From 4e602f383aa7ee7e43b344e805d92f9626f4a8c7 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 12:07:54 -0500 Subject: RSA encryption support --- docs/hazmat/backends/interfaces.rst | 12 +++++++ docs/hazmat/primitives/asymmetric/rsa.rst | 60 +++++++++++++++++++++++++++++++ docs/hazmat/primitives/interfaces.rst | 17 +++++++++ 3 files changed, 89 insertions(+) (limited to 'docs/hazmat') diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst index 0349901a..ef7c0841 100644 --- a/docs/hazmat/backends/interfaces.rst +++ b/docs/hazmat/backends/interfaces.rst @@ -275,6 +275,18 @@ A specific ``backend`` may provide one or more of these interfaces. :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` provider. + .. method:: encrypt_rsa(public_key, plaintext, padding) + + :param public_key: An instance of an + :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` + provider. + + :param bytes plaintext: The plaintext to encrypt. + + :param padding: An instance of an + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + .. class:: OpenSSLSerializationBackend diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index 862df635..b0440695 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -267,6 +267,66 @@ RSA :raises ValueError: This is raised when the chosen hash algorithm is too large for the key size. + .. method:: encrypt(plaintext, padding, backend) + + .. versionadded:: 0.4 + + Encrypt data using the public key. + + :param bytes plaintext: The plaintext to encrypt. + + :param padding: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :return bytes: Encrypted data. + + :raises cryptography.exceptions.UnsupportedAlgorithm: This is raised if + the provided ``backend`` does not implement + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` or if + the backend does not support the chosen hash or padding algorithm. + If the padding is + :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` + with the + :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` + mask generation function it may also refer to the ``MGF1`` hash + algorithm. + + :raises TypeError: This is raised when the padding is not an + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :raises ValueError: This is raised if the data is too large for the + key size. If the padding is + :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` + it may also be raised for invalid label values. + + .. doctest:: + + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import hashes + from cryptography.hazmat.primitives.asymmetric import padding, rsa + + >>> private_key = rsa.RSAPrivateKey.generate( + ... public_exponent=65537, + ... key_size=2048, + ... backend=default_backend() + ... ) + >>> public_key = private_key.public_key() + >>> ciphertext = public_key.encrypt( + >>> plaintext, + >>> padding.OAEP( + >>> mgf=padding.MGF1(algorithm=hashes.SHA1()), + >>> algorithm=hashes.SHA1(), + >>> label=None + >>> ), + >>> default_backend() + >>> ) + Handling partial RSA private keys --------------------------------- diff --git a/docs/hazmat/primitives/interfaces.rst b/docs/hazmat/primitives/interfaces.rst index 3b837a0d..c76582c0 100644 --- a/docs/hazmat/primitives/interfaces.rst +++ b/docs/hazmat/primitives/interfaces.rst @@ -263,6 +263,23 @@ Asymmetric interfaces :returns: :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricVerificationContext` + .. method:: encrypt(plaintext, padding, backend) + + .. versionadded:: 0.4 + + Encrypt data with the public key. + + :param bytes plaintext: The plaintext to encrypt. + + :param padding: An instance of a + :class:`~cryptography.hazmat.primitives.interfaces.AsymmetricPadding` + provider. + + :param backend: A + :class:`~cryptography.hazmat.backends.interfaces.RSABackend` + provider. + + :return bytes: Encrypted data. .. attribute:: modulus -- cgit v1.2.3 From c84b3fb5e150ad1d6a1a5f40b80d392461448665 Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 12:12:28 -0500 Subject: change doctest to codeblock until we add multibackend support for encrypt --- docs/hazmat/primitives/asymmetric/rsa.rst | 32 +++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index b0440695..ed0e1008 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -305,27 +305,27 @@ RSA :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP` it may also be raised for invalid label values. - .. doctest:: + .. code-block:: python from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.asymmetric import padding, rsa - >>> private_key = rsa.RSAPrivateKey.generate( - ... public_exponent=65537, - ... key_size=2048, - ... backend=default_backend() - ... ) - >>> public_key = private_key.public_key() - >>> ciphertext = public_key.encrypt( - >>> plaintext, - >>> padding.OAEP( - >>> mgf=padding.MGF1(algorithm=hashes.SHA1()), - >>> algorithm=hashes.SHA1(), - >>> label=None - >>> ), - >>> default_backend() - >>> ) + private_key = rsa.RSAPrivateKey.generate( + public_exponent=65537, + key_size=2048, + backend=default_backend() + ) + public_key = private_key.public_key() + ciphertext = public_key.encrypt( + plaintext, + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA1()), + algorithm=hashes.SHA1(), + label=None + ), + default_backend() + ) Handling partial RSA private keys -- cgit v1.2.3 From 4ce810e22ccbf9ed1eadb4695e4cbe4cb59230fa Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Thu, 24 Apr 2014 15:51:26 -0500 Subject: improve style in test, update docs for rsa encryption review --- docs/hazmat/primitives/asymmetric/rsa.rst | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'docs/hazmat') diff --git a/docs/hazmat/primitives/asymmetric/rsa.rst b/docs/hazmat/primitives/asymmetric/rsa.rst index ed0e1008..68ad089d 100644 --- a/docs/hazmat/primitives/asymmetric/rsa.rst +++ b/docs/hazmat/primitives/asymmetric/rsa.rst @@ -271,7 +271,8 @@ RSA .. versionadded:: 0.4 - Encrypt data using the public key. + Encrypt data using the public key. The resulting ciphertext can only + be decrypted with the private key. :param bytes plaintext: The plaintext to encrypt. -- cgit v1.2.3