Danger
This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.
DSA is a public-key algorithm for signing messages.
New in version 0.5.
Generate a DSA private key from the given key size. This function will generate a new set of parameters and key in one step.
Parameters: |
|
---|---|
Returns: | An instance of DSAPrivateKey. |
Raises cryptography.exceptions.UnsupportedAlgorithm: | |
This is raised if the provided backend does not implement DSABackend |
New in version 0.5.
Generate DSA parameters using the provided backend.
Parameters: |
|
---|---|
Returns: | An instance of DSAParameters. |
Raises cryptography.exceptions.UnsupportedAlgorithm: | |
This is raised if the provided backend does not implement DSABackend |
Using a DSAPrivateKey instance.
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives import hashes
>>> from cryptography.hazmat.primitives.asymmetric import dsa
>>> private_key = dsa.generate_private_key(
... key_size=1024,
... backend=default_backend()
... )
>>> signer = private_key.signer(hashes.SHA256())
>>> data = b"this is some data I'd like to sign"
>>> signer.update(data)
>>> signature = signer.finalize()
There is a shortcut to sign sufficiently short messages directly:
>>> data = b"this is some data I'd like to sign"
>>> signature = private_key.sign(
... data,
... hashes.SHA256()
... )
The signature is a bytes object, whose contents is DER encoded as described in RFC 3279. This can be decoded using decode_dss_signature().
Verification is performed using a DSAPublicKey instance. You can get a public key object with load_pem_public_key(), load_der_public_key(), public_key() , or public_key().
>>> public_key = private_key.public_key()
>>> verifier = public_key.verifier(signature, hashes.SHA256())
>>> verifier.update(data)
>>> verifier.verify()
There is a shortcut to verify sufficiently short messages directly:
>>> public_key.verify(
... signature,
... data,
... hashes.SHA256()
... )
verifier() takes the signature in the same format as is returned by signer.finalize().
verify() will raise an InvalidSignature exception if the signature isn’t valid.
New in version 0.5.
The collection of integers that make up a set of DSA parameters.
Type: | int |
---|
The public modulus.
Type: | int |
---|
The sub-group order.
Type: | int |
---|
The generator.
Parameters: | backend – An instance of DSABackend. |
---|---|
Returns: | A new instance of DSAParameters. |
New in version 0.5.
The collection of integers that make up a DSA public key.
Type: | int |
---|
The public value y.
Type: | DSAParameterNumbers |
---|
The DSAParameterNumbers associated with the public key.
Parameters: | backend – An instance of DSABackend. |
---|---|
Returns: | A new instance of DSAPublicKey. |
New in version 0.5.
The collection of integers that make up a DSA private key.
Warning
Revealing the value of x will compromise the security of any cryptographic operations performed.
Type: | int |
---|
The private value x.
Type: | DSAPublicNumbers |
---|
The DSAPublicNumbers associated with the private key.
Parameters: | backend – An instance of DSABackend. |
---|---|
Returns: | A new instance of DSAPrivateKey. |
New in version 0.3.
DSA parameters.
New in version 0.5.
Generate a DSA private key. This method can be used to generate many new private keys from a single set of parameters.
Returns: | An instance of DSAPrivateKey. |
---|
New in version 0.5.
Extends DSAParameters.
Create a DSAParameterNumbers object.
Returns: | A DSAParameterNumbers instance. |
---|
New in version 0.3.
A DSA private key.
Returns: | DSAPublicKey |
---|
An DSA public key object corresponding to the values of the private key.
Returns: | DSAParameters |
---|
The DSAParameters object associated with this private key.
New in version 0.4.
Sign data which can be verified later by others using the public key. The signature is formatted as DER-encoded bytes, as specified in RFC 3279.
Parameters: |
|
---|---|
Returns: |
New in version 1.5.
Changed in version 1.6: Prehashed can now be used as an algorithm.
Sign one block of data which can be verified later by others using the public key.
Parameters: |
|
---|---|
Return bytes: | Signature. |
New in version 0.8.
Extends DSAPrivateKey.
Create a DSAPrivateNumbers object.
Returns: | A DSAPrivateNumbers instance. |
---|
Allows serialization of the key to bytes. Encoding ( PEM or DER), format ( TraditionalOpenSSL or PKCS8) and encryption algorithm (such as BestAvailableEncryption or NoEncryption) are chosen to define the exact serialization.
Parameters: |
|
---|---|
Return bytes: | Serialized key. |
New in version 0.3.
A DSA public key.
Returns: | DSAParameters |
---|
The DSAParameters object associated with this public key.
New in version 0.4.
Verify data was signed by the private key associated with this public key.
Parameters: |
|
---|---|
Returns: |
Create a DSAPublicNumbers object.
Returns: | A DSAPublicNumbers instance. |
---|
Allows serialization of the key to bytes. Encoding ( PEM or DER) and format ( SubjectPublicKeyInfo) are chosen to define the exact serialization.
Parameters: |
|
---|---|
Return bytes: | Serialized key. |
New in version 1.5.
Changed in version 1.6: Prehashed can now be used as an algorithm.
Verify one block of data was signed by the private key associated with this public key.
Parameters: |
|
---|---|
Raises cryptography.exceptions.InvalidSignature: | |
If the signature does not validate. |
New in version 0.8.
Alias for DSAPublicKey.