cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
Translation: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
Table of Contents
-
- document
- Install
- example
-
- 1. Generate private key and obtain public key
- 2. Private key and public key serialization
- 3. Deserialization of private key and public key
- 4. Public key encryption and private key decryption
- 5. Private key signature public key signature verification
- source code
-
- RSAPrivateKey source code
- RSAPublicKey source code
Documentation
- https://github.com/pyca/cryptography
- https://pypi.org/project/cryptography/
- https://cryptography.io/en/latest/
- https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/
Install
pip install cryptography
Example
1. Generate private key and obtain public key
# -*- coding: utf-8 -*-
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
# generate private key
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
# Get the public key
public_key = private_key. public_key()
2. Private key and public key serialization
# private key serialization
private_key_pem = private_key. private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm = serialization. NoEncryption()
)
# save the private key to a file
with open('private.key', 'wb') as f:
f.write(private_key_pem)
# public key serialization
public_key_pem = public_key. public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
# save the public key to a file
with open('public.pem', 'wb') as f:
f.write(public_key_pem)
3. Deserialization of private key and public key
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
# load private key from file
with open("private.key", "rb") as private_key_file:
private_key = serialization.load_pem_private_key(
private_key_file. read(),
password=None,
backend=default_backend()
)
# load public key from file
with open("public.pem", "rb") as public_pem_file:
public_key = serialization.load_pem_public_key(
public_pem_file. read(),
backend=default_backend()
)
4. Public key encryption and private key decryption
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
# public key decryption
message = 'Hello'
encrypted = public_key.encrypt(
plaintext=message.encode('utf-8'),
padding = padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
print(encrypted)
# b'm\xf2\x8d\xa84\xbe\x13\xe1...'
# Decrypt with private key
original_message = private_key. decrypt(
ciphertext=encrypted,
padding = padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
print(original_message. decode('utf-8'))
#Hello
5. Private key signature public key verification
# -*- coding: utf-8 -*-
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
# private key signature
message = 'Hello'
signature = private_key. sign(
data=message.encode('utf-8'),
padding = padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
algorithm=hashes.SHA256()
)
print(signature)
# b'm\xf2\x8d\xa84\xbe\x13\xe1...'
# Public key verification If the verification fails, an exception is thrown cryptography.exceptions.InvalidSignature
public_key. verify(
signature=signature,
data='Hello'.encode('utf-8'),
padding = padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
algorithm=hashes.SHA256()
)
Source code
RSAPrivateKey source code
cryptography/hazmat/primitives/asymmetric/rsa.py
class RSAPrivateKey(metaclass=abc.ABCMeta):
@abc.abstractmethod
def decrypt(self, ciphertext: bytes, padding: AsymmetricPadding) -> bytes:
"""
Decrypts the provided ciphertext.
"""
@abc.abstractproperty
def key_size(self) -> int:
"""
The bit length of the public modulus.
"""
@abc.abstractmethod
def public_key(self) -> "RSAPublicKey":
"""
The RSAPublicKey associated with this private key.
"""
@abc.abstractmethod
def sign(
self,
data: bytes,
padding: Asymmetric Padding,
algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm],
) -> bytes:
"""
Signs the data.
"""
@abc.abstractmethod
def private_numbers(self) -> "RSAPrivateNumbers":
"""
Returns an RSAPrivateNumbers.
"""
@abc.abstractmethod
def private_bytes(
self,
encoding: _serialization. Encoding,
format: _serialization. PrivateFormat,
encryption_algorithm: _serialization.KeySerializationEncryption,
) -> bytes:
"""
Returns the key serialized as bytes.
"""
RSAPublicKey source code
cryptography/hazmat/primitives/asymmetric/rsa.py
class RSAPublicKey(metaclass=abc.ABCMeta):
@abc.abstractmethod
def encrypt(self, plaintext: bytes, padding: AsymmetricPadding) -> bytes:
"""
Encrypts the given plaintext.
"""
@abc.abstractproperty
def key_size(self) -> int:
"""
The bit length of the public modulus.
"""
@abc.abstractmethod
def public_numbers(self) -> "RSAPublicNumbers":
"""
Returns an RSAPublicNumbers
"""
@abc.abstractmethod
def public_bytes(
self,
encoding: _serialization. Encoding,
format: _serialization. PublicFormat,
) -> bytes:
"""
Returns the key serialized as bytes.
"""
@abc.abstractmethod
def verify(
self,
signature: bytes,
data: bytes,
padding: Asymmetric Padding,
algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm],
) -> None:
"""
Verifies the signature of the data.
"""
@abc.abstractmethod
def recover_data_from_signature(
self,
signature: bytes,
padding: Asymmetric Padding,
algorithm: typing. Optional[hashes. HashAlgorithm],
) -> bytes:
"""
Recovers the original data from the signature.
"""
reference article
-
- RSA encryption using cryptography