1 Compatibility with standards 2 ================================================== 3 4 .. index:: OpenSSL 5 .. index:: compatibility 6 7 Python-RSA implements encryption and signatures according to PKCS#1 8 version 1.5. This makes it compatible with the OpenSSL RSA module. 9 10 Keys are stored in PEM or DER format according to PKCS#1 v1.5. Private 11 keys are compatible with OpenSSL. However, OpenSSL uses X.509 for its 12 public keys, which are not supported. 13 14 Encryption: 15 PKCS#1 v1.5 with at least 8 bytes of random padding 16 17 Signatures: 18 PKCS#1 v1.5 using the following hash methods: 19 MD5, SHA-1, SHA-256, SHA-384, SHA-512 20 21 Private keys: 22 PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPrivateKey 23 24 Public keys: 25 PKCS#1 v1.5 in PEM and DER format, ASN.1 type RSAPublicKey 26 27 :ref:`VARBLOCK <bigfiles>` encryption: 28 Python-RSA only, not compatible with any other known application. 29 30 .. _openssl: 31 32 Interoperability with OpenSSL 33 -------------------------------------------------- 34 35 You can create a 512-bit RSA key in OpenSSL as follows:: 36 37 openssl genrsa -out myprivatekey.pem 512 38 39 To get a Python-RSA-compatible public key from OpenSSL, you need the 40 private key first, then run it through the ``pyrsa-priv2pub`` 41 command:: 42 43 pyrsa-priv2pub -i myprivatekey.pem -o mypublickey.pem 44 45 Encryption and decryption is also compatible:: 46 47 $ echo hello there > testfile.txt 48 $ pyrsa-encrypt -i testfile.txt -o testfile.rsa publickey.pem 49 $ openssl rsautl -in testfile.rsa -inkey privatekey.pem -decrypt 50 hello there 51 52 Interoperability with PKCS#8 53 -------------------------------------------------- 54 55 The standard PKCS#8 is widely used, and more complex than the PKCS#1 56 v1.5 supported by Python-RSA. In order to extract a key from the 57 PKCS#8 format you need an external tool such as OpenSSL:: 58 59 openssl rsa -in privatekey-pkcs8.pem -out privatekey.pem 60 61 You can then extract the corresponding public key as described above. 62 63
