[Cryptography-dev] PyCA cryptography 45.0.4 released

PyCA cryptography 45.04 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.7+, and

[Cryptography-dev] PyCA cryptography 45.0.3 released

PyCA cryptography 45.0.3 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.7+, an

[Cryptography-dev] PyCA cryptography 45.0.2 released

PyCA cryptography 45.0.2 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.7+, an

[Cryptography-dev] PyCA cryptography 44.0.3 released

PyCA cryptography 44.0.3 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.7+, an

Re: [Cryptography-dev] setting value of x509.SubjectKeyIdentifier other than digest

ff805f64b0a656aaee568' > > > > X509v3 extensions: > X509v3 Subject Alternative Name: critical > IP Address:2001:3F:FE3F:F805:F64B:A65:6AAE:E568 > X509v3 Subject Key Identifier: > 32:30:30:31:30:30:33:66:66:65:33:66:66:38

Re: [Cryptography-dev] setting value of x509.SubjectKeyIdentifier other than digest

gt; 20:01:00:3F:FE:3F:F8:05:E8:05:A9:8F:9D:F1:5E:2D > > > On 3/13/25 5:55 PM, Alex Gaynor wrote: > > I don't understand your question. As you can see, the value you pass > > as the digest is the same as the value the SKI instance has. And as > > the doc

Re: [Cryptography-dev] setting value of x509.SubjectKeyIdentifier other than digest

I just want its value in > SubjectKeyIdentifier > > I tried, after rereading that web page doc: > > ski = x509.SubjectKeyIdentifier(key_identifier=detb) > > But that threw an error > > > On 3/13/25 5:34 PM, Alex Gaynor via Cryptography-dev wrote: > > You

Re: [Cryptography-dev] setting value of x509.SubjectKeyIdentifier other than digest

You can pass any bytes value to the constructor: https://cryptography.io/en/latest/x509/reference/#cryptography.x509.SubjectKeyIdentifier (Sphinx doesn't highlight it, but you can see the constructor's signature `SubjectKeyIdentifier(digest)`). Alex On Thu, Mar 13, 2025 at 5:32 PM Robert Moskowit

Re: [Cryptography-dev] compatibility between python cryptography and openssl for DSA signature

Unfortunately I'm unable to reproduce. The signature you provided verifies fine with that private key. /tmp ❯❯❯ openssl dgst -verify dsa.key -signature test.sig test.txt Verified OK /tmp ❯❯❯ cat dsa.key -BEGIN PUBLIC KEY- MIIBtjCCASsGByqGSM44BAEwggEeAoGBAJeeE6sU5RBpDfNHj9J9abda8TYkBZNB tnW

[Cryptography-dev] PyCA cryptography 44.0.2 released

PyCA cryptography 44.0.2 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.7+, an

[Cryptography-dev] PyCA cryptography 44.0.1 released

PyCA cryptography 44.0.1 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.7+, an

Re: [Cryptography-dev] KDF Question

There's a request for KMAC, https://github.com/pyca/cryptography/issues/12141. Thus far no work has happened on it. If you're interested in contributing, we're happy to review a PR. Alex On Sun, Jan 12, 2025 at 12:02 PM Sriram R via Cryptography-dev wrote: > > Robert, > > Appreciate the links to

Re: [Cryptography-dev] KDF Question

Scrypt salts can safely be stored with derived hashes in plaintext. Alex On Sat, Jan 11, 2025 at 10:02 AM Sriram R wrote: > > Last question, does the salt data need to be encrypted when storing or is it > not sensitive information? > > > On Sat, Jan 11, 2025, 6:22 AM

Re: [Cryptography-dev] KDF Question

In general, using the output of a KDF as the key for symmetric encryption is fine. Alex On Fri, Jan 10, 2025 at 5:01 PM Sriram R via Cryptography-dev wrote: > > Hello, > > I'm generating a key using Scrypt from a password supplied by the user. I > then use this key as follows. This works but my

Re: [Cryptography-dev] AESGCMSIV

encrypt(nonce, fname, aesgcmsiv): >>> with open(fname, "rb") as infile: >>> file_data = infile.read() >>> >>> # encrypt data >>> edata = aesgcmsiv.encrypt(nonce, file_data, aad) >>> with open(fname, "wb") as outf

Re: [Cryptography-dev] AESGCMSIV

he other kdf parameters are the same. Like the salt size, n, p, r >> values etc. >> Any ideas as to why the decryption fails? >> I'm passing the same nonce to the .decrypt() method. >> >> >> On Sat, Jan 4, 2025, 12:46 PM Alex Gaynor wrote: >>> >

Re: [Cryptography-dev] AESGCMSIV

Based on "it creates a new key from the password and is used for decryption" it sounds like you're using different keys for encryption and decryption. You need to use the same key to decrypt a value as you used to encrypt it -- this is the point of symmetric encryption! It wouldn't make much sense

Re: [Cryptography-dev] [python-crypto] Is this list still active?

