Key generation

This module is dedicated to key generation, especially asymmetric public/private key pairs.

Note that keys are separated by use, thus keys of type RSA_OAEP (encryption) and RSA_PSS (signature) are different even for the same keychain uid.

Public API

wacryptolib.keygen.SUPPORTED_ASYMMETRIC_KEY_ALGOS = ['DSA_DSS', 'ECC_DSS', 'RSA_OAEP', 'RSA_PSS']

These values can be used as 'key_algo' for asymmetric key generation.

wacryptolib.keygen.generate_keypair(*, key_algo, serialize=True, key_length_bits=2048, curve='p521', passphrase=None)

Generate a (public_key, private_key) pair.

Parameters:
  • key_algo (str) -- name of the key type

  • serialize -- indicates if key must be serialized as PEM string (else it remains a python object)

  • passphrase (Optional[AnyStr]) -- bytestring used for private key export (requires serialize=True)

Other arguments are used or not depending on the chosen key_algo.

Return type:

dict

Returns:

dictionary with "private_key" and "public_key" fields as objects or PEM-format strings

wacryptolib.keygen.load_asymmetric_key_from_pem_bytestring(key_pem, *, key_algo, passphrase=None)

Load a key (public or private) from a PEM-formatted bytestring.

Parameters:
  • key_pem (bytes) -- the key bytrestring

  • key_algo (str) -- name of the key format

Returns:

key object

wacryptolib.keygen.SUPPORTED_SYMMETRIC_KEY_ALGOS = ['AES_CBC', 'AES_EAX', 'CHACHA20_POLY1305']

These values can be used as 'key_algo' for symmetric key generation.

wacryptolib.keygen.generate_symkey(cipher_algo)

Generate the strongest dict of keys/initializers possible for the wanted symmetric cipher, as a dict.

Return type:

dict

Private API

The functions below are only documented for the details they give on specific arguments.

RSA

wacryptolib.keygen._generate_rsa_keypair_as_objects(key_length_bits)

Generate a RSA (public_key, private_key) pair.

Parameters:

key_length_bits (int) -- length of the key in bits, must be superior to 2048.

Return type:

dict

Returns:

dictionary with "private_key" and "public_key" fields as objects.

DSA

wacryptolib.keygen._generate_dsa_keypair_as_objects(key_length_bits)

Generate a DSA (public_key, private_key) pair.

DSA keypair is not used for encryption/decryption, only for signing.

Parameters:

key_length_bits (int) -- length of the key in bits, must be superior to 2048.

Return type:

dict

Returns:

dictionary with "private_key" and "public_key" fields as objects.

ECC

wacryptolib.keygen._generate_ecc_keypair_as_objects(curve)

Generate an ECC (public_key, private_key) pair.

ECC keypair is not used for encryption/decryption, only for signing.

Parameters:

curve (str) -- curve chosen among p256, p384, p521 and maybe others.

Return type:

dict

Returns:

dictionary with "private_key" and "public_key" fields as objects.