Crypto.Signature
package¶
The Crypto.Signature
package contains algorithms for performing digital
signatures, used to guarantee integrity and non-repudiation.
Digital signatures are based on public key cryptography: the party that signs a message holds the private key, the one that verifies the signature holds the public key.
Signing a message¶
- Instantiate a new signer object for the desired algorithm,
for instance with
Crypto.Signature.pkcs1_15.new()
. The first parameter is the key object (private key) obtained via theCrypto.PublicKey
module. - Instantiate a cryptographic hash object, for instance with
Crypto.Hash.SHA384.new()
. Then, process the message with itsupdate()
method. - Invoke the
sign()
method on the signer with the hash object as parameter. The output is the signature of the message (a byte string).
Verifying a signature¶
- Instantiate a new verifier object for the desired algorithm,
for instance with
Crypto.Signature.pkcs1_15.new()
. The first parameter is the key object (public key) obtained via theCrypto.PublicKey
module. - Instantiate a cryptographic hash object, for instance with
Crypto.Hash.SHA384.new()
. Then, process the message with itsupdate()
method. - Invoke the
verify()
method on the verifier, with the hash object and the incoming signature as parameters. If the message is not authentic, anValueError
is raised.