On 05/27/2016 09:27 PM, Alex Gaynor wrote:
The problem is Fernet refers to a specific standard, if you change it, you've got something new and not interoperable :-)Oddly, it /would/ interoperate (at least using cryptography's implementation) if you used the correct-sized key for the AES encryption (and if you weren't using the correct size, you wouldn't be using the right key and decryption should correctly fail). At least that's what it looks like. I need to do a proper test, but it looks like the changes are all in the Fernet class's __init__ and generate_key methods to use the desired key size instead of the current hard-coded 128 bits. Ugly but minimal-modifications method is to derive Fernet256 from Fernet implementing __init__ and generate_key with the hard-coded values changed to 256 bits, clean method is to rename Fernet to FernetBase and alter __init__ and generate_key to work based on the passed-in key length or requested number of key bits, then new Fernet, Fernet192 and Fernet256 classes derive from FernetBase forcing 128-, 192- or 256-bit AES keys. Names of the latter two classes could be changed, I use them just to remind myself that they're all related except for the key size.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
