c{      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKL M N OPQRSTUVW X YZ[\ ] ^ _ ` a b c d e f g h i j k l m n o p q r s t u v w x y z None*Elliptic Curve point addition.WARNING: Vulnerable to timing attacks.+Elliptic Curve point doubling.WARNING: Vulnerable to timing attacks.This perform the following calculation: > lambda = (3 * xp ^ 2 + a) / 2 yp > xr = lambda ^ 2 - 2 xp > yr = lambda (xp - xr) - ypWith binary curve: > xp == 0 => P = O > otherwise => > s = xp + (yp / xp) > xr = s ^ 2 + s + a > yr = xp ^ 2 + (s+1) * xr,?Elliptic curve point multiplication (double and add algorithm).WARNING: Vulnerable to timing attacks.-*Check if a point is the point at infinity.{ div and mod*+,-{*+,-*+,-*+,-{None.Generating a private number d./Generating a public point Q.0UGenerating a shared key using our private number and the other party public point../0%&'()./0'()&%./0./0None1Generate Q given d.WARNING: Vulnerable to timing attacks.2)Generate a pair of (private, public) key.WARNING: Vulnerable to timing attacks.12CPRGElliptic Curve121212 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneB3generate params from a specific generator (2 or 5 are common values) we generate a safe prime (a prime number of the form 2p+1 where p is also prime)4`generate a private number with no specific property this number is usually called X in DH text.5pcalculate the public number from the parameters and the private key this number is usually called Y in DH text.6pcalculate the public number from the parameters and the private key this number is usually called Y in DH text.DEPRECATED use calculatePublic7Pgenerate a shared key using our private number and the other party public number34567  !"#$&34567 "! #$&3456734567 BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone 8eDescribe a hash function and a way to wrap the digest into an DER encoded ASN1 marshalled structure.: hash function;/convertion to an ASN1 wrapped digest bytestring<2A standard hash function returning a digest object="Describe the MD2 hashing algorithm>"Describe the MD5 hashing algorithm?#Describe the SHA1 hashing algorithm@%Describe the SHA224 hashing algorithmA%Describe the SHA256 hashing algorithmB%Describe the SHA384 hashing algorithmC%Describe the SHA512 hashing algorithmD(Describe the RIPEMD160 hashing algorithm|DGenerate the marshalled structure with the following ASN1 structure:}Start Sequence ,Start Sequence ,OID oid ,Null ,End Sequence ,OctetString digest ,End Sequence89:;<=>?@ABCD| 89:;<=>?@ABCD <89:;=>?@ABCD 89:;<=>?@ABCD| BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneE%Represent a mask generation algorithmFMask generation algorithm MGF1Ehash function to useseedlength to generateFEFEFEF BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneGagenerate a private number with no specific property this number is usually called X in DSA text.HCCalculate the public number from the parameters and the private keyI<sign message using the private key and an explicit k number.J#sign message using the private key.K)verify a bytestring using the public key.GHIk random number private key hash functionmessage to signJKGHIJKGHJIKGHIJK NoneL<Sign message using the private key and an explicit k number.WARNING: Vulnerable to timing attacks.M#Sign message using the private key.WARNING: Vulnerable to timing attacks.N)Verify a bytestring using the public key.}Truncate and hash.Lk random number private key hash functionmessage to signMN}~()LMNLMNLMN} BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone 1ElGamal Ephemeral key. also called Temporary key.ElGamal Signaturegenerate a private number with no specific property this number is usually called a and need to be between 0 and q (order of the group G).