| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 1 | Compatibility with standards and other software |
| 2 | ================================================== |
| 3 | |
| Sybren A. Stüvel | c1c455d | 2011-08-01 23:04:30 +0200 | [diff] [blame] | 4 | .. index:: OpenSSL |
| 5 | .. index:: compatibility |
| 6 | |
| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 7 | Python-RSA implements encryption and signatures according to PKCS#1 |
| 8 | version 1.5. This makes it compatible with the OpenSSL RSA module. |
| 9 | |
| 10 | Keys are stored in PEM or DER format according to PKCS#1 v1.5. Private |
| 11 | keys are compatible with OpenSSL. However, OpenSSL uses X.509 for its |
| 12 | public keys, which are not supported. |
| 13 | |
| Sybren A. Stüvel | dbea213 | 2011-08-03 13:31:57 +0200 | [diff] [blame] | 14 | Encryption: |
| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 15 | PKCS#1 v1.5 with at least 8 bytes of random padding |
| 16 | |
| Sybren A. Stüvel | dbea213 | 2011-08-03 13:31:57 +0200 | [diff] [blame] | 17 | Signatures: |
| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 18 | PKCS#1 v1.5 using the following hash methods: |
| 19 | MD5, SHA-1, SHA-256, SHA-384, SHA-512 |
| 20 | |
| Sybren A. Stüvel | dbea213 | 2011-08-03 13:31:57 +0200 | [diff] [blame] | 21 | Private keys: |
| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 22 | PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPrivateKey |
| 23 | |
| Sybren A. Stüvel | dbea213 | 2011-08-03 13:31:57 +0200 | [diff] [blame] | 24 | Public keys: |
| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 25 | PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPublicKey |
| 26 | |
| Sybren A. Stüvel | dbea213 | 2011-08-03 13:31:57 +0200 | [diff] [blame] | 27 | :ref:`VARBLOCK <bigfiles>` encryption: |
| Sybren A. Stüvel | c1c455d | 2011-08-01 23:04:30 +0200 | [diff] [blame] | 28 | Python-RSA only, not compatible with any other known application. |
| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 29 | |
| Sybren A. Stüvel | 58fe946 | 2011-08-03 13:56:32 +0200 | [diff] [blame^] | 30 | .. _openssl: |
| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 31 | |
| Sybren A. Stüvel | 58fe946 | 2011-08-03 13:56:32 +0200 | [diff] [blame^] | 32 | Interoperability with OpenSSL |
| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 33 | -------------------------------------------------- |
| 34 | |
| Sybren A. Stüvel | 58fe946 | 2011-08-03 13:56:32 +0200 | [diff] [blame^] | 35 | You can create a 512-bit RSA key in OpenSSL as follows:: |
| Sybren A. Stüvel | a3fd61a | 2011-07-31 00:22:31 +0200 | [diff] [blame] | 36 | |
| Sybren A. Stüvel | 58fe946 | 2011-08-03 13:56:32 +0200 | [diff] [blame^] | 37 | openssl genrsa -out myprivatekey.pem 512 |
| 38 | |
| 39 | To get a Python-RSA-compatible public key from OpenSSL, you need the |
| 40 | private key first, then run it through the ``pyrsa-priv2pub`` |
| 41 | command:: |
| 42 | |
| 43 | pyrsa-priv2pub -i myprivatekey.pem -o mypublickey.pem |
| 44 | |
| 45 | Encryption and decryption is also compatible:: |
| 46 | |
| 47 | $ echo hello there > testfile.txt |
| 48 | $ pyrsa-encrypt -i testfile.txt -o testfile.rsa publickey.pem |
| 49 | $ openssl rsautl -in testfile.rsa -inkey privatekey.pem -decrypt |
| 50 | hello there |
| Sybren A. Stüvel | d92b667 | 2011-07-31 17:44:44 +0200 | [diff] [blame] | 51 | |