Package Cryptodome :: Package PublicKey :: Module RSA :: Class RsaKey

Class RsaKey

object --+
         |
        RsaKey

Class defining an actual RSA key.
Instance Methods
 
size_in_bits(self)
Size of the RSA modulus in bits
 
size_in_bytes(self)
The minimal amount of bytes that can hold the RSA modulus
 
has_private(self)
 
can_encrypt(self)
 
can_sign(self)
 
publickey(self)
 
exportKey(self, format='PEM', passphrase=None, pkcs=1, protection=None, randfunc=None)
Export this RSA key.

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __init__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Properties
  n
Modulus
  e
Public exponent
  d
Private exponent
  p
First factor of the modulus
  q
Second factor of the modulus
  u
Chinese remainder component (inverse of p modulo q)

Inherited from object: __class__

Method Details

exportKey(self, format='PEM', passphrase=None, pkcs=1, protection=None, randfunc=None)

 

Export this RSA key.

Parameters:
  • format (string) - The format to use for wrapping the key:

    • 'DER'. Binary encoding.
    • 'PEM'. Textual encoding, done according to RFC1421/RFC1423.
    • 'OpenSSH'. Textual encoding, done according to OpenSSH specification. Only suitable for public keys (not private keys).
  • passphrase (string) - For private keys only. The pass phrase used for deriving the encryption key.
  • pkcs (integer) - For DER and PEM format only. The PKCS standard to follow for assembling the components of the key. You have two choices:

    • 1 (default): the public key is embedded into an X.509 SubjectPublicKeyInfo DER SEQUENCE. The private key is embedded into a PKCS#1 RSAPrivateKey DER SEQUENCE.
    • 8: the private key is embedded into a PKCS#8 PrivateKeyInfo DER SEQUENCE. This value cannot be used for public keys.
  • protection (string) - The encryption scheme to use for protecting the private key.

    If None (default), the behavior depends on format:

    • For DER, the PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC scheme is used. The following operations are performed:

      1. A 16 byte Triple DES key is derived from the passphrase using Cryptodome.Protocol.KDF.PBKDF2 with 8 bytes salt, and 1 000 iterations of Cryptodome.Hash.HMAC.
      2. The private key is encrypted using CBC.
      3. The encrypted key is encoded according to PKCS#8.
    • For PEM, the obsolete PEM encryption scheme is used. It is based on MD5 for key derivation, and Triple DES for encryption.

    Specifying a value for protection is only meaningful for PKCS#8 (that is, pkcs=8) and only if a pass phrase is present too.

    The supported schemes for PKCS#8 are listed in the Cryptodome.IO.PKCS8 module (see wrap_algo parameter).

  • randfunc (callable) - A function that provides random bytes. Only used for PEM encoding. The default is Cryptodome.Random.get_random_bytes.
Returns:
A byte string with the encoded public or private half of the key.
Raises:
  • ValueError - When the format is unknown or when you try to encrypt a private key with DER format and PKCS#1.

Attention: If you don't provide a pass phrase, the private key will be exported in the clear!


Property Details

n

Modulus
Get Method:
unreachable.n(self) - Modulus

e

Public exponent
Get Method:
unreachable.e(self) - Public exponent

d

Private exponent
Get Method:
unreachable.d(self) - Private exponent

p

First factor of the modulus
Get Method:
unreachable.p(self) - First factor of the modulus

q

Second factor of the modulus
Get Method:
unreachable.q(self) - Second factor of the modulus

u

Chinese remainder component (inverse of p modulo q)
Get Method:
unreachable.u(self) - Chinese remainder component (inverse of p modulo q)