2.2. Digital Signatures

Digital signatures are implemented using the RSA cryptosystem. These types and functions are designed for signing purposes only (that is, not for encrypting data), as this signature cryptosystem is non-reversible. If you need to encrypt data, use Asymmetric Encryption.

2.2.1. Types

class SignatureVerifyKey: The RSA public key for signature verification.

class SignatureSignKey: The RSA private key for signature creation.

2.2.2. Functions

crypto.SignatureKeyGen() → Tuple[SignatureVerifyKey, SignatureSignKey]

Generates a public-key pair for asymmetric encryption purposes.

Returns:: A tuple corresponding to a SignatureVerifyKey and SignatureSignKey pair
Return type:: Tuple[SignatureVerifyKey, SignatureSignKey]

Example usage:

# Returns a tuple, so assign return values to two variables:
public_key, private_key = crypto.SignatureKeyGen()

crypto.SignatureSign(key: SignatureSignKey, message: bytes) → bytes

Returns a signature on message using the private key key.

message does not need to be hashed in advance of passing it to this function.

Parameters:

key (SignatureSignKey) – The private key
message (bytes) – The bytes to sign

Returns:

The resulting signature

Return type:

bytes

crypto.SignatureVerify(key: SignatureVerifyKey, message: bytes, signature: bytes) → bool

Uses the public key key to verify that signature is a valid signature for message.

Parameters:

key (SignatureVerifyKey) – The public key to sign with
message (bytes) – The message to verify
signature (bytes) – The signature to verify

Returns:

True if verification succeeds; otherwise, False

Return type:

bool

2.2.3. Class Methods

Note

You probably don’t have to worry about the methods below if you’re just thinking about the design, but you’ll probably need to use them once you start implementing your client application.

These class methods are for the purposes of serialization (see Serialization API). Also, see Key Serialization Example for example usage.

classmethod crypto.SignatureVerifyKey.from_bytes(b: bytes) → SignatureVerifyKey

Converts a serialized bytes representation of a SignatureVerifyKey to an actual Python instance of SignatureVerifyKey.

Returns:: The deserialized SignatureVerifyKey instance
Return type:: SignatureVerifyKey
Raises:: ValueError – if b was not a valid encoding of a SignatureVerifyKey instance

classmethod crypto.SignatureSignKey.from_bytes(b: bytes) → SignatureSignKey

Converts a serialized bytes representation of a SignatureSignKey to an actual Python instance of SignatureSignKey.

Returns:: The deserialized SignatureSignKey instance
Return type:: SignatureSignKey
Raises:: ValueError – if b was not a valid encoding of a SignatureSignKey instance