7. Compatibility with standards¶
Python-RSA implements encryption and signatures according to PKCS#1 version 1.5. This makes it compatible with the OpenSSL RSA module.
Keys are stored in PEM or DER format according to PKCS#1 v1.5. Private keys are compatible with OpenSSL. However, OpenSSL uses X.509 for its public keys, which are not supported.
- Encryption:
PKCS#1 v1.5 with at least 8 bytes of random padding
- Signatures:
PKCS#1 v1.5 using the following hash methods: MD5, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-256, SHA3-384, SHA3-512
- Private keys:
PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPrivateKey
- Public keys:
PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPublicKey
- VARBLOCK encryption:
Deprecated in Python-RSA 3.4 and removed from Python-RSA 4.0. Was Python-RSA only, not compatible with any other known application.
7.1. Interoperability with OpenSSL¶
You can create a 512-bit RSA key in OpenSSL as follows:
openssl genrsa -out myprivatekey.pem 512
To get a Python-RSA-compatible public key from OpenSSL, you need the
private key first, then run it through the pyrsa-priv2pub
command:
pyrsa-priv2pub -i myprivatekey.pem -o mypublickey.pem
Encryption and decryption is also compatible:
$ echo hello there > testfile.txt
$ pyrsa-encrypt -i testfile.txt -o testfile.rsa publickey.pem
$ openssl rsautl -in testfile.rsa -inkey privatekey.pem -decrypt
hello there
7.2. Interoperability with PKCS#8¶
The standard PKCS#8 is widely used, and more complex than the PKCS#1 v1.5 supported by Python-RSA. In order to extract a key from the PKCS#8 format you need an external tool such as OpenSSL:
openssl rsa -in privatekey-pkcs8.pem -out privatekey.pem
You can then extract the corresponding public key as described above.