Hi Glyph,
Ah, sorry for jumping to conclusions. I simply assumed you were one of
the devs/maintainers :)
"What would you do with metadata about KDF parameters, if you had them?"
Correct me if I'm wrong. I believe those parameters (initial vector, number of
rounds...) are required to restore the AES key from the user-provided password.
Without those parameters one cannot restore the AES key and thus not decrypt
the cipher text.
Cheers,
Ben
On 11-Jul-24 01:11, Glyph wrote:
On Jul 10, 2024, at 2:45 PM, Benjamin W. Portner via Cryptography-dev
<cryptography-dev@python.org> wrote:
Hi Glyph,
thanks for chiming in and for the interesting insights from the implementation
side. I wasn't aware of the difficulties involved in providing the recipient
side of OpenPGP. It totally makes sense though.
Personally, I am kind of happy with your recipe short list. The only thing that
is missing for my personal use case is how to encapsulate the parameters that
were used for the key derivation alogirhtm together with the cipher text so
that they can be recovered by the recipient. The only reason why I suggested
OpenPGP is because I assume that the standard prescribes a way to do that. Is
there any chance that you will add steps for this in the Fernet recipe?
I am just a Cryptography user who happens to know the maintainers reasonably well, so
it's unlikely that I will do this :). I don't think I understand your request
though. Fernet is an implementation of a standard, it doesn't have a facility for
storing KDF parameters. You can read about it here:
<https://github.com/fernet/spec/blob/master/Spec.md>. Their repo also has an
issues list, so you could file the request, if you thought it was useful.
What would you do with metadata about KDF parameters, if you had them?
-g
_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev
