tessl/pypi-pycryptodome
PyCryptodome is a self-contained Python package of low-level cryptographic primitives
—
Pending
digital-signatures.mddocs/
Digital Signatures
Comprehensive digital signature schemes providing authentication, integrity, and non-repudiation. Supports RSA-based signatures (PKCS#1 v1.5, PSS), DSA variants, and modern EdDSA with deterministic and probabilistic options.
Capabilities
RSA Signatures - PKCS#1 v1.5
Traditional RSA signature scheme with PKCS#1 v1.5 padding, widely supported but less secure than PSS for new applications.
# Legacy interface
def PKCS1_v1_5.new(rsa_key):
"""
Create PKCS#1 v1.5 signature scheme.
Parameters:
- rsa_key: RSA key object (private for signing, public for verification)
Returns:
Signature scheme object with can_sign/sign/verify methods
"""
# Modern interface
def pkcs1_15.new(rsa_key):
"""
Create PKCS#1 v1.5 signature scheme with modern interface.
Parameters:
- rsa_key: RSA key object
Returns:
PKCS115_SigScheme object
"""
class PKCS115_SigScheme:
"""PKCS#1 v1.5 signature scheme."""
def can_sign(self) -> bool:
"""Check if private key is available for signing."""
def sign(self, msg_hash) -> bytes:
"""
Sign a message hash.
Parameters:
- msg_hash: Hash object with digest() method
Returns:
Signature bytes
"""
def verify(self, msg_hash, signature: bytes) -> None:
"""
Verify a signature.
Parameters:
- msg_hash: Hash object with digest() method
- signature (bytes): Signature to verify
Raises:
ValueError if signature is invalid
"""RSA Signatures - PSS
Probabilistic Signature Scheme providing provable security properties, recommended for new RSA signature applications.
# Legacy interface
def PKCS1_PSS.new(rsa_key, mgfunc=None, saltLen=None, randfunc=None):
"""
Create RSA-PSS signature scheme.
Parameters:
- rsa_key: RSA key object
- mgfunc: Mask generation function (default: MGF1 with same hash as message)
- saltLen (int): Salt length in bytes (default: hash length)
- randfunc (callable): Random function for salt generation
Returns:
PSS signature scheme object
"""
# Modern interface
def pss.new(rsa_key, **kwargs):
"""
Create RSA-PSS signature scheme with modern interface.
Parameters:
- rsa_key: RSA key object
- mgfunc: Mask generation function
- salt_bytes (int): Salt length in bytes
- rand_func (callable): Random function
Returns:
PSS_SigScheme object
"""
class PSS_SigScheme:
"""RSA-PSS signature scheme."""
def can_sign(self) -> bool:
"""Check if private key is available for signing."""
def sign(self, msg_hash) -> bytes:
"""Sign message hash with PSS padding."""
def verify(self, msg_hash, signature: bytes) -> None:
"""Verify PSS signature (raises ValueError if invalid)."""DSA Signatures
Digital Signature Standard providing FIPS-approved signatures with support for deterministic and probabilistic variants.
def new(key, mode, encoding='binary', randfunc=None):
"""
Create DSA signature scheme.
Parameters:
- key: DSA or ECC key object
- mode (str): 'fips-186-3' (probabilistic) or 'deterministic-rfc6979' (deterministic)
- encoding (str): 'binary' for bytes, 'der' for ASN.1 DER encoding
- randfunc (callable): Random function for probabilistic mode
Returns:
DSA signature scheme object
"""
class DssSigScheme:
"""Base DSA signature scheme."""
def can_sign(self) -> bool:
"""Check if private key is available."""
def sign(self, msg_hash) -> bytes:
"""
Sign message hash.
Parameters:
- msg_hash: Hash object with digest() method
Returns:
Signature in specified encoding format
"""
def verify(self, msg_hash, signature: bytes) -> None:
"""
Verify signature.
Parameters:
- msg_hash: Hash object
- signature (bytes): Signature to verify
Raises:
ValueError if signature is invalid
"""
class DeterministicDsaSigScheme(DssSigScheme):
"""Deterministic DSA following RFC 6979."""
class FipsDsaSigScheme(DssSigScheme):
"""FIPS 186-3 compliant probabilistic DSA."""EdDSA (Edwards-curve Digital Signature Algorithm)
Modern signature algorithm using Edwards curves (Ed25519, Ed448) providing high security and performance with deterministic signatures.
def new(priv_key, context):
"""
Create EdDSA signature scheme.
Parameters:
- priv_key: Ed25519 or Ed448 private key
- context (bytes): Context string (Ed448 only, must be empty for Ed25519)
Returns:
EdDSA signature scheme object
"""
def import_public_key(encoded):
"""
Import Ed25519/Ed448 public key.
Parameters:
- encoded (bytes): Key in binary, PEM, or OpenSSH format
Returns:
ECC key object for EdDSA curves
"""
def import_private_key(encoded, passphrase=None):
"""
Import Ed25519/Ed448 private key.
Parameters:
- encoded (bytes): Key in binary, PEM, or PKCS#8 format
- passphrase (bytes): Password for encrypted keys
Returns:
ECC key object for EdDSA curves
"""
class EdDSASigScheme:
"""EdDSA signature scheme for Ed25519/Ed448."""
def can_sign(self) -> bool:
"""Check if private key is available."""
def sign(self, msg_or_hash) -> bytes:
"""
Sign message or hash.
