Package Cryptodome :: Package Signature :: Module pss

Module pss

RSA digital signature protocol with appendix according to PKCS#1 PSS.

See RFC3447 or the original RSA Labs specification.

This scheme is more properly called RSASSA-PSS.

The following example shows how the sender can create the signatue of a message using their private key:

>>> from Cryptodome.Signature import pss
>>> from Cryptodome.Hash import SHA256
>>> from Cryptodome.PublicKey import RSA
>>> from Cryptodome import Random
>>>
>>> message = 'To be signed'
>>> key = RSA.importKey(open('privkey.der').read())
>>> h = SHA256.new(message)
>>> signature = pss.new(key).sign(h)

At the receiver side, verification can be done using the public RSA key:

>>> key = RSA.importKey(open('pubkey.der').read())
>>> h = SHA256.new(message)
>>> verifier = pss.new(key)
>>> try:
>>>     verifier.verify(h, signature):
>>>     print "The signature is authentic."
>>> except (ValueError, TypeError):
>>>     print "The signature is not authentic."
Classes
  PSS_SigScheme
An instance of the PKCS#1 PSS signature scheme for a specific RSA key.
Functions
 
MGF1(mgfSeed, maskLen, hash)
Mask Generation Function, described in B.2.1
 
new(rsa_key, **kwargs)
Return a signature scheme object PSS_SigScheme that can be used to perform PKCS#1 PSS signature or verification.
Function Details

new(rsa_key, **kwargs)

 
Return a signature scheme object PSS_SigScheme that can be used to perform PKCS#1 PSS signature or verification.
Parameters:
  • rsa_key (RSA key object) - The key to use to sign or verify the message. This is a Cryptodome.PublicKey.RSA object. Signing is only possible if key is a private RSA key.
  • mask_func (callable) - A mask generation function that accepts two parameters: a string to use as seed, and the length of the mask in bytes to generate. If not specified, the standard MGF1 is used.
  • salt_bytes (int) - Length of the salt, in bytes. If not specified, it matches the output size of the hash function. If zero, the signature scheme becomes deterministic.
  • rand_func (callable) - A function that returns random bytes. The default is Cryptodome.Random.get_random_bytes.