RSA Class
Properties Methods Events Configuration Settings Errors
Implements RSA public-key cryptography to encrypt/decrypt and sign/verify messages.
Syntax
class ipworksencrypt.RSA
Remarks
The RSA class implements RSA public-key cryptography to encrypt/decrypt messages and sign/verify hash signatures.
To begin you must either specify an existing key or create a new key. Existing private keys may be specified by setting the Key* properties. To create a new key call create_key. Alternatively an existing certificate may be specified by setting the Certificate* properties
Signing
To sign data first set key or certificate. Specify the input data using input_file or input_message. Next call sign. The class will populate hash_value and hash_signature. After calling sign the public key must be sent to the recipient along with hash_signature.
Encrypting
To encrypt data set recipient_key or recipient_cert. Specify the input data using input_file or input_message. Next call encrypt. The class will populate output_message, or write to the file specified by output_file.
Signature Verification
To verify a signature specify the input data using input_file or input_message. Set signer_key or signer_cert. Next set hash_signature and call verify_signature. The verify_signature method will return True if the signature was successfully verified.
Decrypting
To decrypt data first set key or certificate. Specify the input data using input_file or input_message. Next call decrypt. The class will populate output_message, or write to the file specified by output_file.
Input and Output Properties
The class will determine the source and destination of the input and output based on which properties are set.
The order in which the input properties are checked is as follows:
When a valid source is found the search stops. The order in which the output properties are checked is as follows:
- output_file
- output_message: The output data is written to this property if no other destination is specified.
RSA Keys
A RSA key is made up of a number of individual parameters.
The public key consists of the following parameters:
The class also includes the key_public_key property which holds the PEM formatted public key for ease of use. This is helpful if you are in control of both sides of the encryption/signing and decryption/signature verification process. When sending the public key to a recipient note that not all implementations will support using the PEM formatted value in key_public_key in which case the individual parameters must be sent.
The private key may be represented in one of two ways. Both are mathematically equivalent. Private key format 1:
Private key format 2 is simpler but has decreased performance when decrypting and signing. This format is: The class also include the key_private_key property which holds the PEM formatted private key for ease of use. This is helpful for storing the private key more easily.Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| cert_encoded | The certificate (PEM/base64 encoded). |
| cert_store | The name of the certificate store for the client certificate. |
| cert_store_password | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| cert_store_type | The type of certificate store for this certificate. |
| cert_subject | The subject of the certificate used for client authentication. |
| hash_algorithm | The hash algorithm used for signing and signature verification. |
| hash_signature | The hash signature. |
| hash_value | The hash value of the data. |
| input_file | The file to process. |
| input_message | The message to process. |
| keyd | Represents the D parameter for the RSA algorithm. |
| key_dp | Represents the DP parameter for the RSA algorithm. |
| key_dq | Represents the DQ parameter for the RSA algorithm. |
| key_exponent | Represents the Exponent parameter for the RSA algorithm. |
| key_inverseq | Represents the InverseQ parameter for the RSA algorithm. |
| key_modulus | Represents the Modulus parameter for the RSA algorithm. |
| keyp | Represents the P parameter for the RSA algorithm. |
| key_private_key | This property is a PEM formatted private key. |
| key_public_key | This property is a PEM formatted public key. |
| keyq | Represents the Q parameter for the RSA algorithm. |
| output_file | The output file when encrypting or decrypting. |
| output_message | The output message after processing. |
| overwrite | Indicates whether or not the class should overwrite files. |
| recipient_cert_encoded | The certificate (PEM/base64 encoded). |
| recipient_cert_store | The name of the certificate store for the client certificate. |
| recipient_cert_store_password | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| recipient_cert_store_type | The type of certificate store for this certificate. |
| recipient_cert_subject | The subject of the certificate used for client authentication. |
| recipient_key_exponent | Represents the Exponent parameter for the RSA algorithm. |
| recipient_key_modulus | Represents the Modulus parameter for the RSA algorithm. |
| recipient_key_public_key | This property is a PEM formatted public key. |
| signer_cert_encoded | The certificate (PEM/base64 encoded). |
| signer_cert_store | The name of the certificate store for the client certificate. |
| signer_cert_store_password | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| signer_cert_store_type | The type of certificate store for this certificate. |
| signer_cert_subject | The subject of the certificate used for client authentication. |
| signer_key_exponent | Represents the Exponent parameter for the RSA algorithm. |
| signer_key_modulus | Represents the Modulus parameter for the RSA algorithm. |
| signer_key_public_key | This property is a PEM formatted public key. |
| use_hex | Whether input or output is hex encoded. |
| use_oaep | Whether to use Optimal Asymmetric Encryption Padding (OAEP). |
| use_pss | Whether to use RSA-PSS during signing and verification. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| config | Sets or retrieves a configuration setting. |
| create_key | Creates a new key. |
| decrypt | Decrypts the input data using the specified private key. |
| encrypt | Encrypts the input data using the recipient's public key. |
| reset | Resets the class. |
| sign | Creates a hash signature. |
| verify_signature | Verifies the signature for the specified data. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_error | Information about errors during data delivery. |
| on_progress | Fired as progress is made. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| KeyFormat | How the public and private key are formatted. |
| KeySize | The size, in bits, of the secret key. |
| OAEPMGF1HashAlgorithm | The MGF1 hash algorithm used with OAEP. |
| OAEPParams | The hex encoded OAEP parameters. |
| OAEPRSAHashAlgorithm | The RSA hash algorithm used with OAEP. |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
| SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
| UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |