sign¶

KeyManager.sign(message: Union[str, bytes], pad=None, hashing: cryptography.hazmat.primitives.hashes.HashAlgorithm = <cryptography.hazmat.primitives.hashes.SHA256 object>) → bytes [source]¶

Generate a signature for a given message using the loaded private_key. The signature is Base64 encoded to allow for easy storage and transmission of the signature, and can later be verified by verify() using public_key

>>> km = KeyManager.load_keyfile('id_rsa')
>>> sig = km.sign('hello world')        # Sign 'hello world' using the id_rsa private key
>>> try:
...     km.verify(sig, 'hello world')   # Verify it using the public key (automatically generated)
...     print('Signature is valid')
>>> except cryptography.exceptions.InvalidSignature:
...     print('Signature IS NOT VALID!')

Alternatively, you can manually run base64.urlsafe_b64decode() to decode the signature back into raw bytes, then you can verify it using the verify method of a cryptography public key instance, such as Ed25519PublicKey or RSAPublicKey

Parameters

message (str|bytes) – The message to verify, e.g. hello world
pad – (RSA only) An instance of a cryptography padding class, e.g. padding.PSS
hashing (HashAlgorithm) – (ECDSA/RSA) Use this hashing method for padding/signatures

Raises

cryptography.exceptions.InvalidSignature – When the signature does not match the message

Return bytes sig

A base64 urlsafe encoded signature