### RSA key pair generation

Let's generate a 2048-bit RSA key pair:

In [1]:
from Crypto.PublicKey import RSA

keypair = RSA.generate(2048)
print(type(keypair))


<class 'Crypto.PublicKey.RSA.RsaKey'>


### Export the key pair in PEM format

For saving the key pair in a file, you first need to serialize the key pair object into a string. This is done with the `export_key()` method of the key object. There exists standardized formats for exported key objects. One of them is PEM which is an ASCII-based format that converts the elements of the key object from binary representation to a Base64-encoded ASCII text (and adds some human readable header fields as well). 

When you export a key pair, you will also export the private key, which is supposed to remain secret, so the exported key can be protected by encrypting it with a key generated from a password. The `export_key()` method does this encryption for you if you specify the password in its input.

In [7]:
keypairstr = keypair.export_key(format='PEM', passphrase='your_key').decode('ASCII')
print(keypairstr)

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,56B92655F7EF9D07

q+qgdwsTOgTvZg5qUfi7Pmo9Fp/nIJYC3GtenifxGGqZDO8T/I1uSpF0TrlVrCfF
x5Vngq1aMMrIIsF1xYu/FBMj469Yft4xqeLi7x0RU9O1ZUdqXmSd1x4iI46Fb9oT
Tw4qIOtG9qtUi1U75XTPQm0YBlAC+nJVG9WWOYy+WuOHYklbWIEMCHkddGDlJ9vu
ej23/2jd5DDR/9t7FEx1fexmnTI06q5V/T1pIq16oYsG6goXN56xX5J1mvawTYC+
i4BUJL7I7dvInMujPh9HbTG9/6wEbF/lZsbs7JC7Ys7BDbaUQgUdmaCVKdeaRiRV
wRMwo3JWR6inqqwGXxRJ7b+YaKIWOZIl9Q6zUqhMeDZF9zo1qCfqjseU6GTsucVe
2DhNYHAtscIYH77mfn7E5OyPYJT3p1unMVV5YIyMPBJmYxX7cSnTdwYgokVRNUSR
q4BX2uXpibTRkpaGKItjGgL/QypHFJBdQOBx94IKGBwhpU7bhzEFdEZn1qYaLGJS
16DLvWZ+qoqOEiOsGU6rwcpcfgysoPYuUdEz9ZrTzH8X3LKS0IIC6opmplyfkc1y
/8ExAgKoA20Hue182zd+bzzh9lVEbnAnMF/0afhG4cBJ+NZNpjWHNvfXyGWT2Dt3
zoaSY8rzv/uivlhoetrKNMqjYYgBD+zRbmjrYstmzjMhnUMcgjiXrkJpnIKpVTEg
dXx3zJEOhRwunqPRi71RkAN3YX80Dft2fnqd9WA0NNVM9Je3+w8VH7dM5xKu2yhD
hGQ0tMtFviclov9TpCtwa76ezyDpqXlOKDd/iRKiPGQAzC8+xt+IT31+GvJKs25z
T1gqWUT+V6cee6WuRQw+Y46xbaNYZ/Fx61SaVnb7LoWR31sqQ2ltSry3uPW

### Export only the public key in PEM format

Often, Sometimesyou want to export only the public key, e.g., when you want to share your public key with someone. This is how to do it (not that we do not specify a password in this case, as the public key does not need to remain secret):

In [3]:
pubkey = keypair.publickey()
pubkeystr = pubkey.export_key(format='PEM').decode('ASCII')
print(pubkeystr)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsiWJ6D/IAxJe9rgg0O7u
9N4eMWCN5LunnHWxPupUmCbFVZl3JjURpHAKUfuiPKu34AR+Z7lKxXvF03OhUjhM
ShK2SAwg/uuasnZYsIhHYL8xIPx9gx+gK902To4DXBebbwGutQMlrqVsnezYacKN
osesYQWsqI6LNElPdoJ4tt6npDn0omJc5X5dmsUL/A+kzcKvVjG3QPb7GDNgHSYV
5xfIyPA3hDpjB4xhD64QkIg6rr/7s70F34iRJUA9eUKV5Zfov+dQyTbDpMsz6xmS
ENOp+IwGx7BZC5vQUSZB5+6ehKoN+Lz4D3aL80oP5DvukASgDUEAVtQZ1za2W8Zr
IQIDAQAB
-----END PUBLIC KEY-----


### RSA encryption

In order to encrypt with RSA, first you need a public key, and then you need an RSA cipher object that you initialize with the public key:

In [4]:
from Crypto.Cipher import PKCS1_OAEP
cipher = PKCS1_OAEP.new(pubkey)


You encrypt the plaintext by calling the `encrypt()` method of the cipher object:

In [5]:
ciphertext = cipher.encrypt(b'Plaintext should fit within 1 RSA block.')

