doc/compatibility.rst - platform/external/python/rsa - Git at Google

 Compatibility with standards
 ============================

 .. index:: OpenSSL
 .. index:: compatibility

 Python-RSA implements encryption and signatures according to PKCS#1
 version 1.5. This makes it compatible with the OpenSSL RSA module.

 Keys are stored in PEM or DER format according to PKCS#1 v1.5. Private
 keys are compatible with OpenSSL. However, OpenSSL uses X.509 for its
 public keys, which are not supported.

 Encryption:
     PKCS#1 v1.5 with at least 8 bytes of random padding

 Signatures:
     PKCS#1 v1.5 using the following hash methods:
     MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512

 Private keys:
     PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPrivateKey

 Public keys:
     PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPublicKey

 :ref:`VARBLOCK <bigfiles>` encryption:
     Deprecated in Python-RSA 3.4 and removed from Python-RSA 4.0.
     Was Python-RSA only, not compatible with any other known application.

 .. _openssl:

 Interoperability with OpenSSL
 -----------------------------

 You can create a 512-bit RSA key in OpenSSL as follows::

     openssl genrsa -out myprivatekey.pem 512

 To get a Python-RSA-compatible public key from OpenSSL, you need the
 private key first, then run it through the ``pyrsa-priv2pub``
 command::

     pyrsa-priv2pub -i myprivatekey.pem -o mypublickey.pem

 Encryption and decryption is also compatible::

     $ echo hello there > testfile.txt
     $ pyrsa-encrypt -i testfile.txt -o testfile.rsa publickey.pem
     $ openssl rsautl -in testfile.rsa -inkey privatekey.pem -decrypt
     hello there

 Interoperability with PKCS#8
 ----------------------------

 The standard PKCS#8 is widely used, and more complex than the PKCS#1
 v1.5 supported by Python-RSA. In order to extract a key from the
 PKCS#8 format you need an external tool such as OpenSSL::

     openssl rsa -in privatekey-pkcs8.pem -out privatekey.pem

 You can then extract the corresponding public key as described above.
	Compatibility with standards
	============================

	.. index:: OpenSSL
	.. index:: compatibility

	Python-RSA implements encryption and signatures according to PKCS#1
	version 1.5. This makes it compatible with the OpenSSL RSA module.

	Keys are stored in PEM or DER format according to PKCS#1 v1.5. Private
	keys are compatible with OpenSSL. However, OpenSSL uses X.509 for its
	public keys, which are not supported.

	Encryption:
	PKCS#1 v1.5 with at least 8 bytes of random padding

	Signatures:
	PKCS#1 v1.5 using the following hash methods:
	MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512

	Private keys:
	PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPrivateKey

	Public keys:
	PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPublicKey

	:ref:`VARBLOCK <bigfiles>` encryption:
	Deprecated in Python-RSA 3.4 and removed from Python-RSA 4.0.
	Was Python-RSA only, not compatible with any other known application.

	.. _openssl:

	Interoperability with OpenSSL
	-----------------------------

	You can create a 512-bit RSA key in OpenSSL as follows::

	openssl genrsa -out myprivatekey.pem 512

	To get a Python-RSA-compatible public key from OpenSSL, you need the
	private key first, then run it through the ``pyrsa-priv2pub``
	command::

	pyrsa-priv2pub -i myprivatekey.pem -o mypublickey.pem

	Encryption and decryption is also compatible::

	$ echo hello there > testfile.txt
	$ pyrsa-encrypt -i testfile.txt -o testfile.rsa publickey.pem
	$ openssl rsautl -in testfile.rsa -inkey privatekey.pem -decrypt
	hello there

	Interoperability with PKCS#8
	----------------------------

	The standard PKCS#8 is widely used, and more complex than the PKCS#1
	v1.5 supported by Python-RSA. In order to extract a key from the
	PKCS#8 format you need an external tool such as OpenSSL::

	openssl rsa -in privatekey-pkcs8.pem -out privatekey.pem

	You can then extract the corresponding public key as described above.