~generate an ephemeral key which is a number with no specific property, and need to be between 0 and q (order of the group G).cgenerate a public number that is for the other party benefits. this number is usually called h=g^aCencrypt with a specified ephemeral key do not reuse ephemeral key.Zencrypt a message using params and public keys will generate b (called the ephemeral key)decrypt message(sign a message with an explicit k number7if k is not appropriate, then no signature is returned.with some appropriate value of k, the signature generation can fail, and no signature is returned. User of this function need to retry with a different k value. sign messageThis function will generate a random number, however as the signature might fail, the function will automatically retry until a proper signature has been created.verify a signature 3random number k, between 0 and p-1 and gcd(k,p-1)=1DH params (p,g)DH private key!collision resistant hash functionmessage to signrandom number generatorDH params (p,g)DH private key!collision resistant hash functionmessage to sign"#$&  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGood Safe-InferredThis is a strict version of andThis is a strict version of &&. BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGood Safe-InferredO8error possible during encryption, decryption or signing.P-some parameters lead to breaking assumptions.Q the message's digest is too longRDthe message decrypted doesn't have a PKCS15 structure (0 2 .. 0 msg)S"the message to encrypt is too longTNthe message to decrypt is not of the correct size (need to be == private_size)UlBlinder which is used to obfuscate the timing of the decryption primitive (used by decryption and signing).OPQRSTUVOPQRSTUVOTSRQPUV  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneWCompute the RSA decrypt primitive. if the p and q numbers are available, then dpFast is used otherwise, we use dpSlow which only need d and n.X!Compute the RSA encrypt primitiveKmultiply 2 integers in Zm only performing the modulo operation if necessaryWXWXWXWX BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNoneY"Generate a key pair given p and q.*p and q need to be distinct prime numbers.e need to be coprime to phi=(p-1)*(q-1). If that's not the case, the function will not return a key pair. A small hamming weight results in better performance.e=0x10001 is a popular choiceFe=3 is popular as well, but proven to not be as secure for some cases.Z:generate a pair of (private, public) key of size in bytes.[?Generate a blinder to use with decryption and signing operationWthe unique parameter apart from the random number generator is the public key value N.Ychosen distinct primes p and q size in bytesRSA public exponant eZCPRG size in bytesRSA public exponant e[ CPRG to use.RSA public N parameter. OPQRSTUVYZ[OTSRQP UVYZ[YZ[  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone \6This produce a standard PKCS1.5 padding for encryption]0Produce a standard PKCS1.5 padding for signature^4Try to remove a standard PKCS1.5 encryption padding._&decrypt message using the private key.When the decryption is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.2If unsure always set a blinder or use decryptSafer`Pdecrypt message using the private key and by automatically generating a blinder.aFencrypt a bytestring using the public key and a CPRG random generator.5the message need to be smaller than the key size - 11b?sign message using private key, a hash and its ASN1 descriptionWhen the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None./If unsure always set a blinder or use signSafercMsign message using the private key and by automatically generating a blinder.d&verify message with the signed message \]^_optional blinderRSA private key cipher text`random generatorRSA private key cipher textaboptional blinderhash descriptor private keymessage to signcrandom generatorHash descriptor private keymessage to signd \]^_`abcd \]^_`bcad \]^_`abcd  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone e)Parameters for OAEP encryption/decryptiongHash function to use.hMask Gen algorithm to use.i$Optional label prepended to message.j-Default Params with a specified hash functionk4Encrypt a message using OAEP with a predefined seed.lEncrypt a message using OAEPun-pad a OAEP encoded message.