I don't know what the python-crypto list is for, but I'd guess it's either for PyCrypto or a general interest python crypto list. cryptography-dev is specifically for the PyCA family or libraries. Alex On Sat, Nov 2, 2024, 1:34 PM Matěj Cepl wrote: > On Wed Apr 3, 2024 at 2:41 PM CEST, Ralf Hi

[Cryptography-dev] PyCA cryptography 43.0.3 released

PyCA cryptography 43.0.3 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.7+, an

Re: [Cryptography-dev] Extended Key Usage of keyCertSign

NameError means you do not have a local variable with this name, it has nothing to do with cryptography. This is a fairly elementary Python mistake. Our documents and resources are generally oriented towards people who have an existing familiarity with Python. I'd strongly encourage you to develop

Re: [Cryptography-dev] well maybe not - what to import

All of the attributes and methods on certificates are documented here: https://cryptography.io/en/latest/x509/reference/#cryptography.x509.Certificate I strongly encourage you to read the documentation before asking for help. Alex On Fri, Aug 30, 2024 at 4:13 PM Robert Moskowitz wrote: > > I fi

Re: [Cryptography-dev] Extracting pub key from a csr

:12 PM Robert Moskowitz wrote: > > I want a variable that is the bits of the public key so that if I print > it, I get something like: > > 0xf32938f7ff6918d5bbdc52483f31e3725875456a9aeb83f915461a5ea629acda > > or whatever type that I can then change to what I need elsewhere. >

Re: [Cryptography-dev] Extracting pub key from a csr

You're getting back the public key object for that CSR. When you say you want the "public key itself" what do you mean? Alex On Thu, Aug 29, 2024 at 10:54 PM Robert Moskowitz wrote: > > I have a csr with an eddsa25519 key: > > -BEGIN CERTIFICATE REQUEST- > MIGPMEMCAQAwEDEOMAwGA1UEBRMFeDE

Re: [Cryptography-dev] Report a potential risk of secret leakage in project(cryptography_vectors)

Hi, This package intentionally contains cryptographic test vectors, none of these credentials are intended to be secret. Alex On Tue, Aug 13, 2024 at 7:33 AM wrote: > > > Dear developers of the project(cryptography_vectors), > > We are software security researchers, currently conducting researc

Re: [Cryptography-dev] Cryptographic recipes

m/SecurityInnovation/PGPy/blob/master/pgpy/pgp.py#L1189)? > It is based on the OpenPGP standard, it can be used without additional > parameters (which prevents misuse), and it addresses a common use case > (message encryption). > > Cheers, > > Ben > > On 25-Jun-24 00:09,

Re: [Cryptography-dev] Cryptographic recipes

alled a > de-facto standard by transitive properties? > > * It should be parameter-free > > Check. > > > It seems that Ansible checks most of the boxes. What do you think? Is this > enough to include Ansible's vault implementation in the recipes section? > > - Be

Re: [Cryptography-dev] Cryptographic recipes

Hi Ben, We are interested in having more cryptographic recipes, however we have a number of things we want from a recipe: * It should comprehensively address a common use case * It should reflect current (and anticipated future) best practices * It should be misuse-resistant * It should reflect a

[Cryptography-dev] PyCA cryptography 42.0.6 released

PyCA cryptography 42.0.6 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X.509, key derivation functions, and much more. We support Python 3.7+, an

[Cryptography-dev] PyCA cryptography 42.0.4 released

PyCA cryptography 42.0.3 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.7+, and

Re: [Cryptography-dev] RSA sign() with algorithm=None

That is not a correct inference. _rsa_sig_setup() allows passing algorithm=None because that code path is used via recover_data_from_signature, which supports algorithm=None. This code is working as intended. Alex On Sun, Dec 24, 2023 at 1:03 PM M.S. Kandanur wrote: > > In the latest released

[Cryptography-dev] PyCA cryptography 41.0.7 released

PyCA cryptography 41.0.7 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.7+, and

Re: [Cryptography-dev] Fail to setup the project for contribution

FYI, homebrew now builds rust with the necessary coverage support, so this problem shouldn't impact anyone else going forward. Alex On Tue, Nov 21, 2023 at 8:53 AM Alex Gaynor wrote: > > Great. Looks like there's an action item for me to send a PR to > homebrew to build wi

Re: [Cryptography-dev] Fail to setup the project for contribution

seems to have resolved the issue. > > Thank you very much for your help. > > Jules > > Le mar. 21 nov. 2023 à 14:19, Alex Gaynor a écrit : >> >> Where did you get your rustc from? It looks like it's built without >> the necessary support for coverage. >> &

Re: [Cryptography-dev] Fail to setup the project for contribution

er your questions: > 1) I'm building on a Mac M1 > 2) Yes, nox -e tests-nocoverage works without any issues > > Jules > > Le mar. 21 nov. 2023 à 13:55, Alex Gaynor a écrit : >> >> Two questions: 1) What platform are you building on? 2) Does `nox -e >> tests-no

