Asymmetric cryptography is a branch of cryptography where a secret key can be divided into two parts, a public key and a private key. The public key can be given to anyone, trusted or not, while the private key must be kept secret (just like the key in symmetric cryptography).
Asymmetric cryptography has two primary use cases: authentication and confidentiality. Using asymmetric cryptography, messages can be signed with a private key, and then anyone with the public key is able to verify that the message was created by someone possessing the corresponding private key. This can be combined with a proof of identity system to know what entity (person or group) actually owns that private key, providing authentication.
Encryption with asymmetric cryptography works in a slightly different way from symmetric encryption. Someone with the public key is able to encrypt a message, providing confidentiality, and then only the person in possession of the private key is able to decrypt it.
ed25519 x25519 ed448 x448 ec rsa dh dsa serialization utils
Asymmetric key types do not inherit from a common base class. The following union type aliases can be used instead to reference a multitude of key types.
cryptography.hazmat.primitives.asymmetric.types
PublicKeyTypes
40.0.0
Type alias: A union of all public key types supported: ~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKey, ~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, ~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, ~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, ~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, ~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey, ~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey, ~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey.
PrivateKeyTypes
40.0.0
Type alias: A union of all private key types supported: ~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey, ~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, ~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, ~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey, ~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, ~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey, ~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey, ~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.
CertificatePublicKeyTypes
40.0.0
Type alias: A union of all public key types supported for X.509 certificates: ~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, ~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, ~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, ~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, ~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey, ~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey, ~cryptography.hazmat.primitives.asymmetric.x448.X448PublicKey.
CertificateIssuerPublicKeyTypes
40.0.0
Type alias: A union of all public key types that can sign other X.509 certificates as an issuer. x448/x25519 can be a public key, but cannot be used in signing, so they are not allowed in these contexts.
Allowed: ~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey, ~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey, ~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey, ~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey, ~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PublicKey.
CertificateIssuerPrivateKeyTypes
40.0.0
Type alias: A union of all private key types that can sign other X.509 certificates as an issuer. x448/x25519 can be a public key, but cannot be used in signing, so they are not allowed in these contexts.
Allowed: ~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey, ~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey, ~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey, ~cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey, ~cryptography.hazmat.primitives.asymmetric.ed448.Ed448PrivateKey.