-It doesn't apply the RSA decryption primitivemDecrypt a ciphertext using OAEPWhen the signature is not in a context where an attacker could gain information from the timing of the operation, the blinder can be set to None.2If unsure always set a blinder or use decryptSafernJDecrypt a ciphertext using OAEP and by automatically generating a blinder. efghijkSeed!OAEP params to use for encryption Public key.Message to encryptlrandom number generator."OAEP params to use for encryption. Public key.Message to encryptOAEP params to usesize of the key in bytesencoded message (not encrypted)mOptional blinder!OAEP params to use for decryption Private key Cipher textnrandom number generator!OAEP params to use for decryption Private key Cipher text efghijklmn efghijklmnefghijklmn  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalGoodNone o*Parameters for PSS signature/verification.qHash function to userMask Gen algorithm to uses&Length of salt. need to be <= to hLen.tTrailer field, usually 0xbcu-Default Params with a specified hash functionv$Default Params using SHA1 algorithm.wLSign using the PSS parameters and the salt explicitely passed as parameters.6the function ignore SaltLength from the PSS ParametersxSign using the PSS ParametersyESign using the PSS Parameters and an automatically generated blinder.z+Verify a signature using the PSS Parameters opqrstuvw Salt to useoptional blinder to usePSS Parameters to useRSA Private KeyMessage to signx,random generator to use to generate the saltoptional blinder to usePSS Parameters to useRSA Private KeyMessage to signyrandom generatorPSS Parameters to use private keymessage to signz\PSS Parameters to use to verify, this need to be identical to the parameters when signingRSA Public KeyMessage to verify Signature opqrstuvwxyz opqrstuvwxyzopqrstuvwxyz !"##$%&&'()*+!+"+#+#+,+-+.+./0/1/-23456789:;67<8==>?@ABCDEFGHIJ67KLM K L MNOPQRSTT U VW:X Y Z [ \ ] ^ L _ M ` ` a b c d e ^ \ ] f f g h i j k l m L _ Mno pqrqsq$q%q&q&qqtqqquqvqqqwqwx&6y<z^\KLMx&{| } ~  [ crypto-pubkey-0.2.7Crypto.PubKey.RSACrypto.PubKey.DSACrypto.PubKey.DHCrypto.PubKey.ECC.DHCrypto.PubKey.ECC.PrimCrypto.PubKey.ECC.GenerateCrypto.PubKey.HashDescrCrypto.PubKey.MaskGenFunctionCrypto.PubKey.ECC.ECDSACrypto.PubKey.RSA.PrimCrypto.PubKey.RSA.PKCS15Crypto.PubKey.RSA.OAEPCrypto.PubKey.RSA.PSSCrypto.PubKey.ElGamalCrypto.PubKey.InternalCrypto.PubKey.RSA.Typescrypto-pubkey-types-0.4.2.3Crypto.Types.PubKey.RSApublic_epublic_n public_size PublicKey private_qinv private_dQ private_dP private_q private_p private_d private_pub PrivateKeyCrypto.Types.PubKey.DSAparams_qparams_gparams_pParamssign_ssign_r Signaturepublic_y public_params private_xprivate_paramsCrypto.Types.PubKey.DH PublicNumber PrivateNumber SharedKeyCrypto.Types.PubKey.ECCCurve PublicPointpointAdd pointDoublepointMulisPointAtInfinitygeneratePrivatecalculatePublic getShared generateQgenerategenerateParamsgeneratePublic HashDescr hashFunction digestToASN1 HashFunction hashDescrMD2 hashDescrMD5 hashDescrSHA1hashDescrSHA224hashDescrSHA256hashDescrSHA384hashDescrSHA512hashDescrRIPEMD160MaskGenAlgorithmmgf1signWithsignverifyErrorInvalidParametersSignatureTooLongMessageNotRecognizedMessageTooLongMessageSizeIncorrectBlinderdpep generateWithgenerateBlinderpad padSignatureunpaddecrypt decryptSaferencrypt signSafer OAEPParamsoaepHashoaepMaskGenAlg oaepLabeldefaultOAEPParamsencryptWithSeed PSSParamspssHash pssMaskGenAlg pssSaltLengthpssTrailerFielddefaultPSSParamsdefaultPSSParamsSHA1 signWithSaltdivmodtoHashWithInfotHashCrypto.Types.PubKey.ECDSA toPrivateKey toPublicKey private_curvepublic_q public_curveKeyPair EphemeralKeygenerateEphemeral encryptWithand'&&!multiplicationdpSlowdpFastdpFastNoBlinder makeSignaturenormalizeToKeySize