Danger
Nothing here should be used for any security purposes.
Primitive RSA#
This page describes some of things that are part of
the toy_crypto.rsa module.
They are imported with:
from toy_crypto import rsa
Primitive RSA, as illustrated here, operates on integers and is deterministic.
The former makes it impractical for direct use and the latter means that
it immediately fails to meet IND-CPA security.
See OAEP for discussion of and illustration of how those are properly addressed.
The original example#
Let’s see a simple example, from the original publication describing the RSA algorithm [Gardner, 1977]. This will require the text decoding scheme used then which is in
toy_crypto.utils.Rsa129.decode().
import toy_crypto.rsa as rsa
from toy_crypto.utils import Rsa129
# From the challenge itself
modulus=114381625757888867669235779976146612010218296721242362562561842935706935245733897830597123563958705058989075147599290026879543541
pub_exponent=9007
ctext=96869613754622061477140922254355882905759991124574319874695120930816298225145708356931476622883989628013391990551829945157815154
# We have since learned p and q
p=3490529510847650949147849619903898133417764638493387843990820577
q=32769132993266709549961988190834461413177642967992942539798288533
priv_key = rsa.PrivateKey(p, q, pub_exponent = pub_exponent)
pub_key = priv_key.pub_key
assert pub_key.N == modulus
decrypted = priv_key.decrypt(ctext) # This is a large int
# Now the Rsa129 text decoder
ptext = Rsa129.decode(decrypted)
print(ptext)
THE MAGIC WORDS ARE SQUEAMISH OSSIFRAGE
Primitive API#
- class toy_crypto.rsa.PublicKey(modulus: int, public_exponent: int) None[source]#
Public key from public values.
- encrypt(message: int) int[source]#
Primitive encryption with neither padding nor nonce.
- Raises:
ValueError – if message < 0
ValueError – if message isn’t less than the public modulus
- Parameters:
message (
int)- Return type:
- oaep_encrypt(message: bytes, label: bytes = b'', hash_id: str = 'sha256', mgf_id: str = 'mgf1SHA256', _seed: bytes | None = None) bytes[source]#
RSA OAEP encryption.
- Parameters:
message (
bytes) – The message to encrypt.label (
bytes, default:b'') – Rarely used. Just leave as default.hash_id (
str, default:'sha256') – Name of the hash function.mgf_id (
str, default:'mgf1SHA256') – Name of the MGF function (with hash)._seed (
bytes|None, default:None) – Used for testing only. OAEP is not supposed to be deterministic.
- Raises:
ValueError – if hash or MGF is not recognized.
ValueError – if lengths of inputs exceed what modulus and hash sizes can accommodate.
- Return type:
- class toy_crypto.rsa.PrivateKey(p: int, q: int, pub_exponent: int = 65537) None[source]#
RSA private key from primes p and q.
This does not perform any sanity checks on p and q. It is your responsibility to ensure that they are suitable primes. Consider using
fips186_prime_gen()to generate primes.- Raises:
ValueError – if \(\gcd(e, \mathop{\mathrm{lcm}}(p - 1, q - 1)) \neq 1\).
- Parameters:
- decrypt(ciphertext: int) int[source]#
Primitive decryption.
- Parameters:
- Raises:
ValueError – if
ciphertextis out of range for this key.- Return type:
- oaep_decrypt(ciphertext: bytes, label: bytes = b'', hash_id: str = 'sha256', mgf_id: str = 'mgf1SHA256') bytes[source]#
RSA OAEP decryption.
- Parameters:
- Raises:
ValueError – if hash or MGF is not recognized.
DecryptionError – on various decryption errors. If unsafe error reporting is enabled, details of decryption errors will be provided.
- Return type: