diff options
Diffstat (limited to 'api/2.6/Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html')
-rw-r--r-- | api/2.6/Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html | 348 |
1 files changed, 348 insertions, 0 deletions
diff --git a/api/2.6/Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html b/api/2.6/Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html new file mode 100644 index 0000000..c6646bc --- /dev/null +++ b/api/2.6/Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html @@ -0,0 +1,348 @@ +<?xml version="1.0" encoding="ascii"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<head> + <title>Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher</title> + <link rel="stylesheet" href="epydoc.css" type="text/css" /> + <script type="text/javascript" src="epydoc.js"></script> +</head> + +<body bgcolor="white" text="black" link="blue" vlink="#204080" + alink="#204080"> +<!-- ==================== NAVIGATION BAR ==================== --> +<table class="navbar" border="0" width="100%" cellpadding="0" + bgcolor="#a0c0ff" cellspacing="0"> + <tr valign="middle"> + <!-- Home link --> + <th> <a + href="Crypto-module.html">Home</a> </th> + + <!-- Tree link --> + <th> <a + href="module-tree.html">Trees</a> </th> + + <!-- Index link --> + <th> <a + href="identifier-index.html">Indices</a> </th> + + <!-- Help link --> + <th> <a + href="help.html">Help</a> </th> + + <!-- Project homepage --> + <th class="navbar" align="right" width="100%"> + <table border="0" cellpadding="0" cellspacing="0"> + <tr><th class="navbar" align="center" + ><a href="http://www.pycrypto.org/">PyCrypto.org</a></th> + </tr></table></th> + </tr> +</table> +<table width="100%" cellpadding="0" cellspacing="0"> + <tr valign="top"> + <td width="100%"> + <span class="breadcrumbs"> + <a href="Crypto-module.html">Package Crypto</a> :: + <a href="Crypto.Cipher-module.html">Package Cipher</a> :: + <a href="Crypto.Cipher.PKCS1_v1_5-module.html">Module PKCS1_v1_5</a> :: + Class PKCS115_Cipher + </span> + </td> + <td> + <table cellpadding="0" cellspacing="0"> + <!-- hide/show private --> + <tr><td align="right"><span class="options" + >[<a href="frames.html" target="_top">frames</a + >] | <a href="Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html" + target="_top">no frames</a>]</span></td></tr> + </table> + </td> + </tr> +</table> +<!-- ==================== CLASS DESCRIPTION ==================== --> +<h1 class="epydoc">Class PKCS115_Cipher</h1><p class="nomargin-top"></p> +This cipher can perform PKCS#1 v1.5 RSA encryption or decryption. + +<!-- ==================== INSTANCE METHODS ==================== --> +<a name="section-InstanceMethods"></a> +<table class="summary" border="1" cellpadding="3" + cellspacing="0" width="100%" bgcolor="white"> +<tr bgcolor="#70b0f0" class="table-header"> + <td align="left" colspan="2" class="table-header"> + <span class="table-header">Instance Methods</span></td> +</tr> +<tr> + <td width="15%" align="right" valign="top" class="summary"> + <span class="summary-type"> </span> + </td><td class="summary"> + <table width="100%" cellpadding="0" cellspacing="0" border="0"> + <tr> + <td><span class="summary-sig"><a href="Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html#__init__" class="summary-sig-name">__init__</a>(<span class="summary-sig-arg">self</span>, + <span class="summary-sig-arg">key</span>)</span><br /> + Initialize this PKCS#1 v1.5 cipher object.</td> + <td align="right" valign="top"> + + + </td> + </tr> + </table> + + </td> + </tr> +<tr> + <td width="15%" align="right" valign="top" class="summary"> + <span class="summary-type"> </span> + </td><td class="summary"> + <table width="100%" cellpadding="0" cellspacing="0" border="0"> + <tr> + <td><span class="summary-sig"><a name="can_encrypt"></a><span class="summary-sig-name">can_encrypt</span>(<span class="summary-sig-arg">self</span>)</span><br /> + Return True if this cipher object can be used for encryption.</td> + <td align="right" valign="top"> + + + </td> + </tr> + </table> + + </td> + </tr> +<tr> + <td width="15%" align="right" valign="top" class="summary"> + <span class="summary-type"> </span> + </td><td class="summary"> + <table width="100%" cellpadding="0" cellspacing="0" border="0"> + <tr> + <td><span class="summary-sig"><a name="can_decrypt"></a><span class="summary-sig-name">can_decrypt</span>(<span class="summary-sig-arg">self</span>)</span><br /> + Return True if this cipher object can be used for decryption.