2.1. Asymmetric Encryption

Asymmetric encryption is implemented using the RSA cryptosystem. These types and functions are designed for encryption purposes only (that is, not digital signatures); if you need to digitally sign data, use Digital Signatures.

Warning

The maximum amount of data that can be encrypted in a single crypto.AsymmetricEncrypt operation is small (around 130 bytes).

2.1.1. Types

class AsymmetricEncryptKey: The RSA public key for public-key encryption with RSA.

class AsymmetricDecryptKey: The RSA private key, used for RSA decryption.

2.1.2. Functions

crypto.AsymmetricKeyGen() → Tuple[AsymmetricEncryptKey, AsymmetricDecryptKey]

Generates a public-key pair for asymmetric encryption purposes.

Returns:: A tuple corresponding to a AsymmetricEncryptKey and AsymmetricDecryptKey pair
Return type:: Tuple[AsymmetricEncryptKey, AsymmetricDecryptKey]

Example usage:

# Returns a tuple, so assign return values to two variables:
public_key, private_key = crypto.AsymmetricKeyGen()

crypto.AsymmetricEncrypt(key: AsymmetricEncryptKey, plaintext: bytes) → bytes

Uses the public key key to encrypt plaintext. This function, on its own, is \(\textsf{IND-CPA}\) secure.

Parameters:

key (AsymmetricEncryptKey) – The public key
plaintext (bytes) – The plaintext to encrypt

Returns:

The encrypted ciphertext

Return type:

bytes

Raises:

ValueError – if message was too long

crypto.AsymmetricDecrypt(key: AsymmetricDecryptKey, ciphertext: bytes) → bytes

Uses the private key key to decrypt ciphertext.

Parameters:

key (AsymmetricDecryptKey) – The private key
ciphertext (bytes) – The ciphertext to decrypt

Returns:

The decrypted plaintext

Return type:

bytes

2.1.3. Class Methods

Note

You probably don’t have to worry about the methods below if you’re just thinking about the design, but you’ll probably need to use them once you start implementing your client application.

These class methods are for the purposes of serialization (see Serialization API). Also, see Key Serialization Example for example usage.

classmethod crypto.AsymmetricEncryptKey.from_bytes(b: bytes) → AsymmetricEncryptKey

Converts a serialized bytes representation of a AsymmetricEncryptKey to an actual Python instance of AsymmetricEncryptKey.

Returns:: The deserialized AsymmetricEncryptKey instance
Return type:: AsymmetricEncryptKey
Raises:: ValueError – if b was not a valid encoding of a AsymmetricEncryptKey instance

classmethod crypto.AsymmetricDecryptKey.from_bytes(b: bytes) → AsymmetricDecryptKey

Converts a serialized bytes representation of a AsymmetricDecryptKey to an actual Python instance of AsymmetricDecryptKey.

Returns:: The deserialized AsymmetricDecryptKey instance
Return type:: AsymmetricDecryptKey
Raises:: ValueError – if b was not a valid encoding of a AsymmetricDecryptKey instance