Crypto.Signature package

The Crypto.Signature package contains algorithms for performing digital signatures, used to guarantee integrity and non-repudiation.

Digital signatures are based on public key cryptography: the party that signs a message holds the private key, the one that verifies the signature holds the public key.

Signing a message

1. Instantiate a new signer object for the desired algorithm, for instance with Crypto.Signature.pkcs1_15.new(). The first parameter is the key object (private key) obtained via the Crypto.PublicKey module.

2. Instantiate a cryptographic hash object, for instance with Crypto.Hash.SHA384.new(). Then, process the message with its update() method.

3. Invoke the sign() method on the signer with the hash object as parameter. The output is the signature of the message (a byte string).

Verifying a signature

1. Instantiate a new verifier object for the desired algorithm, for instance with Crypto.Signature.pkcs1_15.new(). The first parameter is the key object (public key) obtained via the Crypto.PublicKey module.

2. Instantiate a cryptographic hash object, for instance with Crypto.Hash.SHA384.new(). Then, process the message with its update() method.

3. Invoke the verify() method on the verifier, with the hash object and the incoming signature as parameters. If the message is not authentic, an ValueError is raised.

Available mechanisms

• PKCS#1 v1.5 (RSA)

• PKCS#1 PSS (RSA)

• Edwards-curve Digital Signature Algorithm (EdDSA)

• Digital Signature Algorithm (DSA and ECDSA)