1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
|
<?xml version="1.0" encoding="ascii"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher</title>
<link rel="stylesheet" href="epydoc.css" type="text/css" />
<script type="text/javascript" src="epydoc.js"></script>
</head>
<body bgcolor="white" text="black" link="blue" vlink="#204080"
alink="#204080">
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
bgcolor="#a0c0ff" cellspacing="0">
<tr valign="middle">
<!-- Home link -->
<th> <a
href="Crypto-module.html">Home</a> </th>
<!-- Tree link -->
<th> <a
href="module-tree.html">Trees</a> </th>
<!-- Index link -->
<th> <a
href="identifier-index.html">Indices</a> </th>
<!-- Help link -->
<th> <a
href="help.html">Help</a> </th>
<!-- Project homepage -->
<th class="navbar" align="right" width="100%">
<table border="0" cellpadding="0" cellspacing="0">
<tr><th class="navbar" align="center"
><a href="http://www.pycrypto.org/">PyCrypto.org</a></th>
</tr></table></th>
</tr>
</table>
<table width="100%" cellpadding="0" cellspacing="0">
<tr valign="top">
<td width="100%">
<span class="breadcrumbs">
<a href="Crypto-module.html">Package Crypto</a> ::
<a href="Crypto.Cipher-module.html">Package Cipher</a> ::
<a href="Crypto.Cipher.PKCS1_v1_5-module.html">Module PKCS1_v1_5</a> ::
Class PKCS115_Cipher
</span>
</td>
<td>
<table cellpadding="0" cellspacing="0">
<!-- hide/show private -->
<tr><td align="right"><span class="options">[<a href="javascript:void(0);" class="privatelink"
onclick="toggle_private();">hide private</a>]</span></td></tr>
<tr><td align="right"><span class="options"
>[<a href="frames.html" target="_top">frames</a
>] | <a href="Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html"
target="_top">no frames</a>]</span></td></tr>
</table>
</td>
</tr>
</table>
<!-- ==================== CLASS DESCRIPTION ==================== -->
<h1 class="epydoc">Class PKCS115_Cipher</h1><p class="nomargin-top"></p>
This cipher can perform PKCS#1 v1.5 RSA encryption or decryption.
<!-- ==================== INSTANCE METHODS ==================== -->
<a name="section-InstanceMethods"></a>
<table class="summary" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
<td colspan="2" class="table-header">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr valign="top">
<td align="left"><span class="table-header">Instance Methods</span></td>
<td align="right" valign="top"
><span class="options">[<a href="#section-InstanceMethods"
class="privatelink" onclick="toggle_private();"
>hide private</a>]</span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="15%" align="right" valign="top" class="summary">
<span class="summary-type"> </span>
</td><td class="summary">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td><span class="summary-sig"><a href="Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html#__init__" class="summary-sig-name">__init__</a>(<span class="summary-sig-arg">self</span>,
<span class="summary-sig-arg">key</span>)</span><br />
Initialize this PKCS#1 v1.5 cipher object.</td>
<td align="right" valign="top">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="15%" align="right" valign="top" class="summary">
<span class="summary-type"> </span>
</td><td class="summary">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td><span class="summary-sig"><a name="can_encrypt"></a><span class="summary-sig-name">can_encrypt</span>(<span class="summary-sig-arg">self</span>)</span><br />
Return True if this cipher object can be used for encryption.</td>
<td align="right" valign="top">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="15%" align="right" valign="top" class="summary">
<span class="summary-type"> </span>
</td><td class="summary">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td><span class="summary-sig"><a name="can_decrypt"></a><span class="summary-sig-name">can_decrypt</span>(<span class="summary-sig-arg">self</span>)</span><br />
Return True if this cipher object can be used for decryption.</td>
<td align="right" valign="top">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="15%" align="right" valign="top" class="summary">
<span class="summary-type"> </span>
</td><td class="summary">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td><span class="summary-sig"><a href="Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html#encrypt" class="summary-sig-name">encrypt</a>(<span class="summary-sig-arg">self</span>,