</td> + <td align="right" valign="top"> + + + </td> + </tr> + </table> + + </td> + </tr> +<tr> + <td width="15%" align="right" valign="top" class="summary"> + <span class="summary-type"> </span> + </td><td class="summary"> + <table width="100%" cellpadding="0" cellspacing="0" border="0"> + <tr> + <td><span class="summary-sig"><a href="Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html#encrypt" class="summary-sig-name">encrypt</a>(<span class="summary-sig-arg">self</span>, + <span class="summary-sig-arg">message</span>)</span><br /> + Produce the PKCS#1 v1.5 encryption of a message.</td> + <td align="right" valign="top"> + + + </td> + </tr> + </table> + + </td> + </tr> +<tr> + <td width="15%" align="right" valign="top" class="summary"> + <span class="summary-type"> </span> + </td><td class="summary"> + <table width="100%" cellpadding="0" cellspacing="0" border="0"> + <tr> + <td><span class="summary-sig"><a href="Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html#decrypt" class="summary-sig-name">decrypt</a>(<span class="summary-sig-arg">self</span>, + <span class="summary-sig-arg">ct</span>, + <span class="summary-sig-arg">sentinel</span>)</span><br /> + Decrypt a PKCS#1 v1.5 ciphertext.</td> + <td align="right" valign="top"> + + + </td> + </tr> + </table> + + </td> + </tr> +</table> +<!-- ==================== METHOD DETAILS ==================== --> +<a name="section-MethodDetails"></a> +<table class="details" border="1" cellpadding="3" + cellspacing="0" width="100%" bgcolor="white"> +<tr bgcolor="#70b0f0" class="table-header"> + <td align="left" colspan="2" class="table-header"> + <span class="table-header">Method Details</span></td> +</tr> +</table> +<a name="__init__"></a> +<div> +<table class="details" border="1" cellpadding="3" + cellspacing="0" width="100%" bgcolor="white"> +<tr><td> + <table width="100%" cellpadding="0" cellspacing="0" border="0"> + <tr valign="top"><td> + <h3 class="epydoc"><span class="sig"><span class="sig-name">__init__</span>(<span class="sig-arg">self</span>, + <span class="sig-arg">key</span>)</span> + <br /><em class="fname">(Constructor)</em> + </h3> + </td><td align="right" valign="top" + > + </td> + </tr></table> + + Initialize this PKCS#1 v1.5 cipher object. + <dl class="fields"> + <dt>Parameters:</dt> + <dd><ul class="nomargin-top"> + <li><strong class="pname"><code>key</code></strong> (an RSA key object) - If a private half is given, both encryption and decryption are possible. +If a public half is given, only encryption is possible.</li> + </ul></dd> + </dl> +</td></tr></table> +</div> +<a name="encrypt"></a> +<div> +<table class="details" border="1" cellpadding="3" + cellspacing="0" width="100%" bgcolor="white"> +<tr><td> + <table width="100%" cellpadding="0" cellspacing="0" border="0"> + <tr valign="top"><td> + <h3 class="epydoc"><span class="sig"><span class="sig-name">encrypt</span>(<span class="sig-arg">self</span>, + <span class="sig-arg">message</span>)</span> + </h3> + </td><td align="right" valign="top" + > + </td> + </tr></table> + + <p>Produce the PKCS#1 v1.5 encryption of a message.</p> +<p>This function is named <tt class="rst-docutils literal"><span class="pre">RSAES-PKCS1-V1_5-ENCRYPT</span></tt>, and is specified in +section 7.2.1 of RFC3447. +For a complete example see <a href="Crypto.Cipher.PKCS1_v1_5-module.html" class="link">Crypto.Cipher.PKCS1_v1_5</a>.</p> + <dl class="fields"> + <dt>Parameters:</dt> + <dd><ul class="nomargin-top"> + <li><strong class="pname"><code>message</code></strong> (byte string) - The message to encrypt, also known as plaintext. It can be of +variable length, but not longer than the RSA modulus (in bytes) minus 11.</li> + </ul></dd> + <dt>Returns:</dt> + <dd>A byte string, the ciphertext in which the message is encrypted. +It is as long as the RSA modulus (in bytes).</dd> + <dt>Raises:</dt> + <dd><ul class="nomargin-top"> + <li><code><strong class='fraise'>ValueError</strong></code> - If the RSA key length is not sufficiently long to deal with the given +message.</li> + </ul></dd> + </dl> +</td></tr></table> +</div> +<a name="decrypt"></a> +<div> +<table class="details" border="1" cellpadding="3" + cellspacing="0" width="100%" bgcolor="white"> +<tr><td> + <table width="100%" cellpadding="0" cellspacing="0" border="0"> + <tr valign="top"><td> + <h3 class="epydoc"><span class="sig"><span class="sig-name">decrypt</span>(<span class="sig-arg">self</span>, + <span class="sig-arg">ct</span>, + <span class="sig-arg">sentinel</span>)</span> + </h3> + </td><td align="right" valign="top" + > + </td> + </tr></table> + + <p>Decrypt a PKCS#1 v1.5 ciphertext.