PKCS#1 v1.5 (RSA)¶
An old but still solid digital signature scheme based on RSA.
It is more formally called RSASSA-PKCS1-v1_5
in Section 8.2 of RFC8017.
The following example shows how a private RSA key (loaded from a file) can be used to compute the signature of a message:
>>> from Crypto.Signature import pkcs1_15
>>> from Crypto.Hash import SHA256
>>> from Crypto.PublicKey import RSA
>>>
>>> message = b'To be signed'
>>> key = RSA.import_key(open('private_key.der').read())
>>> h = SHA256.new(message)
>>> signature = pkcs1_15.new(key).sign(h)
At the other end, the receiver can verify the signature (and therefore the authenticity of the message) using the matching public RSA key:
>>> key = RSA.import_key(open('public_key.der').read())
>>> h = SHA256.new(message)
>>> try:
>>> pkcs1_15.new(key).verify(h, signature)
>>> print "The signature is valid."
>>> except (ValueError, TypeError):
>>> print "The signature is not valid."
- class Crypto.Signature.pkcs1_15.PKCS115_SigScheme(rsa_key)¶
A signature object for
RSASSA-PKCS1-v1_5
. Do not instantiate directly. UseCrypto.Signature.pkcs1_15.new()
.- can_sign()¶
Return
True
if this object can be used to sign messages.
- sign(msg_hash)¶
Create the PKCS#1 v1.5 signature of a message.
This function is also called
RSASSA-PKCS1-V1_5-SIGN
and it is specified in section 8.2.1 of RFC8017.- Parameters:
msg_hash (hash object) – This is an object from the
Crypto.Hash
package. It has been used to digest the message to sign.- Returns:
the signature encoded as a byte string.
- Raises:
ValueError – if the RSA key is not long enough for the given hash algorithm.
TypeError – if the RSA key has no private half.
- verify(msg_hash, signature)¶
Check if the PKCS#1 v1.5 signature over a message is valid.
This function is also called
RSASSA-PKCS1-V1_5-VERIFY
and it is specified in section 8.2.2 of RFC8037.- Parameters:
msg_hash – The hash that was carried out over the message. This is an object belonging to the
Crypto.Hash
module.signature (byte string) – The signature that needs to be validated.
- Raises:
ValueError – if the signature is not valid.
- Crypto.Signature.pkcs1_15.new(rsa_key)¶
Create a signature object for creating or verifying PKCS#1 v1.5 signatures.
- Parameters:
rsa_key (RSA object) – The RSA key to use for signing or verifying the message. This is a
Crypto.PublicKey.RSA
object. Signing is only possible whenrsa_key
is a private RSA key.- Returns:
a
PKCS115_SigScheme
signature object