The ciphertext is a binary string that can be printed in hex format or it can be converted to printable text using the base64 encoding:

In [6]:
print('Ciphertext (in hex):')
print(ciphertext.hex())

from base64 import b64encode
print('Ciphertext (in Base64):')
print(b64encode(ciphertext).decode('ASCII'))

Ciphertext (in hex):
944316a6a3eebe465f12fcf506e0c0545b970421d117a23982d17cf422c12e1bee2ea056ffdb6e65d0c2e7676f9569dc8b6f69f1940deb5c9db89eb8ec29cfea5a57328454a2ab9890f99f9b56dacb2c4b84515cef763747b65e85799dec5fe775be08d6d097774bc42c5136f9e16e208bb5fafe003ebcf12ab4e9bc2217c3a6a6df24e9f19ad814c008fcf4c860b8fa1d6a179811b61079b4a4b298c9e5b6ea76041c9c4bbb7b7fe394ecf8e0ef3e4a0feb73d14c1a6dccf1ef7dfc3bdba86107bffe77e7cee7e84fb82415e911069426e5aeef2c92c77f816a04a89c639df650f2620edbdb746f78f7c959078da1bc3c8a2349aa765e639b7bc54166ed81b3
Ciphertext (in Base64):
lEMWpqPuvkZfEvz1BuDAVFuXBCHRF6I5gtF89CLBLhvuLqBW/9tuZdDC52dvlWnci29p8ZQN61yduJ647CnP6lpXMoRUoquYkPmfm1bayyxLhFFc73Y3R7ZehXmd7F/ndb4I1tCXd0vELFE2+eFuIIu1+v4APrzxKrTpvCIXw6am3yTp8ZrYFMAI/PTIYLj6HWoXmBG2EHm0pLKYyeW26nYEHJxLu3t/45Ts+ODvPkoP63PRTBptzPHvffw726hhB7/+d+fO5+hPuCQV6REGlCblru8sksd/gWoEqJxjnfZQ8mIO29t0b3j3yVkHjaG8PIojSap2XmObe8VBZu2Bsw==


### RSA decryption

Decryption works in a similar manner. You first create an RSA cipher object and then call its `decrypt()` method. However, pay attention to pass the keypair object that contains the private key to the constructor of your cipher rather than passing only the public key.

In [7]:
cipher = PKCS1_OAEP.new(keypair)
try:
    recovered_plaintext = cipher.decrypt(ciphertext)
except ValueError:
    print('Something went wrong when decrypting the ciphertext.')
else:
    print('Plaintext:')
    print(recovered_plaintext.decode('ASCII'))

Plaintext:
Plaintext should fit within 1 RSA block.


### RSA signature generation

Now let's use our key pair (private key) to sign something with RSA. For this, you will also need a hash function, like SHA256. First you hash what you want to sign, and then you generate the signature. Please note that you don't pass the hash value itself as input to the signature generation, but rather you pass the hash function object (together with its hashing state).

In [8]:
from Crypto.Signature import PKCS1_PSS
from Crypto.Hash import SHA256

msg = b'This is a test message to be signed...'

h = SHA256.new()
h.update(msg)
# Don't call h.digest() here!!!
# The hash object h will be passed to the signing function, 
# and it will complete the hash calculation

signer = PKCS1_PSS.new(keypair)
signature = signer.sign(h)

print('Signature length (in bytes):', len(signature))
print('Signature value (in hex):')
print(signature.hex())

Signature length (in bytes): 256
Signature value (in hex):
7313defb2a91245a8a90295e44520596736751e44fe3c465b07f62ddff7faed7fa34bc8b89e71c2fefaccc696dc2eec9f91282da54e6db0a836faa4e060be8e92eadb36f9dece8188da5e0a3948b3c723777e5fd3aa62a45e6c6dc54943853c20bb2a0dc8be1b0f97e52e39205b705805d88c1d76d98d05cb5c2a153f224002a3e798279cf896a26c6c4ec801a72217944c6b13692e08e4ae9ef7d4c8663e6990fc2347a9df8b52894190e9bc46bfbfde98dd197dbdf7aab1dce5ae378c9d3fb8291c64358b73856a83b7976d138258e55c4a1ca2af88a8f510a7725ae76f18586dc5bb27abedb7cbf9d4b529f951caf67612ee9025e0e261155c125cbdd0aa4


### RSA signature verification

For verifying a signatire, you need the public key of the signer. You should create a signature verifier object and pass to its `verify()` method the hash of the message that has been signed and the signature. The `verify()` method returns a boolean result: True if the signature is valid, False otherwise.

In [9]:
h = SHA256.new()
h.update(msg)

verifier = PKCS1_PSS.new(pubkey)
if verifier.verify(h, signature):
        print('Signature is valid.')
else:
        print('Signature is invalid.')

Signature is valid.
