úΗ¤‘h      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\ ] ^ _ ` a b c d e f g Good experimental#Vincent Hanquez <vincent@snarc.org>None&Egenerate params from a specific generator (2 or 5 are common values) R we generate a safe prime (a prime number of the form 2p+1 where p is also prime) '4generate a private number with no specific property - this number is usually called X in DH text. (?generate a public number that is for the other party benefits. - this number is usually called Y in DH text. )Qgenerate a shared key using our private number and the other party public number &'()  !"#$%&'() "! #$%&'()&'()Good experimental#Vincent Hanquez <vincent@snarc.org>None *;Describe a hash function and a way to wrap the digest into + an DER encoded ASN1 marshalled structure. ,hash function -0convertion to an ASN1 wrapped digest bytestring .3A standard hash function returning a digest object /#Describe the MD2 hashing algorithm 0#Describe the MD5 hashing algorithm 1$Describe the SHA1 hashing algorithm 2&Describe the SHA224 hashing algorithm 3&Describe the SHA256 hashing algorithm 4&Describe the SHA384 hashing algorithm 5&Describe the SHA512 hashing algorithm 6)Describe the RIPEMD160 hashing algorithm hEGenerate the marshalled structure with the following ASN1 structure: Start Sequence  ,Start Sequence  ,OID oid  ,Null  ,End Sequence  ,OctetString digest  ,End Sequence *+,-./0123456h *+,-./0123456 .*+,-/0123456 *+,-./0123456hGood experimental#Vincent Hanquez <vincent@snarc.org>None7&Represent a mask generation algorithm 8Mask generation algorithm MGF1 7hash function to use seed length to generate 8787878Good experimental#Vincent Hanquez <vincent@snarc.org>None9=sign message using the private key and an explicit k number. :$sign message using the private key. ;*verify a bytestring using the public key. 9k random number  private key hash function message to sign :;i9:;:9;9:;i Good experimental#Vincent Hanquez <vincent@snarc.org>None j2ElGamal Ephemeral key. also called Temporary key. kElGamal Signature l4generate a private number with no specific property 8 this number is usually called a and need to be between ! 0 and q (order of the group G). mGgenerate an ephemeral key which is a number with no specific property, 8 and need to be between 0 and q (order of the group G). n?generate a public number that is for the other party benefits. % this number is usually called h=g^a o'encrypt with a specified ephemeral key  do not reuse ephemeral key. p/encrypt a message using params and public keys , will generate b (called the ephemeral key) qdecrypt message r)sign a message with an explicit k number 8if k is not appropriate, then no signature is returned. Ewith some appropriate value of k, the signature generation can fail, C and no signature is returned. User of this function need to retry  with a different k value. s sign message 5This function will generate a random number, however D as the signature might fail, the function will automatically retry , until a proper signature has been created. tverify a signature jukvlmnopqr4random number k, between 0 and p-1 and gcd(k,p-1)=1 DH params (p,g) DH private key "collision resistant hash function message to sign srandom number generator DH params (p,g) DH private key "collision resistant hash function message to sign t"#$%juklnopqrst jukvlmnopqrst Good experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferredw This is a strict version of and xThis is a strict version of &&. wxwxwx Good experimental#Vincent Hanquez <vincent@snarc.org> Safe-Inferred<9error possible during encryption, decryption or signing. =.some parameters lead to breaking assumptions. > the message's digest is too long ?the message decrypted doesn')t have a PKCS15 structure (0 2 .. 0 msg) @#the message to encrypt is too long AOthe message to decrypt is not of the correct size (need to be == private_size) B.Blinder which is used to obfuscate the timing ? of the decryption primitive (used by decryption and signing). <=>?@ABC<=>?@ABC<A@?>=BCGood experimental#Vincent Hanquez <vincent@snarc.org>NoneD#Compute the RSA decrypt primitive. ; if the p and q numbers are available, then dpFast is used 3 otherwise, we use dpSlow which only need d and n. E"Compute the RSA encrypt primitive yLmultiply 2 integers in Zm only performing the modulo operation if necessary z{|DE}yDEDEz{|DE}yGood experimental#Vincent Hanquez <vincent@snarc.org>NoneF#Generate a key pair given p and q. +p and q need to be distinct prime numbers. 0e need to be coprime to phi=(p-1)*(q-1). If that' s not the 0 case, the function will not return a key pair. 7 A small hamming weight results in better performance.  e=0x10001 is a popular choice H e=3 is popular as well, but proven to not be as secure for some cases. G;generate a pair of (private, public) key of size in bytes. H@Generate a blinder to use with decryption and signing operation Cthe unique parameter apart from the random number generator is the  public key value N. Fchosen distinct primes p and q size in bytes RSA public exponant e GCPRG size in bytes RSA public exponant e H CPRG to use. RSA public N parameter.  <=>?@ABCFGH<A@?