diff options
| author | Aviv Palivoda <palaviv@gmail.com> | 2016-06-30 21:42:46 +0300 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-06-30 13:42:46 -0500 |
| commit | f67429b9d199931eb695524724a947847ed1f808 (patch) | |
| tree | 6cf38e2a2fdf93074964264963ba575722cb9ea2 /docs/hazmat | |
| parent | 602f88f35dfda15c031de0dce5305e4850df7e07 (diff) | |
| download | cryptography-f67429b9d199931eb695524724a947847ed1f808.tar.gz cryptography-f67429b9d199931eb695524724a947847ed1f808.tar.bz2 cryptography-f67429b9d199931eb695524724a947847ed1f808.zip | |
One shot sign/verify DSA (#3003)
* Add sign and verify methods to DSA
* Documented DSA sign/verify methods
* Added CHANGELOG entry
Diffstat (limited to 'docs/hazmat')
| -rw-r--r-- | docs/hazmat/primitives/asymmetric/dsa.rst | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/docs/hazmat/primitives/asymmetric/dsa.rst b/docs/hazmat/primitives/asymmetric/dsa.rst index 93d0db6f..0eb68ce6 100644 --- a/docs/hazmat/primitives/asymmetric/dsa.rst +++ b/docs/hazmat/primitives/asymmetric/dsa.rst @@ -79,6 +79,16 @@ provider. >>> signer.update(data) >>> signature = signer.finalize() +There is a shortcut to sign sufficiently short messages directly: + +.. doctest:: + + >>> data = b"this is some data I'd like to sign" + >>> signature = private_key.sign( + ... data, + ... hashes.SHA256() + ... ) + The ``signature`` is a ``bytes`` object, whose contents is DER encoded as described in :rfc:`3279`. This can be decoded using :func:`~cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature`. @@ -102,6 +112,16 @@ You can get a public key object with >>> verifier.update(data) >>> verifier.verify() +There is a shortcut to verify sufficiently short messages directly: + +.. doctest:: + + >>> public_key.verify( + ... signature, + ... data, + ... hashes.SHA256() + ... ) + ``verifier()`` takes the signature in the same format as is returned by ``signer.finalize()``. @@ -289,6 +309,21 @@ Key interfaces The bit length of :attr:`~DSAParameterNumbers.q`. + .. method:: sign(data, algorithm) + + .. versionadded:: 1.5 + + Sign one block of data which can be verified later by others using the + public key. + + :param bytes data: The message string to sign. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` + provider. + + :return: bytes: Signature. + .. class:: DSAPrivateKeyWithSerialization @@ -400,6 +435,24 @@ Key interfaces :return bytes: Serialized key. + .. method:: verify(signature, data, algorithm) + + .. versionadded:: 1.5 + + Verify one block of data which can be verified later by others using the + public key. + + :param bytes signature: The signature to verify. + + :param bytes data: The message string that was signed. + + :param algorithm: An instance of a + :class:`~cryptography.hazmat.primitives.hashes.HashAlgorithm` + provider. + + :raises cryptography.exceptions.InvalidSignature: If the signature does + not validate. + .. class:: DSAPublicKeyWithSerialization |