How to use the rsa.PrivateKey function in rsa

def decrypt_windows_password(self, instance_id):
        password = ""
        password_data = self._client. \
            get_password_data(InstanceId=instance_id)['PasswordData']
        if password_data:
            password = base64.b64decode(password_data)
            with open(self.get_ssh_key_path(AWS_SSH_KEY_NAME), 'r') \
                    as privkeyfile:
                priv = rsa.PrivateKey.load_pkcs1(privkeyfile.read())
                password = rsa.decrypt(password, priv).decode('utf-8')

        return password

The loaded private key

    """
    try:
        der = rsa.pem.load_pem(pem, 'PRIVATE KEY')
        keyinfo, _ = decoder.decode(der)

        if keyinfo[1][0] != univ.ObjectIdentifier('1.2.840.113549.1.1.1'):
            raise ValueError('Not a DER-encoded OpenSSL private RSA key')

        private_key_der = keyinfo[2].asOctets()

    except IndexError:
        raise ValueError('Not a DER-encoded OpenSSL private RSA key')

    return rsa.PrivateKey.load_pkcs1(private_key_der, format='DER')

# Make sure only one of private_key_file and private_key_string is set
        if private_key_file and private_key_string:
            raise ValueError("Only specify the private_key_file or the private_key_string not both")
        if not private_key_file and not private_key_string:
            raise ValueError("You must specify one of private_key_file or private_key_string")
        # If private_key_file is a file name, open it and read it
        if private_key_string is None:
            if isinstance(private_key_file, basestring):
                with open(private_key_file, 'r') as file_handle:
                    private_key_string = file_handle.read()
            # Otherwise, treat it like a file
            else:
                private_key_string = private_key_file.read()

        # Sign it!
        private_key = rsa.PrivateKey.load_pkcs1(private_key_string)
        signature = rsa.sign(str(message), private_key, 'SHA-1')
        return signature

def initSignCert(certPath, certPwd):
        if certPath is None or certPwd is None:
            logging.error("signCertPath or signCertPwd is none, exit initSignCert")
            return None

        logging.info("读取签名证书 ...")
        with open(certPath, 'rb') as fs:
            pkcs12 = crypto.load_pkcs12(fs.read(), certPwd.encode('ascii'))

        if pkcs12 is None:
            logging.error("load pkcs12 error")
            return None

        pkey = pkcs12.get_privatekey()
        pkey = CertUtil.pkcs8_to_pkcs1(pkey)
        pkey = rsa.PrivateKey.load_pkcs1(pkey, 'PEM')

        cert = Cert()
        cert.key = pkey
        cert.certId = str(pkcs12.get_certificate().get_serial_number())
        cert.cert = pkcs12.get_privatekey()
        CertUtil.__signCerts[certPath] = cert
        logging.info("签名证书读取成功, 序列号: " + cert.certId)
        return cert

def _load_rsa_private_key(pem):
    """PEM encoded PKCS#8 private key -> rsa.PrivateKey."""
    # ADB uses private RSA keys in pkcs#8 format. 'rsa' library doesn't support
    # them natively. Do some ASN unwrapping to extract naked RSA key
    # (in der-encoded form). See https://www.ietf.org/rfc/rfc2313.txt.
    # Also http://superuser.com/a/606266.
    try:
        der = rsa.pem.load_pem(pem, 'PRIVATE KEY')
        keyinfo, _ = decoder.decode(der)
        if keyinfo[1][0] != univ.ObjectIdentifier(
                '1.2.840.113549.1.1.1'):  # pragma: no cover
            raise ValueError('Not a DER-encoded OpenSSL private RSA key')
        private_key_der = keyinfo[2].asOctets()
    except IndexError:  # pragma: no cover
        raise ValueError('Not a DER-encoded OpenSSL private RSA key')
    return rsa.PrivateKey.load_pkcs1(private_key_der, format='DER')

def perform_operation(self, indata, pub_key, cli_args=None):
        '''Encrypts files.'''

