Asymmetric encryption has the advantage that a message can be encrypted without exchanging a secret key with the recipient of the message. The sender merely needs to know the recipients public key, this allows encrypting the message in such a way that only the designated recipient (who has the corresponding private key) can decrypt it. Currently, a third-party module like pycrypto is required for this functionality.
from Crypto.Cipher import PKCS1_OAEP from Crypto.PublicKey import RSA message = b'This is a very secret message.' with open('pubkey.pem', 'rb') as f: key = RSA.importKey(f.read()) cipher = PKCS1_OAEP.new(key) encrypted = cipher.encrypt(message)
The recipient can decrypt the message then if they have the right private key:
with open('privkey.pem', 'rb') as f: key = RSA.importKey(f.read()) cipher = PKCS1_OAEP.new(key) decrypted = cipher.decrypt(encrypted)
Note: The above examples use PKCS#1 OAEP encryption scheme. pycrypto also implements PKCS#1 v1.5 encryption scheme, this one is not recommended for new protocols however due to known caveats.