ecdsa.ecdh module
Class for performing Elliptic-curve Diffie-Hellman (ECDH) operations.
- class ecdsa.ecdh.ECDH(curve=None, private_key=None, public_key=None)[source]
Bases:
objectElliptic-curve Diffie-Hellman (ECDH). A key agreement protocol.
Allows two parties, each having an elliptic-curve public-private key pair, to establish a shared secret over an insecure channel
- generate_private_key()[source]
Generate local private key for ecdh operation with curve that was set.
- Raises:
NoCurveError – Curve must be set before key generation.
- Returns:
public (verifying) key from this private key.
- Return type:
Generate shared secret from local private key and remote public key.
The objects needs to have both private key and received public key before generation is allowed.
It’s the same for local and remote party, shared secret(local private key, remote public key) == shared secret(local public key, remote private key)
- Raises:
InvalidCurveError – public_key curve not the same as self.curve
NoKeyError – public_key or private_key is not set
- Returns:
shared secret
- Return type:
Generate shared secret from local private key and remote public key.
The objects needs to have both private key and received public key before generation is allowed.
- Raises:
InvalidCurveError – public_key curve not the same as self.curve
NoKeyError – public_key or private_key is not set
- Returns:
shared secret
- Return type:
- get_public_key()[source]
Provides a public key that matches the local private key.
Needs to be sent to the remote party.
- Returns:
public (verifying) key from local private key.
- Return type:
- load_private_key(private_key)[source]
Load private key from SigningKey (keys.py) object.
Needs to have the same curve as was set with set_curve method. If curve is not set - it sets from this SigningKey
- Parameters:
private_key (SigningKey) – Initialised SigningKey class
- Raises:
InvalidCurveError – private_key curve not the same as self.curve
- Returns:
public (verifying) key from this private key.
- Return type:
- load_private_key_bytes(private_key)[source]
Load private key from byte string.
Uses current curve and checks if the provided key matches the curve of ECDH key agreement. Key loads via from_string method of SigningKey class
- Parameters:
private_key (bytes-like object) – private key in bytes string format
- Raises:
NoCurveError – Curve must be set before loading.
- Returns:
public (verifying) key from this private key.
- Return type:
- load_private_key_der(private_key_der)[source]
Load private key from DER byte string.
Compares the curve of the DER-encoded key with the ECDH set curve, uses the former if unset.
Note, the only DER format supported is the RFC5915 Look at keys.py:SigningKey.from_der()
- Parameters:
private_key_der (string) – string with the DER encoding of private ECDSA key
- Raises:
InvalidCurveError – private_key curve not the same as self.curve
- Returns:
public (verifying) key from this private key.
- Return type:
- load_private_key_pem(private_key_pem)[source]
Load private key from PEM string.
Compares the curve of the DER-encoded key with the ECDH set curve, uses the former if unset.
Note, the only PEM format supported is the RFC5915 Look at keys.py:SigningKey.from_pem() it needs to have EC PRIVATE KEY section
- Parameters:
private_key_pem (string) – string with PEM-encoded private ECDSA key
- Raises:
InvalidCurveError – private_key curve not the same as self.curve
- Returns:
public (verifying) key from this private key.
- Return type:
- load_received_public_key(public_key)[source]
Load public key from VerifyingKey (keys.py) object.
Needs to have the same curve as set as current for ecdh operation. If curve is not set - it sets it from VerifyingKey.
- Parameters:
public_key (VerifyingKey) – Initialised VerifyingKey class
- Raises:
InvalidCurveError – public_key curve not the same as self.curve
- load_received_public_key_bytes(public_key_str, valid_encodings=None)[source]
Load public key from byte string.
Uses current curve and checks if key length corresponds to the current curve. Key loads via from_string method of VerifyingKey class
- Parameters:
public_key_str (bytes-like object) – public key in bytes string format
valid_encodings (set-like object) – list of acceptable point encoding formats, supported ones are: uncompressed, compressed, hybrid, and raw encoding (specified with
rawname). All formats by default (specified withNone).
- load_received_public_key_der(public_key_der)[source]
Load public key from DER byte string.
Compares the curve of the DER-encoded key with the ECDH set curve, uses the former if unset.
Note, the only DER format supported is the RFC5912 Look at keys.py:VerifyingKey.from_der()
- Parameters:
public_key_der (string) – string with the DER encoding of public ECDSA key
- Raises:
InvalidCurveError – public_key curve not the same as self.curve
- load_received_public_key_pem(public_key_pem)[source]
Load public key from PEM string.
Compares the curve of the PEM-encoded key with the ECDH set curve, uses the former if unset.
Note, the only PEM format supported is the RFC5912 Look at keys.py:VerifyingKey.from_pem()
- Parameters:
public_key_pem (string) – string with PEM-encoded public ECDSA key
- Raises:
InvalidCurveError – public_key curve not the same as self.curve
- exception ecdsa.ecdh.InvalidCurveError[source]
Bases:
ExceptionECDH. Raised in case the public and private keys use different curves.
- add_note()
Exception.add_note(note) – add a note to the exception
- args
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
Bases:
ExceptionECDH. Raised in case the shared secret we obtained is an INFINITY.
Exception.add_note(note) – add a note to the exception
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.