Key generation
This module is dedicated to key generation, especially asymmetric public/private key pairs.
Note that keys are separated by use, thus keys of type RSA_OAEP (encryption) and RSA_PSS (signature) are different even for the same keychain uid.
Public API
- wacryptolib.keygen.SUPPORTED_ASYMMETRIC_KEY_ALGOS = ['DSA_DSS', 'ECC_DSS', 'RSA_OAEP', 'RSA_PSS']
These values can be used as 'key_algo' for asymmetric key generation.
- wacryptolib.keygen.generate_keypair(*, key_algo, serialize=True, key_length_bits=2048, curve='p521', passphrase=None)
Generate a (public_key, private_key) pair.
- Parameters:
key_algo (
str
) -- name of the key typeserialize -- indicates if key must be serialized as PEM string (else it remains a python object)
passphrase (
Optional
[AnyStr
]) -- bytestring used for private key export (requires serialize=True)
Other arguments are used or not depending on the chosen key_algo.
- Return type:
dict
- Returns:
dictionary with "private_key" and "public_key" fields as objects or PEM-format strings
- wacryptolib.keygen.load_asymmetric_key_from_pem_bytestring(key_pem, *, key_algo, passphrase=None)
Load a key (public or private) from a PEM-formatted bytestring.
- Parameters:
key_pem (
bytes
) -- the key bytrestringkey_algo (
str
) -- name of the key format
- Returns:
key object
- wacryptolib.keygen.SUPPORTED_SYMMETRIC_KEY_ALGOS = ['AES_CBC', 'AES_EAX', 'CHACHA20_POLY1305']
These values can be used as 'key_algo' for symmetric key generation.
- wacryptolib.keygen.generate_symkey(cipher_algo)
Generate the strongest dict of keys/initializers possible for the wanted symmetric cipher, as a dict.
- Return type:
dict
Private API
The functions below are only documented for the details they give on specific arguments.
RSA
- wacryptolib.keygen._generate_rsa_keypair_as_objects(key_length_bits)
Generate a RSA (public_key, private_key) pair.
- Parameters:
key_length_bits (
int
) -- length of the key in bits, must be superior to 2048.- Return type:
dict
- Returns:
dictionary with "private_key" and "public_key" fields as objects.
DSA
- wacryptolib.keygen._generate_dsa_keypair_as_objects(key_length_bits)
Generate a DSA (public_key, private_key) pair.
DSA keypair is not used for encryption/decryption, only for signing.
- Parameters:
key_length_bits (
int
) -- length of the key in bits, must be superior to 2048.- Return type:
dict
- Returns:
dictionary with "private_key" and "public_key" fields as objects.
ECC
- wacryptolib.keygen._generate_ecc_keypair_as_objects(curve)
Generate an ECC (public_key, private_key) pair.
ECC keypair is not used for encryption/decryption, only for signing.
- Parameters:
curve (
str
) -- curve chosen among p256, p384, p521 and maybe others.- Return type:
dict
- Returns:
dictionary with "private_key" and "public_key" fields as objects.