This module is a mash-up of python-rsa, Toms Fast Math (ported to MicroPython by Damiano Mazzella, the author of ucrypto), and python-asn1. The goal was to create a MicroPython module that would:
- Be simple to use
- Support loading/exporting RSA keys in common formats/structures
- Support generation of new keys
- Support signing/verification with blinding using common hashing algorithms
- Support encryption/decryption with blinding
-
- PKCS#1 DER
- PKCS#1 PEM
- PKCS#8 DER
- PKCS#8 PEM
-
- PKCS#1 DER
- PKCS#1 PEM
- X.509/SPKI DER
- X.509/SPKI PEM
The OpenSSL commands used to generate supported keys are contained in the docstrings for the functions that operate on those keys.
- SHA-1
- SHA-256
-
Clone or copy the repo.
-
Copy the contents (not the actual directory) of the
port_modules
directory into themodules
directory of the MicroPython port you are building for. -
Copy the
user_c_modules
directory (the actual directory) somewhere you can reference it your MicroPython build command. The MicroPython docs recommend placing user C modules outside the MicroPython directory, but I find it easier to simply have auser_c_modules
directory inside the MicroPython directory which contains all the user C modules I want to build. This way you can simply make sure any other user C modules are included in themicropython.cmake
in that directory. -
Run a command similar to this. This command is based on the
user_c_modules
being placed as shown in the directory structure in the picture above. The command you need to run may change based on your port, board, and directory structure:make -j8 BOARD=GENERIC_S3 USER_C_MODULES="$(pwd)/micropython/user_c_modules/mprsa/micropython.cmake" -C "$(pwd)/micropython/ports/esp32"
See test.py
Hardware which this module has been tested on is listed below with ✔️ if it worked, and ❌ if it didn't work. If you are willing to try the module out on other hardware and run test.py to verify it works, that would be appreciated. Make an issue with your findings and I'll update this README.md, or make a PR which updates this section of the README.md.
Device | Works | Notes |
---|---|---|
ESP32 | ✔️ |
|
ESP32-S3 | ✔️ |
- Key Generation Speed
- Even when using Toms Fast Math, generating a key of any size that can offer real security is slow. The
gen_key
function defaults to the fastest possible options for key generation (i.e. allowing modulus "n" to be of slightly fewer bits than specified and not requiring "p" and "q" to be safe primes), but generating a 2048-bit key on an ESP32-S3 still takes 3 - 5 minutes. When a modulus "n" of an exact size and/or "p" and "q" values which are safe primes are desired, the time to generate keys increases dramatically. In the case of 2048-bit keys sometimes 30 minutes, sometimes an hour or more.
- Even when using Toms Fast Math, generating a key of any size that can offer real security is slow. The
- Key Size
- Max key size is 2048-bits. This can likely be increased by tweaking tfm.h, specifically the value of
FP_SIZE
.
- Max key size is 2048-bits. This can likely be increased by tweaking tfm.h, specifically the value of
All the code in this module is copyright under the Apache License, the MIT License, or is public domain.