interface.
31
32 :raises TypeError: This is raised when the arguments are not all integers.
33
Alex Stapleton4eaab172014-02-06 21:06:18 +0000[diff] [blame]34 :raises ValueError: This is raised when the values of `p`, `q`,
35 `private_exponent`, `public_exponent` or `modulus` do
36 not match the bounds specified in `RFC 3447`_.
Alex Stapleton940eee22014-02-05 20:25:30 +0000[diff] [blame]37
Alex Stapletonb232d742014-02-08 14:18:59 +0000[diff] [blame]38 .. classmethod:: generate(public_exponent, key_size, backend)
39
40 Generate a new ``RSAPrivateKey`` instance using ``backend``.
41
42 :param int public_exponent: The public exponent of the new key.
43 Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in
44 doubt you should `use 65537`_.
45 :param int key_size: The length of the modulus in bits. For keys
46 generated in 2014 this should be `at least 2048`_. (See page 41.)
47 Must be at least 512. Some backends may have additional
48 limitations.
49 :param backend: A
50 :class:`~cryptography.hazmat.backends.interfaces.RSABackend`
51 provider.
52 :return: A new instance of ``RSAPrivateKey``.
53
Alex Stapleton940eee22014-02-05 20:25:30 +0000[diff] [blame]54.. class:: RSAPublicKey(public_exponent, modulus)
55
56 .. versionadded:: 0.2
57
58 An RSA public key is required for encryption and verification of messages.
59
60 Normally you do not need to directly construct public keys because you'll
61 be loading them from a file, generating them automatically or receiving
62 them from a 3rd party.
63
64 This class conforms to the
65 :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey`
66 interface.
67
68 :raises TypeError: This is raised when the arguments are not all integers.
69
70 :raises ValueError: This is raised when the values of `public_exponent` or
71 `modulus` do not match the bounds specified in
Alex Stapletonf44b6a92014-02-07 18:28:47 +0000[diff] [blame]72 `RFC 3447`_.
Alex Stapleton940eee22014-02-05 20:25:30 +0000[diff] [blame]73
74.. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
75.. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography
76.. _`RFC 3447`: https://tools.ietf.org/html/rfc3447
Alex Stapletonb232d742014-02-08 14:18:59 +0000[diff] [blame]77.. _`use 65537`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html
78.. _`at least 2048`: http://www.ecrypt.eu.org/documents/D.SPA.20.pdf