More documentation about key size and OpenSSL compatibility
diff --git a/doc/compatibility.rst b/doc/compatibility.rst
index ab9e2e4..d82d1fa 100644
--- a/doc/compatibility.rst
+++ b/doc/compatibility.rst
@@ -27,24 +27,25 @@
:ref:`VARBLOCK <bigfiles>` encryption:
Python-RSA only, not compatible with any other known application.
+.. _openssl:
-Public keys from OpenSSL
+Interoperability with OpenSSL
--------------------------------------------------
-To get a Python-RSA-compatible public key from OpenSSL, you need the
-private key. Get the private key in PEM or DER format and run it
-through the ``pyrsa-priv2pub`` command::
+You can create a 512-bit RSA key in OpenSSL as follows::
-
- Usage: pyrsa-priv2pub [options]
-
- Reads a private key and outputs the corresponding public key. Both
- private and public keys use the format described in PKCS#1 v1.5
-
- Options:
- -h, --help show this help message and exit
- --in=INFILENAME Input filename. Reads from stdin if not specified
- --out=OUTFILENAME Output filename. Writes to stdout of not specified
- --inform=INFORM key format of input - default PEM
- --outform=OUTFORM key format of output - default PEM
+ openssl genrsa -out myprivatekey.pem 512
+
+To get a Python-RSA-compatible public key from OpenSSL, you need the
+private key first, then run it through the ``pyrsa-priv2pub``
+command::
+
+ pyrsa-priv2pub -i myprivatekey.pem -o mypublickey.pem
+
+Encryption and decryption is also compatible::
+
+ $ echo hello there > testfile.txt
+ $ pyrsa-encrypt -i testfile.txt -o testfile.rsa publickey.pem
+ $ openssl rsautl -in testfile.rsa -inkey privatekey.pem -decrypt
+ hello there
diff --git a/doc/usage.rst b/doc/usage.rst
index 9b5fc17..e4436e4 100644
--- a/doc/usage.rst
+++ b/doc/usage.rst
@@ -44,8 +44,9 @@
requested, you can pass ``accurate=False`` to speed up the key
generation process.
-These are some timings from my netbook (Linux 2.6, 1.6 GHz Intel Atom
-N270 CPU, 2 GB RAM):
+These are some average timings from my netbook (Linux 2.6, 1.6 GHz
+Intel Atom N270 CPU, 2 GB RAM). Since key generation is a random
+process, times may differ.
+----------------+------------------+
| Keysize (bits) | Time to generate |
@@ -69,6 +70,36 @@
| 2048 | 132.97 sec. |
+----------------+------------------+
+If key generation is too slow for you, you could use OpenSSL to
+generate them for you, then load them in your Python code. See
+:ref:`openssl` for more information.
+
+Key size requirements
+--------------------------------------------------
+
+Python-RSA version 3.0 introduced PKCS#1-style random padding. This
+means that 11 bytes (88 bits) of your key are no longer usable for
+encryption, so keys smaller than this are unusable. The larger the
+key, the higher the security.
+
+Creating signatures also requires a key of a certain size, depending
+on the used hash method:
+
++-------------+-----------------------------------+
+| Hash method | Suggested minimum key size (bits) |
++=============+===================================+
+| MD5 | 360 |
++-------------+-----------------------------------+
+| SHA-1 | 368 |
++-------------+-----------------------------------+
+| SHA-256 | 496 |
++-------------+-----------------------------------+
+| SHA-384 | 624 |
++-------------+-----------------------------------+
+| SHA-512 | 752 |
++-------------+-----------------------------------+
+
+
Encryption and decryption
--------------------------------------------------
diff --git a/rsa/cli.py b/rsa/cli.py
index 91fe0d7..012c77d 100644
--- a/rsa/cli.py
+++ b/rsa/cli.py
@@ -41,7 +41,7 @@
'not saved if this option is not present. You can use '
'pyrsa-priv2pub to create the public key file later.')
- parser.add_option('--out', type='string',
+ parser.add_option('-o', '--out', type='string',
help='Output filename for the private key. The key is '
'written to stdout if this option is not present.')
@@ -142,10 +142,10 @@
parser = OptionParser(usage=self.usage, description=self.description)
- parser.add_option('--input', type='string', help=self.input_help)
+ parser.add_option('-i', '--input', type='string', help=self.input_help)
if self.has_output:
- parser.add_option('--output', type='string', help=self.output_help)
+ parser.add_option('-o', '--output', type='string', help=self.output_help)
parser.add_option('--keyform',
help='Key format of the %s key - default PEM' % self.keyname,
diff --git a/rsa/util.py b/rsa/util.py
index 9c1c863..db6944e 100644
--- a/rsa/util.py
+++ b/rsa/util.py
@@ -30,9 +30,9 @@
'corresponding public key. Both private and public keys use '
'the format described in PKCS#1 v1.5')
- parser.add_option('--in', dest='infilename', type='string',
+ parser.add_option('-i', '--input', dest='infilename', type='string',
help='Input filename. Reads from stdin if not specified')
- parser.add_option('--out', dest='outfilename', type='string',
+ parser.add_option('-o', '--output', dest='outfilename', type='string',
help='Output filename. Writes to stdout of not specified')
parser.add_option('--inform', dest='inform',