1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
.. hazmat::
Ed448 signing
=============
.. currentmodule:: cryptography.hazmat.primitives.asymmetric.ed448
Ed448 is an elliptic curve signing algorithm using `EdDSA`_.
Signing & Verification
~~~~~~~~~~~~~~~~~~~~~~
.. doctest::
>>> from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PrivateKey
>>> private_key = Ed448PrivateKey.generate()
>>> signature = private_key.sign(b"my authenticated message")
>>> public_key = private_key.public_key()
>>> # Raises InvalidSignature if verification fails
>>> public_key.verify(signature, b"my authenticated message")
Key interfaces
~~~~~~~~~~~~~~
.. class:: Ed448PrivateKey
.. versionadded:: 2.6
.. classmethod:: generate()
Generate an Ed448 private key.
:returns: :class:`Ed448PrivateKey`
.. classmethod:: from_private_bytes(data)
:param data: 57 byte private key.
:type data: :term:`bytes-like`
:returns: :class:`Ed448PrivateKey`
.. method:: public_key()
:returns: :class:`Ed448PublicKey`
.. method:: sign(data)
:param data: The data to sign.
:type data: :term:`bytes-like`
:returns bytes: The 114 byte signature.
.. method:: private_bytes(encoding, format, encryption_algorithm)
Allows serialization of the key to bytes. Encoding (
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.PEM`,
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`, or
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`) and
format (
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8`
or
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw`
) are chosen to define the exact serialization.
:param encoding: A value from the
:class:`~cryptography.hazmat.primitives.serialization.Encoding` enum.
:param format: A value from the
:class:`~cryptography.hazmat.primitives.serialization.PrivateFormat`
enum. If the ``encoding`` is
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`
then ``format`` must be
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw`
, otherwise it must be
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8`.
:param encryption_algorithm: An instance of an object conforming to the
:class:`~cryptography.hazmat.primitives.serialization.KeySerializationEncryption`
interface.
:return bytes: Serialized key.
.. method:: private_bytes_raw()
.. versionadded:: 40
Allows serialization of the key to raw bytes. This method is a
convenience shortcut for calling :meth:`private_bytes` with
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`
encoding,
:attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw`
format, and
:class:`~cryptography.hazmat.primitives.serialization.NoEncryption`.
:return bytes: Raw key.
.. class:: Ed448PublicKey
.. versionadded:: 2.6
.. classmethod:: from_public_bytes(data)
:param bytes data: 57 byte public key.
:returns: :class:`Ed448PublicKey`
.. method:: public_bytes(encoding, format)
Allows serialization of the key to bytes. Encoding (
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.PEM`,
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.DER`, or
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`) and
format (
:attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.SubjectPublicKeyInfo`
or
:attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw`
) are chosen to define the exact serialization.
:param encoding: A value from the
:class:`~cryptography.hazmat.primitives.serialization.Encoding` enum.
:param format: A value from the
:class:`~cryptography.hazmat.primitives.serialization.PublicFormat`
enum. If the ``encoding`` is
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`
then ``format`` must be
:attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw`
, otherwise it must be
:attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.SubjectPublicKeyInfo`.
:returns bytes: The public key bytes.
.. method:: public_bytes_raw()
.. versionadded:: 40
Allows serialization of the key to raw bytes. This method is a
convenience shortcut for calling :meth:`public_bytes` with
:attr:`~cryptography.hazmat.primitives.serialization.Encoding.Raw`
encoding and
:attr:`~cryptography.hazmat.primitives.serialization.PublicFormat.Raw`
format.
:return bytes: Raw key.
.. method:: verify(signature, data)
:param signature: The signature to verify.
:type signature: :term:`bytes-like`
:param data: The data to verify.
:type data: :term:`bytes-like`
:returns: None
:raises cryptography.exceptions.InvalidSignature: Raised when the
signature cannot be verified.
.. _`EdDSA`: https://en.wikipedia.org/wiki/EdDSA
|
