Danger

This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.

Asymmetric Utilities

cryptography.hazmat.primitives.asymmetric.utils.decode_dss_signature(signature)

Takes in signatures generated by the DSA/ECDSA signers and returns a tuple (r, s). These signatures are ASN.1 encoded Dss-Sig-Value sequences (as defined in RFC 3279)

Parameters:signature (bytes) – The signature to decode.
Returns:The decoded tuple (r, s).
Raises:ValueError – Raised if the signature is malformed.
cryptography.hazmat.primitives.asymmetric.utils.encode_dss_signature(r, s)

Creates an ASN.1 encoded Dss-Sig-Value (as defined in RFC 3279) from raw r and s values.

Parameters:
  • r (int) – The raw signature value r.
  • s (int) – The raw signature value s.
Return bytes:

The encoded signature.

class cryptography.hazmat.primitives.asymmetric.utils.Prehashed(algorithm)

New in version 1.6.

Prehashed can be passed as the algorithm in the RSA sign() and verify() as well as DSA sign() and verify() methods.

For elliptic curves it can be passed as the algorithm in ECDSA and then used with sign() and verify() .

Parameters:algorithm – An instance of HashAlgorithm.
>>> import hashlib
>>> from cryptography.hazmat.backends import default_backend
>>> from cryptography.hazmat.primitives import hashes
>>> from cryptography.hazmat.primitives.asymmetric import (
...    padding, rsa, utils
... )
>>> private_key = rsa.generate_private_key(
...     public_exponent=65537,
...     key_size=2048,
...     backend=default_backend()
... )
>>> prehashed_msg = hashlib.sha256(b"A message I want to sign").digest()
>>> signature = private_key.sign(
...     prehashed_msg,
...     padding.PSS(
...         mgf=padding.MGF1(hashes.SHA256()),
...         salt_length=padding.PSS.MAX_LENGTH
...     ),
...     utils.Prehashed(hashes.SHA256())
... )
>>> public_key = private_key.public_key()
>>> public_key.verify(
...     signature,
...     prehashed_msg,
...     padding.PSS(
...         mgf=padding.MGF1(hashes.SHA256()),
...         salt_length=padding.PSS.MAX_LENGTH
...     ),
...     utils.Prehashed(hashes.SHA256())
... )