úÎŽýˆê^      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQR S T U V W X Y Z [ \ ] Good experimental#Vincent Hanquez <vincent@snarc.org>NoneEgenerate params from a specific generator (2 or 5 are common values) R we generate a safe prime (a prime number of the form 2p+1 where p is also prime) 4generate a private number with no specific property - this number is usually called X in DH text. ?generate a public number that is for the other party benefits. - this number is usually called Y in DH text. Qgenerate a shared key using our private number and the other party public number Good experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferred ;Describe a hash function and a way to wrap the digest into + an DER encoded ASN1 marshalled structure. $3A standard hash function returning a digest object %#Describe the MD2 hashing algorithm &#Describe the MD5 hashing algorithm '$Describe the SHA1 hashing algorithm (&Describe the SHA224 hashing algorithm )&Describe the SHA256 hashing algorithm *&Describe the SHA384 hashing algorithm +&Describe the SHA512 hashing algorithm ^EGenerate the marshalled structure with the following ASN1 structure: Start Sequence  ,Start Sequence  ,OID oid  ,Null  ,End Sequence  ,OctetString digest  ,End Sequence  !"#$%&'()*+,^ !"#$%&'()*+, $ !"#%&'()*+, !"#$%&'()*+,^Good experimental#Vincent Hanquez <vincent@snarc.org>None-&Represent a mask generation algorithm .Mask generation algorithm MGF1 -hash function to use seed length to generate .-.-.-.Good experimental#Vincent Hanquez <vincent@snarc.org>None/=sign message using the private key and an explicit k number. 0$sign message using the private key. 1*verify a bytestring using the public key. /k random number  private key hash function message to sign 01_ /01 0/1/01_ Good experimental#Vincent Hanquez <vincent@snarc.org>None `2ElGamal Ephemeral key. also called Temporary key. aElGamal Signature b4generate a private number with no specific property 8 this number is usually called a and need to be between ! 0 and q (order of the group G). cGgenerate an ephemeral key which is a number with no specific property, 8 and need to be between 0 and q (order of the group G). d?generate a public number that is for the other party benefits. % this number is usually called h=g^a e'encrypt with a specified ephemeral key  do not reuse ephemeral key. f/encrypt a message using params and public keys , will generate b (called the ephemeral key) gdecrypt message h)sign a message with an explicit k number 8if k is not appropriate, then no signature is returned. Ewith some appropriate value of k, the signature generation can fail, C and no signature is returned. User of this function need to retry  with a different k value. i sign message 5This function will generate a random number, however D as the signature might fail, the function will automatically retry , until a proper signature has been created. jverify a signature `kalbcdefgh4random number k, between 0 and p-1 and gcd(k,p-1)=1 DH params (p,g) DH private key "collision resistant hash function message to sign irandom number generator DH params (p,g) DH private key "collision resistant hash function message to sign j`kabdefghij `kalbcdefghij Good experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferredm This is a strict version of and nThis is a strict version of &&. mnmnmn Good experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferred29error possible during encryption, decryption or signing. 3.some parameters lead to breaking assumptions. 4 the message's digest is too long 5the message decrypted doesn')t have a PKCS15 structure (0 2 .. 0 msg) 6#the message to encrypt is too long 7Othe message to decrypt is not of the correct size (need to be == private_size) 8.Blinder which is used to obfuscate the timing ? of the decryption primitive (used by decryption and signing). 234567892345678927654389Good experimental#Vincent Hanquez <vincent@snarc.org>None:#Compute the RSA decrypt primitive. ; if the p and q numbers are available, then dpFast is used 3 otherwise, we use dpSlow which only need d and n. ;"Compute the RSA encrypt primitive oLmultiply 2 integers in Zm only performing the modulo operation if necessary pqr:;so:;:;pqr:;soGood experimental#Vincent Hanquez <vincent@snarc.org>None<4generate a public key and private key with p and q. ,p and q need to be distinct primes numbers. _e need to be coprime to phi=(p-1)*(q-1). a small hamming weight results in better performance. c 0x10001 is a popular choice. 3 is popular as well, but proven to not be as secure for some cases. =;generate a pair of (private, public) key of size in bytes. >@Generate a blinder to use with decryption and signing operation Cthe unique parameter apart from the random number generator is the  public key value N. <=> CPRG to use. RSA public N parameters.  23456789<=>276543 89<=><=>Good experimental#Vincent Hanquez <vincent@snarc.org>None ?7This produce a standard PKCS1.5 padding for encryption @1Produce a standard PKCS1.5 padding for signature A5Try to remove a standard PKCS1.5 encryption padding. B'decrypt message using the private key. EWhen the decryption is not in a context where an attacker could gain O information from the timing of the operation, the blinder can be set to None. 3If unsure always set a blinder or use decryptSafer CQdecrypt message using the private key and by automatically generating a blinder. DGencrypt a bytestring using the public key and a CPRG random generator. 6the message need to be smaller than the key size - 11 E@sign message using private key, a hash and its ASN1 description DWhen the signature is not in a context where an attacker could gain O information from the timing of the operation, the blinder can be set to None. 0If unsure always set a blinder or use signSafer FNsign message using the private key and by automatically generating a blinder. G'verify message with the signed message ?@ABoptional blinder RSA private key  cipher text Crandom generator RSA private key  cipher text DEoptional blinder hash descriptor  private key message to sign Frandom generator Hash descriptor  private key message to sign Gt ?@ABCDEFG ?@ABCEFDG ?@ABCDEFGtNone HParameters for OAEP encryption/ decryption JHash function to use. KMask Gen algorithm to use. L%Optional label prepended to message. M.Default Params with a specified hash function OEncrypt a message using OAEP uun-pad a OAEP encoded message. It doesn'%t apply the RSA decryption primitive P Decrypt a ciphertext using OAEP DWhen the signature is not in a context where an attacker could gain O information from the timing of the operation, the blinder can be set to None. 3If unsure always set a blinder or use decryptSafer QKDecrypt a ciphertext using OAEP and by automatically generating a blinder. HIJKLMNOrandom number generator. #OAEP params to use for encryption.  Public key. Message to encrypt uOAEP params to use size of the key in bytes  encoded message (not encrypted) POptional blinder "OAEP params to use for decryption  Private key  Cipher text Qrandom number generator "OAEP params to use for decryption  Private key  Cipher text HIJKLMNOPQ HIJKLMNOPQHIJKLMNOuPQ Good experimental#Vincent Hanquez <vincent@snarc.org>None RParameters for PSS signature/verification. THash function to use UMask Gen algorithm to use VLength of salt. need to be < = to hLen. WTrailer field, usually 0xbc X.Default Params with a specified hash function Y%Default Params using SHA1 algorithm. ZMSign using the PSS parameters and the salt explicitely passed as parameters. 7the function ignore SaltLength from the PSS Parameters [Sign using the PSS Parameters \FSign using the PSS Parameters and an automatically generated blinder. ],Verify a signature using the PSS Parameters RSTUVWXYZ Salt to use optional blinder to use PSS Parameters to use RSA Private Key Message to sign [-random generator to use to generate the salt optional blinder to use PSS Parameters to use RSA Private Key Message to sign \random generator PSS Parameters to use  private key message to sign ]!PSS Parameters to use to verify, < this need to be identical to the parameters when signing RSA Public Key Message to verify  Signature v RSTUVWXYZ[\] RSTUVWXYZ[\]RSTUVWXYZ[\]vw                      !   " "# "$ "%&'()**+,-./0123456789: ; < = > ? @ A ABCDEFGHIJKL9M:NNOPQRSLJK T T U V W X Y Z [ 9 M :\] ^  ' _ ( ` L J 8 9 : ^  a bcdef]gI hicrypto-pubkey-0.1.2Crypto.PubKey.RSACrypto.PubKey.DSACrypto.PubKey.DHCrypto.PubKey.HashDescrCrypto.PubKey.MaskGenFunctionCrypto.PubKey.RSA.PrimCrypto.PubKey.RSA.PKCS15Crypto.PubKey.RSA.OAEPCrypto.PubKey.RSA.PSSCrypto.PubKey.ElGamalCrypto.PubKey.InternalCrypto.PubKey.RSA.Typescrypto-pubkey-types-0.2.0Crypto.Types.PubKey.RSApublic_epublic_n public_size PublicKey private_qinv private_dQ private_dP private_q private_p private_d private_pub PrivateKeyCrypto.Types.PubKey.DSAParams Signaturepublic_y public_params private_xprivate_paramsCrypto.Types.PubKey.DH PublicNumber PrivateNumber SharedKeygenerateParamsgeneratePrivategeneratePublic getShared HashDescr hashFunction digestToASN1 HashFunction hashDescrMD2 hashDescrMD5 hashDescrSHA1hashDescrSHA224hashDescrSHA256hashDescrSHA384hashDescrSHA512hashDescrRIPEMD160MaskGenAlgorithmmgf1signWithsignverifyErrorInvalidParametersSignatureTooLongMessageNotRecognizedMessageTooLongMessageSizeIncorrectBlinderdpep generateWithgenerategenerateBlinderpad padSignatureunpaddecrypt decryptSaferencrypt signSafer OAEPParamsoaepHashoaepMaskGenAlg oaepLabeldefaultOAEPParamsencryptWithSeed PSSParamspssHash pssMaskGenAlg pssSaltLengthpssTrailerFielddefaultPSSParamsdefaultPSSParamsSHA1 signWithSalttoHashWithInfoexpmod EphemeralKeygenerateEphemeral encryptWithand'&&!multiplicationdpSlowdpFastdpFastNoBlinder makeSignaturenormalizeToKeySize