Package Cryptodome :: Package PublicKey :: Module DSA :: Class DsaKey

Class DsaKey

object --+
         |
        DsaKey

Class defining an actual DSA key.
Instance Methods
 
has_private(self)
 
can_encrypt(self)
 
can_sign(self)
 
publickey(self)
 
domain(self)
The DSA domain parameters: p, q and g.
 
exportKey(self, format='PEM', pkcs8=None, passphrase=None, protection=None, randfunc=None)
Export this DSA key.

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __init__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Properties

Inherited from object: __class__

Method Details

exportKey(self, format='PEM', pkcs8=None, passphrase=None, protection=None, randfunc=None)

 

Export this DSA key.

Parameters:
  • format (string) - The format to use for wrapping the key:

    • 'DER'. Binary encoding.
    • 'PEM'. Textual encoding, done according to RFC1421/ RFC1423 (default).
    • 'OpenSSH'. Textual encoding, one line of text, see RFC4253. Only suitable for public keys, not private keys.
  • passphrase (string) - For private keys only. The pass phrase to use for deriving the encryption key.
  • pkcs8 (boolean) - For private keys only. If True (default), the key is arranged according to PKCS#8 and if False, according to the custom OpenSSL/OpenSSH encoding.
  • protection (string) - The encryption scheme to use for protecting the private key. It is only meaningful when a pass phrase is present too.

    If pkcs8 takes value True, protection is the PKCS#8 algorithm to use for deriving the secret and encrypting the private DSA key. For a complete list of algorithms, see Cryptodome.IO.PKCS8. The default is PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC.

    If pkcs8 is False, the obsolete PEM encryption scheme is used. It is based on MD5 for key derivation, and Triple DES for encryption. Parameter protection is ignored.

    The combination format='DER' and pkcs8=False is not allowed if a passphrase is present.

  • randfunc (callable) - A function that returns random bytes. By default it is Cryptodome.Random.get_random_bytes.
Returns:
A byte string with the encoded public or private half of the key.
Raises:
  • ValueError - When the format is unknown or when you try to encrypt a private key with DER format and OpenSSL/OpenSSH.

Attention: If you don't provide a pass phrase, the private key will be exported in the clear!