>= BCFGHFGHGood experimental#Vincent Hanquez <vincent@snarc.org>None I7This produce a standard PKCS1.5 padding for encryption J1Produce a standard PKCS1.5 padding for signature K5Try to remove a standard PKCS1.5 encryption padding. L'decrypt message using the private key. EWhen the decryption is not in a context where an attacker could gain O information from the timing of the operation, the blinder can be set to None. 3If unsure always set a blinder or use decryptSafer MQdecrypt message using the private key and by automatically generating a blinder. NGencrypt a bytestring using the public key and a CPRG random generator. 6the message need to be smaller than the key size - 11 O@sign message using private key, a hash and its ASN1 description DWhen the signature is not in a context where an attacker could gain O information from the timing of the operation, the blinder can be set to None. 0If unsure always set a blinder or use signSafer PNsign message using the private key and by automatically generating a blinder. Q'verify message with the signed message IJKLoptional blinder RSA private key  cipher text Mrandom generator RSA private key  cipher text NOoptional blinder hash descriptor  private key message to sign Prandom generator Hash descriptor  private key message to sign Q~ IJKLMNOPQ IJKLMOPNQ IJKLMNOPQ~Good experimental#Vincent Hanquez <vincent@snarc.org>None RParameters for OAEP encryption/ decryption THash function to use. UMask Gen algorithm to use. V%Optional label prepended to message. W.Default Params with a specified hash function X5Encrypt a message using OAEP with a predefined seed. YEncrypt a message using OAEP un-pad a OAEP encoded message. It doesn'%t apply the RSA decryption primitive Z Decrypt a ciphertext using OAEP DWhen the signature is not in a context where an attacker could gain O information from the timing of the operation, the blinder can be set to None. 3If unsure always set a blinder or use decryptSafer [KDecrypt a ciphertext using OAEP and by automatically generating a blinder. RSTUVWXSeed "OAEP params to use for encryption  Public key. Message to encrypt Yrandom number generator. #OAEP params to use for encryption.  Public key. Message to encrypt OAEP params to use size of the key in bytes  encoded message (not encrypted) ZOptional blinder "OAEP params to use for decryption  Private key  Cipher text [random number generator "OAEP params to use for decryption  Private key  Cipher text RSTUVWXYZ[ RSTUVWXYZ[RSTUVWXYZ[ Good experimental#Vincent Hanquez <vincent@snarc.org>None \Parameters for PSS signature/verification. ^Hash function to use _Mask Gen algorithm to use `Length of salt. need to be < = to hLen. aTrailer field, usually 0xbc b.Default Params with a specified hash function c%Default Params using SHA1 algorithm. dMSign using the PSS parameters and the salt explicitely passed as parameters. 7the function ignore SaltLength from the PSS Parameters eSign using the PSS Parameters fFSign using the PSS Parameters and an automatically generated blinder. g,Verify a signature using the PSS Parameters \]^_`abcd Salt to use optional blinder to use PSS Parameters to use RSA Private Key Message to sign e-random generator to use to generate the salt optional blinder to use PSS Parameters to use RSA Private Key Message to sign frandom generator PSS Parameters to use  private key message to sign g!PSS Parameters to use to verify, < this need to be identical to the parameters when signing RSA Public Key Message to verify  Signature € \]^_`abcdefg \]^_`abcdefg\]^_`abcdefg€                     ! " " # $   % &   ' ' ' ' '( ') '*+,-.//0123456789:;<=>? @ A B C D E F FGHIJKLMNOPQ>R?SSTUVWXQOP Y Y Z [ \ ] ^ _ ` > R ?ab c " , d - e Q O = > ? c " f ghijkblN mncrypto-pubkey-0.2.1Crypto.PubKey.RSACrypto.PubKey.DSACrypto.PubKey.DHCrypto.PubKey.HashDescrCrypto.PubKey.MaskGenFunctionCrypto.PubKey.RSA.PrimCrypto.PubKey.RSA.PKCS15Crypto.PubKey.RSA.OAEPCrypto.PubKey.RSA.PSSCrypto.PubKey.ElGamalCrypto.PubKey.InternalCrypto.PubKey.RSA.Typescrypto-pubkey-types-0.4.0Crypto.Types.PubKey.RSApublic_epublic_n public_size PublicKey private_qinv private_dQ private_dP private_q private_p private_d private_pub PrivateKeyCrypto.Types.PubKey.DSAparams_qparams_gparams_pParamssign_ssign_r Signaturepublic_y public_params private_xprivate_paramsCrypto.Types.PubKey.DH PublicNumber PrivateNumber SharedKeygenerateParamsgeneratePrivategeneratePublic getShared HashDescr hashFunction digestToASN1 HashFunction hashDescrMD2 hashDescrMD5 hashDescrSHA1hashDescrSHA224hashDescrSHA256hashDescrSHA384hashDescrSHA512hashDescrRIPEMD160MaskGenAlgorithmmgf1signWithsignverifyErrorInvalidParametersSignatureTooLongMessageNotRecognizedMessageTooLongMessageSizeIncorrectBlinderdpep generateWithgenerategenerateBlinderpad padSignatureunpaddecrypt decryptSaferencrypt signSafer OAEPParamsoaepHashoaepMaskGenAlg oaepLabeldefaultOAEPParamsencryptWithSeed PSSParamspssHash pssMaskGenAlg pssSaltLengthpssTrailerFielddefaultPSSParamsdefaultPSSParamsSHA1 signWithSalttoHashWithInfoexpmod EphemeralKeygenerateEphemeral encryptWithand'&&!multiplicationdpSlowdpFastdpFastNoBlinder makeSignaturenormalizeToKeySize