| Alex Stapleton | 940eee2 | 2014-02-05 20:25:30 +0000 | [diff] [blame] | 1 | .. hazmat:: |
| 2 | |
| 3 | RSA |
| 4 | === |
| 5 | |
| 6 | .. currentmodule:: cryptography.hazmat.primitives.asymmetric.rsa |
| 7 | |
| 8 | `RSA`_ is a `public-key`_ algorithm for encrypting and signing messages. |
| 9 | |
| Alex Gaynor | 87bc404 | 2014-02-17 11:34:26 -0800 | [diff] [blame^] | 10 | .. class:: RSAPrivateKey(p, q, private_exponent, dmp1, dmq1, iqmp, public_exponent, modulus) |
| Paul Kehrer | b393bdc | 2014-02-12 23:59:59 -0600 | [diff] [blame] | 11 | |
| Alex Stapleton | 940eee2 | 2014-02-05 20:25:30 +0000 | [diff] [blame] | 12 | .. versionadded:: 0.2 |
| 13 | |
| 14 | An RSA private key is required for decryption and signing of messages. |
| 15 | |
| Alex Gaynor | 87bc404 | 2014-02-17 11:34:26 -0800 | [diff] [blame^] | 16 | You should use :meth:`~generate` to generate new keys. |
| Paul Kehrer | b393bdc | 2014-02-12 23:59:59 -0600 | [diff] [blame] | 17 | |
| Alex Stapleton | be5da2d | 2014-02-07 08:15:39 +0000 | [diff] [blame] | 18 | .. warning:: |
| 19 | This method only checks a limited set of properties of its arguments. |
| Alex Gaynor | 14971b7 | 2014-02-13 12:56:14 -0800 | [diff] [blame] | 20 | Using an RSA private key that you do not trust or with incorrect |
| 21 | parameters may lead to insecure operation, crashes, and other undefined |
| 22 | behavior. We recommend that you only ever load private keys that were |
| 23 | generated with software you trust. |
| Alex Stapleton | be5da2d | 2014-02-07 08:15:39 +0000 | [diff] [blame] | 24 | |
| Alex Stapleton | b232d74 | 2014-02-08 14:18:59 +0000 | [diff] [blame] | 25 | |
| Alex Stapleton | 940eee2 | 2014-02-05 20:25:30 +0000 | [diff] [blame] | 26 | This class conforms to the |
| 27 | :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` |
| 28 | interface. |
| 29 | |
| Paul Kehrer | b393bdc | 2014-02-12 23:59:59 -0600 | [diff] [blame] | 30 | :raises TypeError: This is raised when the arguments are not all integers. |
| Alex Stapleton | 940eee2 | 2014-02-05 20:25:30 +0000 | [diff] [blame] | 31 | |
| Alex Gaynor | a9d802a | 2014-02-13 12:57:57 -0800 | [diff] [blame] | 32 | :raises ValueError: This is raised when the values of ``p``, ``q``, |
| 33 | ``private_exponent``, ``public_exponent``, or |
| 34 | ``modulus`` do not match the bounds specified in |
| 35 | :rfc:`3447`. |
| Alex Stapleton | 940eee2 | 2014-02-05 20:25:30 +0000 | [diff] [blame] | 36 | |
| Alex Stapleton | b232d74 | 2014-02-08 14:18:59 +0000 | [diff] [blame] | 37 | .. classmethod:: generate(public_exponent, key_size, backend) |
| 38 | |
| 39 | Generate a new ``RSAPrivateKey`` instance using ``backend``. |
| 40 | |
| 41 | :param int public_exponent: The public exponent of the new key. |
| 42 | Usually one of the small Fermat primes 3, 5, 17, 257, 65537. If in |
| 43 | doubt you should `use 65537`_. |
| 44 | :param int key_size: The length of the modulus in bits. For keys |
| 45 | generated in 2014 this should be `at least 2048`_. (See page 41.) |
| 46 | Must be at least 512. Some backends may have additional |
| 47 | limitations. |
| 48 | :param backend: A |
| 49 | :class:`~cryptography.hazmat.backends.interfaces.RSABackend` |
| 50 | provider. |
| 51 | :return: A new instance of ``RSAPrivateKey``. |
| 52 | |
| Alex Gaynor | 87bc404 | 2014-02-17 11:34:26 -0800 | [diff] [blame^] | 53 | |
| Alex Stapleton | 940eee2 | 2014-02-05 20:25:30 +0000 | [diff] [blame] | 54 | .. class:: RSAPublicKey(public_exponent, modulus) |
| Paul Kehrer | b393bdc | 2014-02-12 23:59:59 -0600 | [diff] [blame] | 55 | |
| Alex Stapleton | 940eee2 | 2014-02-05 20:25:30 +0000 | [diff] [blame] | 56 | .. versionadded:: 0.2 |
| 57 | |
| 58 | An RSA public key is required for encryption and verification of messages. |
| 59 | |
| 60 | Normally you do not need to directly construct public keys because you'll |
| 61 | be loading them from a file, generating them automatically or receiving |
| 62 | them from a 3rd party. |
| 63 | |
| 64 | This class conforms to the |
| 65 | :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` |
| 66 | interface. |
| 67 | |
| Paul Kehrer | b393bdc | 2014-02-12 23:59:59 -0600 | [diff] [blame] | 68 | :raises TypeError: This is raised when the arguments are not all integers. |
| Alex Stapleton | 940eee2 | 2014-02-05 20:25:30 +0000 | [diff] [blame] | 69 | |
| Alex Gaynor | a9d802a | 2014-02-13 12:57:57 -0800 | [diff] [blame] | 70 | :raises ValueError: This is raised when the values of ``public_exponent`` |
| 71 | or ``modulus`` do not match the bounds specified in |
| 72 | :rfc:`3447`. |
| Alex Stapleton | 940eee2 | 2014-02-05 20:25:30 +0000 | [diff] [blame] | 73 | |
| 74 | .. _`RSA`: https://en.wikipedia.org/wiki/RSA_(cryptosystem) |
| 75 | .. _`public-key`: https://en.wikipedia.org/wiki/Public-key_cryptography |
| Alex Stapleton | b232d74 | 2014-02-08 14:18:59 +0000 | [diff] [blame] | 76 | .. _`use 65537`: http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html |
| 77 | .. _`at least 2048`: http://www.ecrypt.eu.org/documents/D.SPA.20.pdf |