CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-rsa

Pure-Python RSA implementation for encryption, decryption, signing, and verification

Pending
Overview
Eval results
Files

cli-tools.mddocs/

CLI Tools

Command-line utilities for RSA key generation, encryption, decryption, signing, and signature verification. These tools provide direct access to RSA operations from the shell without requiring Python programming.

Available Commands

The RSA library provides six command-line tools installed as executable scripts:

  • pyrsa-keygen - Generate RSA key pairs
  • pyrsa-encrypt - Encrypt data with public key
  • pyrsa-decrypt - Decrypt data with private key
  • pyrsa-sign - Sign data with private key
  • pyrsa-verify - Verify signature with public key
  • pyrsa-priv2pub - Convert private key to public key

Capabilities

Key Generation

Generate RSA key pairs and save them to files in PEM or DER format.

Command: pyrsa-keygen

Usage:

pyrsa-keygen [options] keysize

# Generate 2048-bit key pair to stdout (private key)
pyrsa-keygen 2048

# Generate keys and save to files
pyrsa-keygen --out private.pem --pubout public.pem 2048

# Generate in DER format
pyrsa-keygen --form DER --out private.der --pubout public.der 2048

Options:

  • keysize - Key size in bits (e.g., 1024, 2048, 4096)
  • --out FILE - Output filename for private key (default: stdout)
  • --pubout FILE - Output filename for public key (optional)
  • --form FORMAT - Key format: PEM (default) or DER

Examples:

# Generate 2048-bit keys with PEM format
pyrsa-keygen --out my_private_key.pem --pubout my_public_key.pem 2048

# Generate 4096-bit key pair in DER format
pyrsa-keygen --form DER --out private.der --pubout public.der 4096

# Generate key to stdout and redirect
pyrsa-keygen 2048 > private_key.pem

Encryption

Encrypt data using an RSA public key, reading from stdin and writing to stdout.

Command: pyrsa-encrypt

Usage:

pyrsa-encrypt [options]

# Encrypt data from stdin
echo "secret message" | pyrsa-encrypt --key public.pem

# Encrypt a file
pyrsa-encrypt --key public.pem < message.txt > encrypted.bin

# Specify input/output files
pyrsa-encrypt --key public.pem --input message.txt --output encrypted.bin

Options:

  • --key FILE - Public key file (PEM or DER format)
  • --input FILE - Input file (default: stdin)
  • --output FILE - Output file (default: stdout)
  • --form FORMAT - Key format: PEM (default) or DER

Examples:

# Encrypt a message from command line
echo "Hello World" | pyrsa-encrypt --key public_key.pem > encrypted.bin

# Encrypt a file
pyrsa-encrypt --key public_key.pem --input document.txt --output document.encrypted

Decryption

Decrypt data using an RSA private key, reading encrypted data from stdin and writing decrypted data to stdout.

Command: pyrsa-decrypt

Usage:

pyrsa-decrypt [options]

# Decrypt data from stdin
pyrsa-decrypt --key private.pem < encrypted.bin

# Decrypt with file specification  
pyrsa-decrypt --key private.pem --input encrypted.bin --output decrypted.txt

Options:

  • --key FILE - Private key file (PEM or DER format)
  • --input FILE - Input file (default: stdin)
  • --output FILE - Output file (default: stdout)
  • --form FORMAT - Key format: PEM (default) or DER

Examples:

# Decrypt and display message
pyrsa-decrypt --key private_key.pem < encrypted.bin

# Decrypt file to file
pyrsa-decrypt --key private_key.pem --input encrypted.bin --output message.txt

Message Signing

Create digital signatures for data using an RSA private key with specified hash algorithms.

Command: pyrsa-sign

Usage:

pyrsa-sign [options]

# Sign data from stdin with SHA-256
echo "document content" | pyrsa-sign --key private.pem --hash SHA-256

# Sign a file
pyrsa-sign --key private.pem --hash SHA-256 --input document.txt --output signature.bin

Options:

  • --key FILE - Private key file (PEM or DER format)
  • --hash ALGORITHM - Hash algorithm: SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD5
  • --input FILE - Input file (default: stdin)
  • --output FILE - Output file (default: stdout)
  • --form FORMAT - Key format: PEM (default) or DER

Examples:

# Sign a document with SHA-256
pyrsa-sign --key private_key.pem --hash SHA-256 --input contract.txt --output contract.sig

# Sign message from stdin
echo "Important message" | pyrsa-sign --key private_key.pem --hash SHA-256 > message.sig

Signature Verification

Verify digital signatures to ensure data authenticity and integrity.

