awscrt.crypto¶

class awscrt.crypto.RSAEncryptionAlgorithm(value)¶

RSA Encryption Algorithm

PKCS1_5 = 0¶: PKCSv1.5 padding

OAEP_SHA256 = 1¶: OAEP padding with sha256 hash function

OAEP_SHA512 = 2¶: OAEP padding with sha512 hash function

class awscrt.crypto.RSASignatureAlgorithm(value)¶

RSA Encryption Algorithm

PKCS1_5_SHA256 = 0¶: PKCSv1.5 padding with sha256 hash function

PKCS1_5_SHA1 = 1¶: PKCSv1.5 padding with sha1 hash function

PSS_SHA256 = 2¶: PSS padding with sha256 hash function

class awscrt.crypto.RSA(binding)¶

static new_private_key_from_pem_data(pem_data: str | bytes | bytearray | memoryview) → RSA¶: Creates a new instance of private RSA key pair from pem data. Raises ValueError if pem does not have private key object.

static new_public_key_from_pem_data(pem_data: str | bytes | bytearray | memoryview) → RSA¶: Creates a new instance of public RSA key pair from pem data. Raises ValueError if pem does not have public key object.

static new_private_key_from_der_data(der_data: bytes | bytearray | memoryview) → RSA¶: Creates a new instance of private RSA key pair from der data. Expects key in PKCS1 format. Raises ValueError if pem does not have private key object.

static new_public_key_from_der_data(der_data: bytes | bytearray | memoryview) → RSA¶: Creates a new instance of public RSA key pair from der data. Expects key in PKCS1 format. Raises ValueError if pem does not have public key object.

encrypt(encryption_algorithm: RSAEncryptionAlgorithm, plaintext: bytes | bytearray | memoryview) → bytes¶: Encrypts data using a given algorithm.

decrypt(encryption_algorithm: RSAEncryptionAlgorithm, ciphertext: bytes | bytearray | memoryview) → bytes¶: Decrypts data using a given algorithm.

sign(signature_algorithm: RSASignatureAlgorithm, digest: bytes | bytearray | memoryview) → bytes¶: Signs data using a given algorithm. Note: function expects digest of the message, ex sha256

verify(signature_algorithm: RSASignatureAlgorithm, digest: bytes | bytearray | memoryview, signature: bytes | bytearray | memoryview) → bool¶: Verifies signature against digest. Returns True if signature matches and False if not.