<span class="summary-sig-arg">message</span>)</span><br />
Produce the PKCS#1 v1.5 encryption of a message.</td>
<td align="right" valign="top">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td width="15%" align="right" valign="top" class="summary">
<span class="summary-type"> </span>
</td><td class="summary">
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
<td><span class="summary-sig"><a href="Crypto.Cipher.PKCS1_v1_5.PKCS115_Cipher-class.html#decrypt" class="summary-sig-name">decrypt</a>(<span class="summary-sig-arg">self</span>,
<span class="summary-sig-arg">ct</span>,
<span class="summary-sig-arg">sentinel</span>)</span><br />
Decrypt a PKCS#1 v1.5 ciphertext.</td>
<td align="right" valign="top">
</td>
</tr>
</table>
</td>
</tr>
</table>
<!-- ==================== METHOD DETAILS ==================== -->
<a name="section-MethodDetails"></a>
<table class="details" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr bgcolor="#70b0f0" class="table-header">
<td colspan="2" class="table-header">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr valign="top">
<td align="left"><span class="table-header">Method Details</span></td>
<td align="right" valign="top"
><span class="options">[<a href="#section-MethodDetails"
class="privatelink" onclick="toggle_private();"
>hide private</a>]</span></td>
</tr>
</table>
</td>
</tr>
</table>
<a name="__init__"></a>
<div>
<table class="details" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr><td>
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr valign="top"><td>
<h3 class="epydoc"><span class="sig"><span class="sig-name">__init__</span>(<span class="sig-arg">self</span>,
<span class="sig-arg">key</span>)</span>
<br /><em class="fname">(Constructor)</em>
</h3>
</td><td align="right" valign="top"
>
</td>
</tr></table>
Initialize this PKCS#1 v1.5 cipher object.
<dl class="fields">
<dt>Parameters:</dt>
<dd><ul class="nomargin-top">
<li><strong class="pname"><code>key</code></strong> (an RSA key object) - If a private half is given, both encryption and decryption are possible.
If a public half is given, only encryption is possible.</li>
</ul></dd>
</dl>
</td></tr></table>
</div>
<a name="encrypt"></a>
<div>
<table class="details" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr><td>
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr valign="top"><td>
<h3 class="epydoc"><span class="sig"><span class="sig-name">encrypt</span>(<span class="sig-arg">self</span>,
<span class="sig-arg">message</span>)</span>
</h3>
</td><td align="right" valign="top"
>
</td>
</tr></table>
<p>Produce the PKCS#1 v1.5 encryption of a message.</p>
<p>This function is named <tt class="rst-docutils literal"><span class="pre">RSAES-PKCS1-V1_5-ENCRYPT</span></tt>, and is specified in
section 7.2.1 of RFC3447.
For a complete example see <a href="Crypto.Cipher.PKCS1_v1_5-module.html" class="link">Crypto.Cipher.PKCS1_v1_5</a>.</p>
<dl class="fields">
<dt>Parameters:</dt>
<dd><ul class="nomargin-top">
<li><strong class="pname"><code>message</code></strong> (byte string) - The message to encrypt, also known as plaintext. It can be of
variable length, but not longer than the RSA modulus (in bytes) minus 11.</li>
</ul></dd>
<dt>Returns:</dt>
<dd>A byte string, the ciphertext in which the message is encrypted.
It is as long as the RSA modulus (in bytes).</dd>
<dt>Raises:</dt>
<dd><ul class="nomargin-top">
<li><code><strong class='fraise'>ValueError</strong></code> - If the RSA key length is not sufficiently long to deal with the given
message.</li>
</ul></dd>
</dl>
</td></tr></table>
</div>
<a name="decrypt"></a>
<div>
<table class="details" border="1" cellpadding="3"
cellspacing="0" width="100%" bgcolor="white">
<tr><td>
<table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr valign="top"><td>
<h3 class="epydoc"><span class="sig"><span class="sig-name">decrypt</span>(<span class="sig-arg">self</span>,
<span class="sig-arg">ct</span>,
<span class="sig-arg">sentinel</span>)</span>
</h3>
</td><td align="right" valign="top"
>
</td>
</tr></table>
<p>Decrypt a PKCS#1 v1.5 ciphertext.</p>
<p>This function is named <tt class="rst-docutils literal"><span class="pre">RSAES-PKCS1-V1_5-DECRYPT</span></tt>, and is specified in
section 7.2.2 of RFC3447.
For a complete example see <a href="Crypto.Cipher.PKCS1_v1_5-module.html" class="link">Crypto.Cipher.PKCS1_v1_5</a>.</p>
<dl class="fields">
<dt>Parameters:</dt>
<dd><ul class="nomargin-top">
<li><strong class="pname"><code>ct</code></strong> (byte string) - The ciphertext that contains the message to recover.</li>
<li><strong class="pname"><code>sentinel</code></strong> (any type) - The object to return to indicate that an error was detected during decryption.</li>
</ul></dd>
<dt>Returns:</dt>
<dd>A byte string. It is either the original message or the <tt class="rst-docutils literal">sentinel</tt> (in case of an error).</dd>
<dt>Raises:</dt>
<dd><ul class="nomargin-top">
<li><code><strong class='fraise'>ValueError</strong></code> - If the ciphertext length is incorrect</li>
<li><code><strong class='fraise'>TypeError</strong></code> - If the RSA key has no private half.</li>
</ul></dd>
</dl>
<div class="fields"> <p><strong>Attention:</strong>
<p>You should <strong>never</strong> let the party who submitted the ciphertext know that
this function returned the <tt class="rst-docutils literal">sentinel</tt> value.
Armed with such knowledge (for a fair amount of carefully crafted but invalid ciphertexts),
an attacker is able to recontruct the plaintext of any other encryption that were carried out
with the same RSA public key (see <a class="rst-reference external" href="http://www.bell-labs.com/user/bleichen/papers/pkcs.ps" target="_top">Bleichenbacher's</a> attack).</p>
<p>In general, it should not be possible for the other party to distinguish
whether processing at the server side failed because the value returned
was a <tt class="rst-docutils literal">sentinel</tt> as opposed to a random, invalid message.</p>
<p>In fact, the second option is not that unlikely: encryption done according to PKCS#1 v1.5
embeds no good integrity check. There is roughly one chance
in 2^16 for a random ciphertext to be returned as a valid message
(although random looking).</p>
<p>It is therefore advisabled to:</p>
<ol class="rst-arabic simple">
<li>Select as <tt class="rst-docutils literal">sentinel</tt> a value that resembles a plausable random, invalid message.</li>
<li>Not report back an error as soon as you detect a <tt class="rst-docutils literal">sentinel</tt> value.
Put differently, you should not explicitly check if the returned value is the <tt class="rst-docutils literal">sentinel</tt> or not.</li>
<li>Cover all possible errors with a single, generic error indicator.</li>
<li>Embed into the definition of <tt class="rst-docutils literal">message</tt> (at the protocol level) a digest (e.g. <tt class="rst-docutils literal"><span class="pre">SHA-1</span></tt>).
It is recommended for it to be the rightmost part <tt class="rst-docutils literal">message</tt>.</li>
<li>Where possible, monitor the number of errors due to ciphertexts originating from the same party,
and slow down the rate of the requests from such party (or even blacklist it altogether).</li>
</ol>
<p><strong>If you are designing a new protocol, consider using the more robust PKCS#1 OAEP.</strong></p>
</p>
</div></td></tr></table>
</div>
<br />
<!-- ==================== NAVIGATION BAR ==================== -->
<table class="navbar" border="0" width="100%" cellpadding="0"
bgcolor="#a0c0ff" cellspacing="0">
<tr valign="middle">
<!-- Home link -->
<th> <a
href="Crypto-module.html">Home</a> </th>
<!-- Tree link -->
<th> <a
href="module-tree.html">Trees</a> </th>
<!-- Index link -->
<th> <a
href="identifier-index.html">Indices</a> </th>
<!-- Help link -->
<th> <a
href="help.html">Help</a> </th>
<!-- Project homepage -->
<th class="navbar" align="right" width="100%">
<table border="0" cellpadding="0" cellspacing="0">
<tr><th class="navbar" align="center"
><a href="http://www.pycrypto.org/">PyCrypto.org</a></th>
</tr></table></th>
</tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="100%%">
<tr>
<td align="left" class="footer">
Generated by Epydoc 3.0.1 on Fri Jan 13 12:36:11 2012
</td>
<td align="right" class="footer">
<a target="mainFrame" href="http://epydoc.sourceforge.net"
>http://epydoc.sourceforge.net</a>
</td>
</tr>
</table>
<script type="text/javascript">
<!--
// Private objects are initially displayed (because if
// javascript is turned off then we want them to be
// visible); but by default, we want to hide them. So hide
// them unless we have a cookie that says to show them.
checkCookie();
// -->
</script>
</body>
</html>
|
