sign¶
-
KeyManager.
sign
(message: Union[str, bytes], pad=None, hashing: cryptography.hazmat.primitives.hashes.HashAlgorithm = <cryptography.hazmat.primitives.hashes.SHA256 object>) → bytes[source]¶ Generate a signature for a given message using the loaded
private_key
. The signature is Base64 encoded to allow for easy storage and transmission of the signature, and can later be verified byverify()
usingpublic_key
>>> km = KeyManager.load_keyfile('id_rsa') >>> sig = km.sign('hello world') # Sign 'hello world' using the id_rsa private key >>> try: ... km.verify(sig, 'hello world') # Verify it using the public key (automatically generated) ... print('Signature is valid') >>> except cryptography.exceptions.InvalidSignature: ... print('Signature IS NOT VALID!')
Alternatively, you can manually run
base64.urlsafe_b64decode()
to decode the signature back into raw bytes, then you can verify it using theverify
method of acryptography
public key instance, such asEd25519PublicKey
orRSAPublicKey
- Parameters
message (str|bytes) – The message to verify, e.g.
hello world
pad – (RSA only) An instance of a cryptography padding class, e.g.
padding.PSS
hashing (HashAlgorithm) – (ECDSA/RSA) Use this hashing method for padding/signatures
- Raises
cryptography.exceptions.InvalidSignature – When the signature does not match the message
- Return bytes sig
A base64 urlsafe encoded signature