Command: pyrsa-verify

Usage:

pyrsa-verify [options]

# Verify signature (reads original data from stdin, signature from file)
pyrsa-verify --key public.pem --signature signature.bin < original_data.txt

# Verify with explicit files
pyrsa-verify --key public.pem --signature signature.bin --input original_data.txt

Options:

  • --key FILE - Public key file (PEM or DER format)
  • --signature FILE - Signature file to verify
  • --input FILE - Original data file (default: stdin)
  • --form FORMAT - Key format: PEM (default) or DER

Examples:

# Verify a document signature
pyrsa-verify --key public_key.pem --signature contract.sig --input contract.txt

# Verify with data from stdin
echo "Important message" | pyrsa-verify --key public_key.pem --signature message.sig

Private to Public Key Conversion

Extract the public key from a private key file.

Command: pyrsa-priv2pub

Usage:

pyrsa-priv2pub [options]

# Convert private key to public key
pyrsa-priv2pub --input private.pem --output public.pem

# Convert from stdin to stdout
pyrsa-priv2pub < private_key.pem > public_key.pem

Options:

  • --input FILE - Private key input file (default: stdin)
  • --output FILE - Public key output file (default: stdout)
  • --form FORMAT - Key format: PEM (default) or DER

Examples:

# Extract public key from private key
pyrsa-priv2pub --input my_private_key.pem --output my_public_key.pem

# Convert DER format keys
pyrsa-priv2pub --form DER --input private.der --output public.der

Common Workflows

Complete Key Generation and Usage Workflow

# 1. Generate key pair
pyrsa-keygen --out private_key.pem --pubout public_key.pem 2048

# 2. Encrypt a message
echo "Secret message" | pyrsa-encrypt --key public_key.pem > encrypted.bin

# 3. Decrypt the message
pyrsa-decrypt --key private_key.pem < encrypted.bin

# 4. Sign a document
pyrsa-sign --key private_key.pem --hash SHA-256 --input document.txt --output document.sig

# 5. Verify the signature
pyrsa-verify --key public_key.pem --signature document.sig --input document.txt

File Encryption/Decryption

# Encrypt a file
pyrsa-encrypt --key recipient_public.pem --input secret_file.txt --output secret_file.encrypted

# Send encrypted file to recipient...

# Recipient decrypts the file
pyrsa-decrypt --key recipient_private.pem --input secret_file.encrypted --output decrypted_file.txt

Document Signing and Verification

# Sign an important document
pyrsa-sign --key signer_private.pem --hash SHA-256 --input contract.pdf --output contract.sig

# Verify the signature
pyrsa-verify --key signer_public.pem --signature contract.sig --input contract.pdf

CLI Implementation Details

The CLI tools are implemented as Python functions that handle:

  • Argument parsing with optparse module
  • File I/O operations for reading keys and data
  • Error handling with informative error messages
  • Format detection for PEM/DER key formats
  • Stream processing for stdin/stdout operations

CLI Functions

The CLI tools are implemented as Python functions that are registered as console script entry points:

def keygen() -> None:
    """CLI key generation function (entry point for pyrsa-keygen)."""

def encrypt() -> None:
    """CLI encryption function (entry point for pyrsa-encrypt)."""

def decrypt() -> None:
    """CLI decryption function (entry point for pyrsa-decrypt)."""

def sign() -> None:
    """CLI signing function (entry point for pyrsa-sign)."""

def verify() -> None:
    """CLI verification function (entry point for pyrsa-verify)."""

def private_to_public() -> None:
    """CLI private to public key conversion (entry point for pyrsa-priv2pub)."""

Error Handling

CLI tools provide clear error messages for common issues:

  • Invalid key files - Format errors, file not found, permissions
  • Wrong key types - Using private key where public key expected, etc.
  • Encryption/decryption failures - Wrong keys, corrupted data
  • Signature verification failures - Invalid signatures, key mismatches
  • File I/O errors - Missing files, permission denied, disk full

Security Considerations

Key File Security

  • Store private keys with restricted file permissions (chmod 600)
  • Never transmit private keys over insecure channels
  • Use secure key generation environments

Data Processing

  • CLI tools process data through stdin/stdout for security (no temporary files)
  • Large files are processed in memory (consider available RAM)
  • Original data is not modified during signing/verification

Hash Algorithm Selection

  • Use SHA-256 or stronger for new signatures
  • Avoid MD5 and SHA-1 for new applications
  • Consider algorithm compatibility with verification systems

Install with Tessl CLI

npx tessl i tessl/pypi-rsa

docs

cli-tools.md

crypto-operations.md

index.md

key-management.md

tile.json