Merge pull request #577 from public/backend-rsa-interface

RSABackend interface

2 files changed, 30 insertions, 0 deletions

diff --git a/cryptography/hazmat/backends/interfaces.py b/cryptography/hazmat/backends/interfaces.py
index 53c75181..630e7079 100644
--- a/cryptography/hazmat/backends/interfaces.py
+++ b/cryptography/hazmat/backends/interfaces.py
@@ -81,3 +81,12 @@ class PBKDF2HMACBackend(six.with_metaclass(abc.ABCMeta)):
         """
         Return length bytes derived from provided PBKDF2 parameters.
         """
+
+
+class RSABackend(six.with_metaclass(abc.ABCMeta)):
+    @abc.abstractmethod
+    def generate_rsa_private_key(self, public_exponent, bit_length):
+        """
+        Generate an RSAPrivateKey instance with public_exponent and a modulus
+        of bit_length bits.
+        """
diff --git a/docs/hazmat/backends/interfaces.rst b/docs/hazmat/backends/interfaces.rst
index 5131ca12..444ecb46 100644
--- a/docs/hazmat/backends/interfaces.rst
+++ b/docs/hazmat/backends/interfaces.rst
@@ -191,3 +191,24 @@ A specific ``backend`` may provide one or more of these interfaces.
             the derived key. This is typically a password.
 
         :return bytes: Derived key.
+
+
+.. class:: RSABackend
+
+    .. versionadded:: 0.2
+
+    A backend with methods for using RSA.
+
+    .. method:: generate_rsa_private_key(public_exponent, bit_length)
+
+        :param int public_exponent: The public exponent of the new key.
+            Often one of the small Fermat primes 3, 5, 17, 257 or 65537.
+
+        :param int bit_length: The length in bits of the modulus. Should be
+            at least 2048.
+
+        :return: A new instance of a
+            :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey`
+            provider.
+
+        :raises ValueError: If the public_exponent is not valid.