Package Crypto :: Package Cipher :: Module PKCS1_OAEP
[frames] | no frames]

Module PKCS1_OAEP

RSA encryption protocol according to PKCS#1 OAEP

See RFC3447 or the original RSA Labs specification .

This scheme is more properly called RSAES-OAEP.

As an example, a sender may encrypt a message in this way:

>>> from Crypto.Cipher import PKCS1_OAEP
>>> from Crypto.PublicKey import RSA
>>>
>>> message = 'To be encrypted'
>>> key = RSA.importKey(open('pubkey.der').read())
>>> cipher = PKCS1_OAEP.new(key)
>>> ciphertext = cipher.encrypt(message)

At the receiver side, decryption can be done using the private part of the RSA key:

>>> key = RSA.importKey(open('privkey.der').read())
>>> cipher = PKCS1_OAP.new(key)
>>> message = cipher.decrypt(ciphertext)
Classes
  PKCS1OAEP_Cipher
This cipher can perform PKCS#1 v1.5 OAEP encryption or decryption.
Functions
 
new(key, hashAlgo=None, mgfunc=None, label='')
Return a cipher object PKCS1OAEP_Cipher that can be used to perform PKCS#1 OAEP encryption or decryption.
Function Details

new(key, hashAlgo=None, mgfunc=None, label='')

 
Return a cipher object PKCS1OAEP_Cipher that can be used to perform PKCS#1 OAEP encryption or decryption.
Parameters:
  • key (RSA key object) - The key to use to encrypt or decrypt the message. This is a Crypto.PublicKey.RSA object. Decryption is only possible if key is a private RSA key.
  • hashAlgo (hash object) - The hash function to use. This can be a module under Crypto.Hash or an existing hash object created from any of such modules. If not specified, Crypto.Hash.SHA (that is, SHA-1) is used.
  • mgfunc (callable) - A mask generation function that accepts two parameters: a string to use as seed, and the lenth of the mask to generate, in bytes. If not specified, the standard MGF1 is used (a safe choice).
  • label (string) - A label to apply to this particular encryption. If not specified, an empty string is used. Specifying a label does not improve security.

Attention: Modify the mask generation function only if you know what you are doing. Sender and receiver must use the same one.