In [1]:
from cryptography.hazmat.primitives.asymmetric import rsa

See https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key.

Also, https://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html regarding choice of public exponent.

In [2]:
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048
)

In [3]:
public_key = private_key.public_key()

In [4]:
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes

In [5]:
message = b'secret message'

See https://cryptography.io/en/stable/hazmat/primitives/asymmetric/rsa/#encryption.

In [6]:
ciphertext = public_key.encrypt(
    message,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

In [7]:
plaintext = private_key.decrypt(
    ciphertext,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None,
    )
)

In [8]:
plaintext == message

True

See https://cryptography.io/en/stable/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.padding.OAEP.