RSA can be used to create a message signature. A valid signature can only be generated with access to the private RSA key, validating on the other hand is possible with merely the corresponding public key. So as long as the other side knows your public key they can verify the message to be signed by you and unchanged - an approach used for email for example. Currently, a third-party module like pycrypto is required for this functionality.
import errno from Crypto.Hash import SHA256 from Crypto.PublicKey import RSA from Crypto.Signature import PKCS1_v1_5 message = b'This message is from me, I promise.' try: with open('privkey.pem', 'r') as f: key = RSA.importKey(f.read()) except IOError as e: if e.errno != errno.ENOENT: raise # No private key, generate a new one. This can take a few seconds. key = RSA.generate(4096) with open('privkey.pem', 'wb') as f: f.write(key.exportKey('PEM')) with open('pubkey.pem', 'wb') as f: f.write(key.publickey().exportKey('PEM')) hasher = SHA256.new(message) signer = PKCS1_v1_5.new(key) signature = signer.sign(hasher)
Verifying the signature works similarly but uses the public key rather than the private key:
with open('pubkey.pem', 'rb') as f: key = RSA.importKey(f.read()) hasher = SHA256.new(message) verifier = PKCS1_v1_5.new(key) if verifier.verify(hasher, signature): print('Nice, the signature is valid!') else: print('No, the message was signed with the wrong private key or modified')
Note: The above examples use PKCS#1 v1.5 signing algorithm which is very common. pycrypto also implements the newer PKCS#1 PSS algorithm, replacing
PKCS1_PSS in the examples should work if you want to use that one. Currently there seems to be little reason to use it however.