</p> +<p>This function is named <tt class="rst-docutils literal"><span class="pre">RSAES-PKCS1-V1_5-DECRYPT</span></tt>, and is specified in +section 7.2.2 of RFC3447. +For a complete example see <a href="Crypto.Cipher.PKCS1_v1_5-module.html" class="link">Crypto.Cipher.PKCS1_v1_5</a>.</p> + <dl class="fields"> + <dt>Parameters:</dt> + <dd><ul class="nomargin-top"> + <li><strong class="pname"><code>ct</code></strong> (byte string) - The ciphertext that contains the message to recover.</li> + <li><strong class="pname"><code>sentinel</code></strong> (any type) - The object to return to indicate that an error was detected during decryption.</li> + </ul></dd> + <dt>Returns:</dt> + <dd>A byte string. It is either the original message or the <tt class="rst-docutils literal">sentinel</tt> (in case of an error).</dd> + <dt>Raises:</dt> + <dd><ul class="nomargin-top"> + <li><code><strong class='fraise'>ValueError</strong></code> - If the ciphertext length is incorrect</li> + <li><code><strong class='fraise'>TypeError</strong></code> - If the RSA key has no private half.</li> + </ul></dd> + </dl> +<div class="fields"> <p><strong>Attention:</strong> + <p>You should <strong>never</strong> let the party who submitted the ciphertext know that +this function returned the <tt class="rst-docutils literal">sentinel</tt> value. +Armed with such knowledge (for a fair amount of carefully crafted but invalid ciphertexts), +an attacker is able to recontruct the plaintext of any other encryption that were carried out +with the same RSA public key (see <a class="rst-reference external" href="http://www.bell-labs.com/user/bleichen/papers/pkcs.ps" target="_top">Bleichenbacher's</a> attack).</p> +<p>In general, it should not be possible for the other party to distinguish +whether processing at the server side failed because the value returned +was a <tt class="rst-docutils literal">sentinel</tt> as opposed to a random, invalid message.</p> +<p>In fact, the second option is not that unlikely: encryption done according to PKCS#1 v1.5 +embeds no good integrity check. There is roughly one chance +in 2^16 for a random ciphertext to be returned as a valid message +(although random looking).</p> +<p>It is therefore advisabled to:</p> +<ol class="rst-arabic simple"> +<li>Select as <tt class="rst-docutils literal">sentinel</tt> a value that resembles a plausable random, invalid message.</li> +<li>Not report back an error as soon as you detect a <tt class="rst-docutils literal">sentinel</tt> value. +Put differently, you should not explicitly check if the returned value is the <tt class="rst-docutils literal">sentinel</tt> or not.</li> +<li>Cover all possible errors with a single, generic error indicator.</li> +<li>Embed into the definition of <tt class="rst-docutils literal">message</tt> (at the protocol level) a digest (e.g. <tt class="rst-docutils literal"><span class="pre">SHA-1</span></tt>). +It is recommended for it to be the rightmost part <tt class="rst-docutils literal">message</tt>.</li> +<li>Where possible, monitor the number of errors due to ciphertexts originating from the same party, +and slow down the rate of the requests from such party (or even blacklist it altogether).</li> +</ol> +<p><strong>If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.</strong></p> + </p> +</div></td></tr></table> +</div> +<br /> +<!-- ==================== NAVIGATION BAR ==================== --> +<table class="navbar" border="0" width="100%" cellpadding="0" + bgcolor="#a0c0ff" cellspacing="0"> + <tr valign="middle"> + <!-- Home link --> + <th> <a + href="Crypto-module.html">Home</a> </th> + + <!-- Tree link --> + <th> <a + href="module-tree.html">Trees</a> </th> + + <!-- Index link --> + <th> <a + href="identifier-index.html">Indices</a> </th> + + <!-- Help link --> + <th> <a + href="help.html">Help</a> </th> + + <!-- Project homepage --> + <th class="navbar" align="right" width="100%"> + <table border="0" cellpadding="0" cellspacing="0"> + <tr><th class="navbar" align="center" + ><a href="http://www.pycrypto.org/">PyCrypto.org</a></th> + </tr></table></th> + </tr> +</table> +<table border="0" cellpadding="0" cellspacing="0" width="100%%"> + <tr> + <td align="left" class="footer"> + Generated by Epydoc 3.0.1 on Thu May 24 09:02:37 2012 + </td> + <td align="right" class="footer"> + <a target="mainFrame" href="http://epydoc.sourceforge.net" + >http://epydoc.sourceforge.net</a> + </td> + </tr> +</table> + +<script type="text/javascript"> + <!-- + // Private objects are initially displayed (because if + // javascript is turned off then we want them to be + // visible); but by default, we want to hide them. So hide + // them unless we have a cookie that says to show them. + checkCookie(); + // --> +</script> +</body> +</html> |