Qz      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJK L M NOPQRSTUV W XYZ[ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y None*Elliptic Curve point addition.WARNING: Vulnerable to timing attacks.+Elliptic Curve point doubling.WARNING: Vulnerable to timing attacks.,?Elliptic curve point multiplication (double and add algorithm).WARNING: Vulnerable to timing attacks.z div and mod*+,z*+,*+,*+,zNone-Generating a private number d..Generating a public point Q./UGenerating a shared key using our private number and the other party public point.-./%&'()-./'()&%-./-./None0Generate Q given d.WARNING: Vulnerable to timing attacks.1)Generate a pair of (private, public) key.WARNING: Vulnerable to timing attacks.01CPRGElliptic Curve010101 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneB2generate params from a specific generator (2 or 5 are common values) we generate a safe prime (a prime number of the form 2p+1 where p is also prime)3`generate a private number with no specific property this number is usually called X in DH text.4pcalculate the public number from the parameters and the private key this number is usually called Y in DH text.5pcalculate the public number from the parameters and the private key this number is usually called Y in DH text.DEPRECATED use calculatePublic6Pgenerate a shared key using our private number and the other party public number23456  !"#$&23456 "! #$&2345623456 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone 7eDescribe a hash function and a way to wrap the digest into an DER encoded ASN1 marshalled structure.9 hash function:/convertion to an ASN1 wrapped digest bytestring;2A standard hash function returning a digest object<"Describe the MD2 hashing algorithm="Describe the MD5 hashing algorithm>#Describe the SHA1 hashing algorithm?%Describe the SHA224 hashing algorithm@%Describe the SHA256 hashing algorithmA%Describe the SHA384 hashing algorithmB%Describe the SHA512 hashing algorithmC(Describe the RIPEMD160 hashing algorithm{DGenerate the marshalled structure with the following ASN1 structure:}Start Sequence ,Start Sequence ,OID oid ,Null ,End Sequence ,OctetString digest ,End Sequence789:;<=>?@ABC{ 789:;<=>?@ABC ;789:<=>?@ABC 789:;<=>?@ABC{ BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneD%Represent a mask generation algorithmEMask generation algorithm MGF1Dhash function to useseedlength to generateEDEDEDE BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneFagenerate a private number with no specific property this number is usually called X in DSA text.GCCalculate the public number from the parameters and the private keyH<sign message using the private key and an explicit k number.I#sign message using the private key.J)verify a bytestring using the public key.FGHk random number private key hash functionmessage to signIJFGHIJFGIHJFGHIJ NoneK<Sign message using the private key and an explicit k number.WARNING: Vulnerable to timing attacks.L#Sign message using the private key.WARNING: Vulnerable to timing attacks.M)Verify a bytestring using the public key.|Truncate and hash.Kk random number private key hash functionmessage to signLM|}~()KLMKLMKLM| BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone 1ElGamal Ephemeral key. also called Temporary key.ElGamal Signaturegenerate a private number with no specific property this number is usually called a and need to be between 0 and q (order of the group G).~generate an ephemeral key which is a number with no specific property, and need to be between 0 and q (order of the group G).cgenerate a public number that is for the other party benefits. this number is usually called h=g^aCencrypt with a specified ephemeral key do not reuse ephemeral key.Zencrypt a message using params and public keys will generate b (called the ephemeral key)decrypt message(sign a message with an explicit k number7if k is not appropriate, then no signature is returned.with some appropriate value of k, the signature generation can fail, and no signature is returned. User of this function need to retry with a different k value. sign messageThis function will generate a random number, however as the signature might fail, the function will automatically retry until a proper signature has been created.verify a signature 3random number k, between 0 and p-1 and gcd(k,p-1)=1DH params (p,g)DH private key!collision resistant hash functionmessage to signrandom number generatorDH params (p,g)DH private key!collision resistant hash functionmessage to sign"#$&  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGood Safe-InferredThis is a strict version of andThis is a strict version of &&. BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGood Safe-InferredN8error possible during encryption, decryption or signing.O-some parameters lead to breaking assumptions.P the message's digest is too longQDthe message decrypted doesn't have a PKCS15 structure (0 2 .. 0 msg)R"the message to encrypt is too longSNthe message to decrypt is not of the correct size (need to be == private_size)TlBlinder which is used to obfuscate the timing of the decryption primitive (used by decryption and signing).NOPQRSTUNOPQRSTUNSRQPOTU  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneVCompute the RSA decrypt primitive. if the p and q numbers are available, then dpFast is used otherwise, we use dpSlow which only need d and n.W!Compute the RSA encrypt primitiveKmultiply 2 integers in Zm only performing the modulo operation if necessaryVWVWVWVW BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneX"Generate a key pair given p and q.