Module pss
RSA digital signature protocol with appendix according to PKCS#1 PSS.
See RFC3447 or the original RSA Labs specification.
This scheme is more properly called RSASSA-PSS.
The following example shows how the sender can create the signatue of
a message using their private key:
>>> from Cryptodome.Signature import pss
>>> from Cryptodome.Hash import SHA256
>>> from Cryptodome.PublicKey import RSA
>>> from Cryptodome import Random
>>>
>>> message = 'To be signed'
>>> key = RSA.importKey(open('privkey.der').read())
>>> h = SHA256.new(message)
>>> signature = pss.new(key).sign(h)
At the receiver side, verification can be done using the public RSA key:
>>> key = RSA.importKey(open('pubkey.der').read())
>>> h = SHA256.new(message)
>>> verifier = pss.new(key)
>>> try:
>>> verifier.verify(h, signature):
>>> print "The signature is authentic."
>>> except (ValueError, TypeError):
>>> print "The signature is not authentic."
|
PSS_SigScheme
An instance of the PKCS#1 PSS signature scheme for a specific RSA key.
|
|
MGF1(mgfSeed,
maskLen,
hash)
Mask Generation Function, described in B.2.1 |
|
|
|
new(rsa_key,
**kwargs)
Return a signature scheme object PSS_SigScheme that
can be used to perform PKCS#1 PSS signature or verification. |
|
|
Return a signature scheme object PSS_SigScheme that
can be used to perform PKCS#1 PSS signature or verification.
- Parameters:
rsa_key (RSA key object) - The key to use to sign or verify the message.
This is a Cryptodome.PublicKey.RSA object.
Signing is only possible if key is a private RSA key.
mask_func (callable) - A mask generation function that accepts two parameters: a string to
use as seed, and the length of the mask in bytes to generate.
If not specified, the standard MGF1 is used.
salt_bytes (int) - Length of the salt, in bytes.
If not specified, it matches the output size of the hash function.
If zero, the signature scheme becomes deterministic.
rand_func (callable) - A function that returns random bytes.
The default is Cryptodome.Random.get_random_bytes.
|