cryptography¶
- class tpm2_pytss.cryptography.tpm_ecc_private_key(ectx, handle, session=ESYS_TR.PASSWORD)[source]¶
Interface to a TPM ECC key for use with the cryptography module.
- Parameters:
Notes
It is recommended to use the
get_digest_algorithm()
andget_signature_algorithm()
methods for highest compatibility.- Raises:
ValueError – If the key has the restricted bit set, the curve isn’t supported or if the handle doesn’t reference an ECC key.
- property curve¶
The ECC curve.
- exchange(algorithm, peer_public_key)[source]¶
Implements the exchange interface.
See
exchange()
for documentationen.- Raises:
ValueError – If the curves does not match or the decrypt bit isn’t set.
- get_digest_algorithm()[source]¶
Get an usable digest algorithm for use with the key.
If any scheme with a specified digest algorithm is specified return that algorithm. Otherwise the name digest algorithm is returned.
The returned digest algorithm can be used with different cryptography functions.
- Returns:
The digest algorithm as a
HashAlgorithm
subclass.- Raises:
ValueError – If the digest algorithm is not supported.
- get_signature_algorithm()[source]¶
Get a padding configuration for use with the sign method.
If the key has a scheme specified, use that scheme. Otherwise, use ECDSA as the default
Returns: an instance of
EllipticCurveSignatureAlgorithm
- Raises:
ValueError – If the either the scheme or digest algorithm is unsupported.
- property key_size¶
The ECC key size.
- public_key()[source]¶
Get the public key.
Returns: the public part of the ECC key as a
EllipticCurvePublicKey
- sign(data, signature_algorithm)[source]¶
Implements the sign interface.
See
sign()
: for documentation.- Raises:
ValueError – if the requested signature algorithm isn’t supported by the key or the sign_encrypt bit isn’t set.
- class tpm2_pytss.cryptography.tpm_rsa_private_key(ectx, handle, session=ESYS_TR.PASSWORD)[source]¶
Interface to a TPM RSA key for use with the cryptography module.
- Parameters:
Notes
It is recommended to use the
get_digest_algorithm()
,get_decryption_padding()
andget_signature_padding()
methods for highest compatibility.- Raises:
ValueError – If the key has the restricted bit set or if the handle doesn’t reference an RSA key.
- decrypt(ciphertext, padding)[source]¶
Implements the decrypt interface.
See
decrypt()
for documentation.Notes
If a non-empty label is used with OAEP padding, this will fail.
- Raises:
ValueError – if the requested padding isn’t supported by the key.
- get_decryption_padding()[source]¶
Get a padding configuration for use with the decrypt method.
If the key has a scheme specified, use that scheme. Otherwise, use OAEP as the default.
- Returns:
An instance of
AsymmetricPadding
.- Raises:
ValueError – If the either the scheme or digest algorithm is unsupported.
- get_digest_algorithm()[source]¶
Get an usable digest algorithm for use with the key.
If any scheme with a specified digest algorithm is specified return that algorithm. Otherwise the name digest algorithm is returned.
The returned digest algorithm can be used with different cryptography functions.
- Returns:
The digest algorithm as a
HashAlgorithm
subclass.- Raises:
ValueError – If the digest algorithm is not supported.
- get_signature_padding()[source]¶
Get a padding configuration for use with the sign method.
If the key has a scheme specified, use that scheme. Otherwise, use PSS as the default.
- Returns:
An instance of
AsymmetricPadding
.
Raises: ValueError if the either the scheme or digest algorithm is unsupported.
- property key_size¶
The RSA key size
- public_key()[source]¶
Get the public key.
Returns: the public part of the RSA key as a
RSAPublicKey
.
- sign(data, padding, algorithm)[source]¶
Implements the sign interface.
See
sign()
for documentationen.Notes
For PSS padding, the salt length should be set to the length of the digest as that is the only setup the TPM uses.
- Raises:
ValueError – If the requested padding isn’t supported by the key or the sign_encrypt bit isn’t set.