        return rsa.encrypt(indata, pub_key)

class DecryptOperation(CryptoOperation):
    '''Decrypts a file.'''

    keyname = 'private'
    description = ('Decrypts a file. The original file must be shorter than '
            'the key length in order to have been encrypted. For larger '
            'files, use the pyrsa-decrypt-bigfile command.')
    operation = 'decrypt'
    operation_past = 'decrypted'
    operation_progressive = 'decrypting'
    key_class = rsa.PrivateKey

    def perform_operation(self, indata, priv_key, cli_args=None):
        '''Decrypts files.'''

        return rsa.decrypt(indata, priv_key)

class SignOperation(CryptoOperation):
    '''Signs a file.'''

    keyname = 'private'
    usage = 'usage: %%prog [options] private_key hash_method'
    description = ('Signs a file, outputs the signature. Choose the hash '
            'method from %s' % ', '.join(HASH_METHODS))
    operation = 'sign'
    operation_past = 'signature'
    operation_progressive = 'Signing'

def genCertAndPriv(certFile, privFile, e, n, d):
    e = E
    p = n - 1
    q = n - 1
    exp1 = e
    exp2 = d
    coef = e
    r = rsa.PrivateKey(n, e, d, p, q, exp1=e, exp2=e,coef=e)
    r.exp1 = 0
    r.exp2 = 0
    r.coef = 0
    r.p = 0
    r.q = 0
    open(privFile, 'wt').write(r.save_pkcs1())
    a =rsa.PublicKey(n,e)
    replaceKey(certFile,a._save_pkcs1_der())

parser.add_argument('-a', '--app-id', default="https://app.example/oauth/code",
	help="application id (default %(default)s)")
parser.add_argument('-i', '--issuer', default="https://self-issued.me",
	help="id_token issuer (default %(default)s)")
parser.add_argument('-K', '--key-id', help="JWK kid (default %(default)s)")
parser.add_argument('-A', '--app-auth', help="app authorizations URI (use multiple times)", action='append')
parser.add_argument('-t', '--token-only', action='store_true',
	help="output the bare access token instead of the full JSON response")
parser.add_argument('-d', '--debug', action='store_true')
parser.add_argument('uri', help="URI to access")

args = parser.parse_args()

is_self_issued = args.issuer == "https://self-issued.me"

privateKey = rsa.PrivateKey.load_pkcs1(open(args.private_key, "rb").read())

def b64u_encode(s):
	return base64.urlsafe_b64encode(s).rstrip('=')

def compact_json(obj):
	return json.dumps(obj, indent=None, separators=(',', ':'))

def urlencode(query):
	# urllib.urlencode will encode a None value as a string None.
	# this will suppress None and empty values.
	rv = []
	for k, v in query.iteritems():
		if v:
			rv.append('%s=%s' % (urllib.quote_plus(str(k)), urllib.quote(str(v), '')))
	return '&'.join(rv)

try:
                    self._prepared_key = pyrsa.PublicKey.load_pkcs1_openssl_pem(key)
                except ValueError:
                    try:
                        self._prepared_key = pyrsa.PrivateKey.load_pkcs1(key)
                    except ValueError:
                        try:
                            der = pyrsa_pem.load_pem(key, b'PRIVATE KEY')
                            try:
                                pkcs1_key = rsa_private_key_pkcs8_to_pkcs1(der)
                            except PyAsn1Error:
                                # If the key was encoded using the old, invalid,
                                # encoding then pyasn1 will throw an error attempting
                                # to parse the key.
                                pkcs1_key = _legacy_private_key_pkcs8_to_pkcs1(der)
                            self._prepared_key = pyrsa.PrivateKey.load_pkcs1(pkcs1_key, format="DER")
                        except ValueError as e:
                            raise JWKError(e)
            return
        raise JWKError('Unable to parse an RSA_JWK from key: %s' % key)