geremy condra <debat...@gmail.com> added the comment:
On Sat, Jun 19, 2010 at 7:52 AM, Antoine Pitrou <rep...@bugs.python.org> wrote:
>
> Antoine Pitrou <pit...@free.fr> added the comment:
>
> Le samedi 19 juin 2010 à 00:55 +0000, geremy condra a écrit :
>> geremy condra <debat...@gmail.com> added the comment:
>>
>> On Fri, Jun 18, 2010 at 6:05 AM, Antoine Pitrou <rep...@bugs.python.org>
>> wrote:
>> >
>> > Antoine Pitrou <pit...@free.fr> added the comment:
>> >
>> >> Great, I'm thinking more-or-less the API proposed in PEP 272- the
>> >> exception I'm thinking of is that 'strings' should be substituted for
>> >> 'bytes'- for AES and DES. It gets trickier when talking about public
>> >> key crypto, though. Perhaps something along the lines of
>> >> RSA.new(public_key=None, private_key=None,...), with the resulting
>> >> object supporting encrypt/decrypt/sign/verify operations?
>> >
>> > I don't have any opinion right now. I think a concrete proposal should
>> > be initiated and we can iterate from that.
>> > (that's assuming other people agree on the principle, of course)
>>
>> I assume that by "a concrete proposal" you're talking about code? Or
>> API docs? Also, what more needs to be done to ensure that other people
>> agree on the principle?
>
> I was thinking about a PEP. Of course, you are free to reuse existing
> PEP content for that :)
Ok. I've gone ahead and put together kind of a map for what I think the
basic structure of the library is going to look like. Let me know what you
think, and once we're done with that we can proceed into PEP land.
crypto API
==========
Variables message, key, salt, iv, ciphertext, and signature are of type bytes.
Variables public_key and private_key are DER-encoded bytes.
Variable bitlength is an integer.
Note that we deviate from the standard in PEP 272 in several ways:
* arguments are generally bytes rather than strings
* ciphers do not accept the 'counter', 'rounds', or 'segment_size' args
Layer 1
-------
Symmetric Ciphers
crypto.cipher.encrypt(message, key) -> (salt, iv, ciphertext)
depends on:
crypto.keys.strengthen_password
crypto.AES.new
crypto.AES.encrypt
raises:
crypto.cipher.EncryptionError
crypto.cipher.decrypt(salt, iv, ciphertext, key) -> message
depends on:
crypto.AES.new
crypto.AES.decrypt
raises:
crypto.cipher.DecryptionError
Envelope Encryption
crypto.envelope.encrypt(message, public_key) -> (iv, aes_key,
ciphertext)
depends on:
crypto.keys.random_key
crypto.AES.new
crypto.AES.encrypt
crypto.RSA.new
crypto.RSA.encrypt
raises:
crypto.envelope.EncryptionError
crypto.envelope.decrypt(iv, aes_key, ciphertext, private_key) -> message
depends on:
crypto.AES.new
crypto.AES.decrypt
crypto.RSA.new
crypto.RSA.decrypt
raises:
crypto.envelope.DecryptionError
Digital Signatures
crypto.signature.sign(message, private_key) -> signature
depends on:
hashlib.SHA512.new
hashlib.SHA512.update
hashlib.SHA512.digest
crypto.RSA.new
crypto.RSA.sign
raises:
crypto.signature.SigningError
crypto.signature.verify(message, signature, public_key)
depens on:
hashlib.SHA512.new
hashlib.SHA512.update
hashlib.SHA512.digest
crypto.RSA.new
crypto.RSA.verify
Layer 2
-------
Utilities
crypto.keys.strengthen_password(password) -> key
depends on:
openssl: RAND_bytes, EVP_get_digest_by_name,
EVP_bytes_to_key
raises:
crypto.keys.KeyGenerationError
Symmetric Encryption
crypto._cipher_object
crypto._cipher_object.CipherObject._ctx = openssl context | None
crypto._cipher_object.CipherObject._cipher = openssl cipher |
None
crypto._cipher_object.CipherObject._key = bytes | None
CipherObject.encrypt(self, data) -> ciphertext
depends on:
crypto._cipher_object.CipherObject.encrypt_init
crypto._cipher_object.CipherObject.encrypt_update
crypto._cipher_object.CipherObject.encrypt_finalize
raises:
crypto._cipher_object.EncryptError
CipherObject.encrypt_init() -> None
depends on:
openssl: EVP_EncryptInit_ex
raises:
crypto._cipher_object.EncryptInitError
CipherObject.encrypt_update
depends on:
openssl: EVP_EncryptUpdate_ex
raises:
crypto._cipher_object.EncryptUpdateError
CipherObject.encrypt_finalize
depends on:
openssl: EVP_EncryptFinal_ex
raises:
crypto._cipher_object.FinalizeError
CipherObject.decrypt(self, ciphertext) -> message
depends on:
crypto._cipher_object.CipherObject.decrypt_init
crypto._cipher_object.CipherObject.decrypt_update
crypto._cipher_object.CipherObject.decrypt_finalize
raises:
crypto._cipher_object.DecryptError
CipherObject.decrypt_init() -> None
depends on:
openssl: EVP_DecryptInit_ex
raises:
crypto._cipher_object.DecryptInitError
CipherObject.decrypt_update
depends on:
openssl: EVP_DecryptUpdate_ex
raises:
crypto._cipher_object.DecryptUpdateError
CipherObject.decrypt_finalize
depends on:
openssl: EVP_DecryptFinal_ex
raises:
crypto._cipher_object.DecryptFinalizeError
crypto.AES
crypto.AES.new(key, mode, IV=None) -> cipher_object
crypto.DES
crypto.DES.new(key, mode, IV=None) -> cipher_object
Asymmetric Encryption
crypto.RSA
crypto.RSA.new(public_key=None, private_key=None, padding=4) ->
crypto.RSA.RSA
depends on:
openssl: d2i_RSAPublicKey, d2i_RSAPrivateKey
raises:
crypto.RSA.KeyError
crypto.RSA.InitializationError
crypto.RSA.generate_keypair(bitlength) -> public_key,
private_key
depends on:
openssl: RSA_generate_key, i2d_RSAPublicKey,
RSA_free
raises:
crypto.RSA.KeygenError
crypt.RSA.RSA
crypto.RSA.RSA._public_key = openssl RSA key | None
crypto.RSA.RSA._private_key = openssl RSA key | None
crypto.RSA.RSA._padding_type = integer
crypto.RSA.RSA.encrypt(self, data) -> ciphertext
depends on:
openssl: RSA_size, RSA_public_encrypt
raises:
crypto.RSA.EncryptionError
crypto.RSA.RSA.decrypt(self, ciphertext) -> message
depends on:
openssl: RSA_size, RSA_private_decrypt
raises:
crypto.RSA.DecryptionError
crypto.RSA.RSA.sign(self, hash) -> signature
depends on:
openssl: RSA_size, RSA_sign
raises:
crypto.RSA.SigningError
crypto.RSA.RSA.verify(self, hash, signature) -> True | False
depends on:
openssl: RSA_size, RSA_verify
raises:
crypto.RSA.VerificationError
Geremy Condra
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue8998>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