Parameters:
- msg_or_hash: Raw message bytes or hash object
Returns:
EdDSA signature bytes (64 bytes for Ed25519, 114 bytes for Ed448)
"""
def verify(self, msg_or_hash, signature: bytes) -> None:
"""
Verify EdDSA signature.
Parameters:
- msg_or_hash: Raw message bytes or hash object
- signature (bytes): Signature to verify
Raises:
ValueError if signature is invalid
"""Usage Examples
RSA-PSS Signatures (Recommended)
from Crypto.PublicKey import RSA
from Crypto.Signature import pss
from Crypto.Hash import SHA256
# Generate RSA key
key = RSA.generate(2048)
# Create message hash
message = b"Message to be signed"
hash_obj = SHA256.new(message)
# Create PSS signature scheme
signature_scheme = pss.new(key)
# Sign the hash
signature = signature_scheme.sign(hash_obj)
# Verify with public key
public_key = key.publickey()
verifier = pss.new(public_key)
try:
verifier.verify(hash_obj, signature)
print("Signature is valid")
except ValueError:
print("Signature is invalid")DSA Deterministic Signatures
from Crypto.PublicKey import DSA
from Crypto.Signature import DSS
from Crypto.Hash import SHA256
# Generate DSA key
key = DSA.generate(2048)
# Create deterministic signature scheme
signer = DSS.new(key, 'deterministic-rfc6979', 'der')
# Sign message hash
message = b"Message for DSA signature"
hash_obj = SHA256.new(message)
signature = signer.sign(hash_obj)
# Verify signature
verifier = DSS.new(key.publickey(), 'deterministic-rfc6979', 'der')
try:
verifier.verify(hash_obj, signature)
print("DSA signature verified")
except ValueError:
print("DSA signature invalid")EdDSA with Ed25519
from Crypto.PublicKey import ECC
from Crypto.Signature import eddsa
# Generate Ed25519 key pair
key = ECC.generate(curve='Ed25519')
# Create EdDSA signature scheme
signer = eddsa.new(key, b'') # Empty context for Ed25519
# Sign raw message (EdDSA handles hashing internally)
message = b"Message for Ed25519 signature"
signature = signer.sign(message)
# Verify with public key
public_key = key.public_key()
verifier = eddsa.new(public_key, b'')
try:
verifier.verify(message, signature)
print("Ed25519 signature verified")
except ValueError:
print("Ed25519 signature invalid")ECC with DSS (ECDSA)
from Crypto.PublicKey import ECC
from Crypto.Signature import DSS
from Crypto.Hash import SHA256
# Generate P-256 ECC key
key = ECC.generate(curve='P-256')
# Create ECDSA signature scheme
signer = DSS.new(key, 'fips-186-3')
# Sign hash
message = b"Message for ECDSA"
hash_obj = SHA256.new(message)
signature = signer.sign(hash_obj)
# Verify signature
verifier = DSS.new(key.publickey(), 'fips-186-3')
verifier.verify(hash_obj, signature)Signature Scheme Comparison
RSA PKCS#1 v1.5
- Security: Adequate for most applications, but PSS preferred for new designs
- Deterministic: Yes (same message+key = same signature)
- Hash Independence: Requires specific hash algorithm encoding
- Standards: Widely supported, PKCS#1, RFC 3447
RSA-PSS
- Security: Provably secure with tight security reduction
- Deterministic: No (randomized salt provides probabilistic signatures)
- Hash Independence: More flexible hash algorithm support
- Standards: PKCS#1, RFC 3447, preferred for new applications
DSS/ECDSA
- Security: Based on discrete logarithm problem hardness
- Deterministic: Optional (RFC 6979 deterministic variant available)
- Hash Independence: Works with any hash algorithm
- Standards: FIPS 186-4, RFC 6979
EdDSA
- Security: Based on elliptic curve discrete logarithm problem
- Deterministic: Yes (deterministic by design)
- Hash Independence: Built-in hash function (SHA-512 for Ed25519)
- Standards: RFC 8032, modern and efficient
Common Signature Interface
class SignatureSchemeInterface:
"""Common interface for all signature schemes."""
def can_sign(self) -> bool:
"""Check if private key is available for signing."""
def sign(self, msg_hash) -> bytes:
"""Sign message hash and return signature."""
def verify(self, msg_hash, signature: bytes) -> None:
"""Verify signature, raise ValueError if invalid."""Error Handling
ValueError: Invalid signature, key mismatch, or parameter errorsTypeError: Incorrect parameter types (hash object vs bytes)AttributeError: Missing required methods on hash objects- Algorithm-specific exceptions for unsupported operations or parameters
Security Best Practices
- Use PSS for new RSA applications instead of PKCS#1 v1.5
- Prefer EdDSA (Ed25519) for new applications requiring high performance
- Use deterministic signatures when signature reproducibility is needed
- Hash messages before signing (except EdDSA which handles this internally)
- Verify signatures in constant time to prevent timing attacks
- Use appropriate key sizes (2048+ bit RSA, P-256+ ECC curves)
Install with Tessl CLI
npx tessl i tessl/pypi-pycryptodome