*p and q need to be distinct prime numbers.e need to be coprime to phi=(p-1)*(q-1). If that's not the case, the function will not return a key pair. A small hamming weight results in better performance.e=0x10001 is a popular choiceFe=3 is popular as well, but proven to not be as secure for some cases.Y:generate a pair of (private, public) key of size in bytes.Z?Generate a blinder to use with decryption and signing operationWthe unique parameter apart from the random number generator is the public key value N.Xchosen distinct primes p and q size in bytesRSA public exponant eYCPRG size in bytesRSA public exponant eZ CPRG to use.RSA public N parameter. NOPQRSTUXYZNSRQPO TUXYZXYZ  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone [6This produce a standard PKCS1.5 padding for encryption\0Produce a standard PKCS1.5 padding for signature]4Try to remove a standard PKCS1.5 encryption padding.^&decrypt message using the private key.When the decryption is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.2If unsure always set a blinder or use decryptSafer_Pdecrypt message using the private key and by automatically generating a blinder.`Fencrypt a bytestring using the public key and a CPRG random generator.5the message need to be smaller than the key size - 11a?sign message using private key, a hash and its ASN1 descriptionWhen the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None./If unsure always set a blinder or use signSaferbMsign message using the private key and by automatically generating a blinder.c&verify message with the signed message [\]^optional blinderRSA private key cipher text_random generatorRSA private key cipher text`aoptional blinderhash descriptor private keymessage to signbrandom generatorHash descriptor private keymessage to signc [\]^_`abc [\]^_ab`c [\]^_`abc  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone d)Parameters for OAEP encryption/decryptionfHash function to use.gMask Gen algorithm to use.h$Optional label prepended to message.i-Default Params with a specified hash functionj4Encrypt a message using OAEP with a predefined seed.kEncrypt a message using OAEPun-pad a OAEP encoded message.-It doesn't apply the RSA decryption primitivelDecrypt a ciphertext using OAEPWhen the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.2If unsure always set a blinder or use decryptSafermJDecrypt a ciphertext using OAEP and by automatically generating a blinder. defghijSeed!OAEP params to use for encryption Public key.Message to encryptkrandom number generator."OAEP params to use for encryption. Public key.Message to encryptOAEP params to usesize of the key in bytesencoded message (not encrypted)lOptional blinder!OAEP params to use for decryption Private key Cipher textmrandom number generator!OAEP params to use for decryption Private key Cipher text defghijklm defghijklmdefghijklm  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone n*Parameters for PSS signature/verification.pHash function to useqMask Gen algorithm to user&Length of salt. need to be <= to hLen.sTrailer field, usually 0xbct-Default Params with a specified hash functionu$Default Params using SHA1 algorithm.vLSign using the PSS parameters and the salt explicitely passed as parameters.6the function ignore SaltLength from the PSS ParameterswSign using the PSS ParametersxESign using the PSS Parameters and an automatically generated blinder.y+Verify a signature using the PSS Parameters nopqrstuv Salt to useoptional blinder to usePSS Parameters to useRSA Private KeyMessage to signw,random generator to use to generate the saltoptional blinder to usePSS Parameters to useRSA Private KeyMessage to signxrandom generatorPSS Parameters to use private keymessage to signy\PSS Parameters to use to verify, this need to be identical to the parameters when signingRSA Public KeyMessage to verify Signature nopqrstuvwxy nopqrstuvwxynopqrstuvwxy !"##$%&&'()*+!+"+#+#+,+-+.+./0/1/-23456789:56;7<<=>?@ABCDEFGHI56JKL J K LMNOPQRSS T UV9W X Y Z [ \ ] K ^ L _ _ ` a b c d ] [ \ e e f g h i j k l K ^ Lmn opqprp$p%p&p&ppsppptpupppvpvw&5x;y][JKLw&z{ | } ~  Z crypto-pubkey-0.2.5Crypto.PubKey.RSACrypto.PubKey.DSACrypto.PubKey.DHCrypto.PubKey.ECC.DHCrypto.PubKey.ECC.PrimCrypto.PubKey.ECC.GenerateCrypto.PubKey.HashDescrCrypto.PubKey.MaskGenFunctionCrypto.PubKey.ECC.ECDSACrypto.PubKey.RSA.PrimCrypto.PubKey.RSA.PKCS15Crypto.PubKey.RSA.OAEPCrypto.PubKey.RSA.PSSCrypto.PubKey.ElGamalCrypto.PubKey.InternalCrypto.PubKey.RSA.Typescrypto-pubkey-types-0.4.2.3Crypto.Types.PubKey.RSApublic_epublic_n public_size PublicKey private_qinv private_dQ private_dP private_q private_p private_d private_pub PrivateKeyCrypto.Types.PubKey.DSAparams_qparams_gparams_pParamssign_ssign_r Signaturepublic_y public_params private_xprivate_paramsCrypto.Types.PubKey.DH PublicNumber PrivateNumber SharedKeyCrypto.Types.PubKey.ECCCurve PublicPointpointAdd pointDoublepointMulgeneratePrivatecalculatePublic getShared generateQgenerategenerateParamsgeneratePublic HashDescr hashFunction digestToASN1 HashFunction hashDescrMD2 hashDescrMD5 hashDescrSHA1hashDescrSHA224hashDescrSHA256hashDescrSHA384hashDescrSHA512hashDescrRIPEMD160MaskGenAlgorithmmgf1signWithsignverifyErrorInvalidParametersSignatureTooLongMessageNotRecognizedMessageTooLongMessageSizeIncorrectBlinderdpep generateWithgenerateBlinderpad padSignatureunpaddecrypt decryptSaferencrypt signSafer OAEPParamsoaepHashoaepMaskGenAlg oaepLabeldefaultOAEPParamsencryptWithSeed PSSParamspssHash pssMaskGenAlg pssSaltLengthpssTrailerFielddefaultPSSParamsdefaultPSSParamsSHA1 signWithSaltdivmodtoHashWithInfotHashCrypto.Types.PubKey.ECDSA toPrivateKey toPublicKey private_curvepublic_q public_curveKeyPair EphemeralKeygenerateEphemeral encryptWithand'&&!multiplicationdpSlowdpFastdpFastNoBlinder makeSignaturenormalizeToKeySize