Re: [Cryptography-dev] Fail to setup the project for contribution

gt; /Users/jules/Documents/cryptography/src/rust/target/release/deps -L > dependency=/Users/jules/Documents/cryptography/src/rust/target/release/deps > --cap-lints allow -Cinstrument-coverage` (exit status: 1) > > error: could not compile `pkg-config` (lib) due to previous error > &g

Re: [Cryptography-dev] Fail to setup the project for contribution

Yes, please send the complete output of `nox -e tests`. Alex On Tue, Nov 21, 2023 at 5:42 AM Jules Marmier wrote: > > Hi everyone! > > > I'm trying to contribute to the cryptography project but I have some trouble > setting up the project. I try to follow the Getting started page but the > com

Re: [Cryptography-dev] pyOpenSSL or pyca crytpograhy

You should use https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#pkcs12 pyOpenSSL's PKCS#12 support is deprecated. Alex On Wed, Nov 15, 2023 at 11:44 PM peter cooke via Cryptography-dev wrote: > > Hi > Sorry to bother I am a begginner and confused.I think you g

Re: [Cryptography-dev] Loading an ED25519 private key

If you've exported a key with PrivateFormat.OpenSSH, you can load with https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#cryptography.hazmat.primitives.serialization.load_ssh_private_key Alex On Wed, Sep 20, 2023 at 1:24 PM John Walstra via Cryptography-dev wrote: > >

[Cryptography-dev] PyCA cryptography 41.0.4 released

PyCA cryptography 41.0.4 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.7+, and

Re: [Cryptography-dev] Python cryptography fails to load due to _rust DDL import error

> in advance > > Il Ven 4 Ago 2023, 18:02 Alex Gaynor ha scritto: >> >> This very likely indicates that however you've packaged and installed >> the application in your environment isn't properly including the >> extension module for cryptography. >

Re: [Cryptography-dev] Python cryptography fails to load due to _rust DDL import error

This very likely indicates that however you've packaged and installed the application in your environment isn't properly including the extension module for cryptography. Alex On Fri, Aug 4, 2023 at 11:20 AM Gualtiero Scotti wrote: > > I'm struggling with this issue from few days... > > I've a Py

Re: [Cryptography-dev] How to update Python Cryptography

The error you're receiving, "Error: Unable to find a match: python-devel OpenSSL-devel" is coming from yum, and not from anything to do with cryptography. For support with using yum, you should contact Red Hat. Alex On Wed, Aug 2, 2023 at 5:37 PM Rishi Kesh Kumar wrote: > > Hi, > >As part o

Re: [Cryptography-dev] openssl library

Cryptography can be built to link OpenSSL in either mode. Our pre-built wheels statically link OpenSSL, but users can compile it either way. Alex On Thu, May 25, 2023, 1:38 PM Laurent Philippart (Nokia) < laurent.philipp...@nokia.com> wrote: > Hi, > > > > Could you please clarify if cryptography

Re: [Cryptography-dev] OpenSSL 3.0.8 + Python 3.11.2 + Cryptography 39

I'm not positive I understand your question. That said, cryptography has supported OpenSSL 3.0 since version 35.0, and pyOpenSSL has required cryptography 35.0.0 since pyOpenSSL 22. Alex On Wed, Apr 5, 2023 at 10:58 AM Prasad, PCRaghavendra via Cryptography-dev wrote: > > Hi Team, > > > > GM, >

Re: [Cryptography-dev] Request to remediate vulnerabilities

This issue is resolved in cryptography version 39.0.1 and newer. You simply need to upgrade. Alex On Tue, Mar 7, 2023 at 6:02 AM Mani Sankar Karanam via Cryptography-dev wrote: > > Hello Team !!! > Thank you for providing the open source python package cryptography. It is > greatly helpful to u

Re: [Cryptography-dev] Cryptography Wheel Files for Python 3.8

We upload wheels for all releases. We use abi3 wheels, so there aren't wheels specifically for Python 3.8: https://cryptography.io/en/latest/faq/#why-are-there-no-wheels-for-my-python3-x-version Alex On Fri, Feb 17, 2023 at 5:44 AM Manish Gupta <9manishgup...@gmail.com> wrote: > > Hello Team, >

Re: [Cryptography-dev] AES-CTR with 256 bit keys

Fri, Feb 3, 2023 at 9:09 AM Alex Gaynor wrote: >> >> This is not correct, block size and key size are not the same thing >> for symmetric encryption algorithms. >> >> AES's block size is always 128-bit, it's not something cryptography >> chooses to use

Re: [Cryptography-dev] AES-CTR with 256 bit keys

This is not correct, block size and key size are not the same thing for symmetric encryption algorithms. AES's block size is always 128-bit, it's not something cryptography chooses to use, it's the definition of the algorithm. Alex On Thu, Feb 2, 2023 at 8:02 PM Arshad Khan wrote: > > Hello > >

Re: [Cryptography-dev] Declaration of Vulnerabilities - pyOpenSSL

a) Everything I said about your identical email regarding pynacl is applicable here b) Please don't ship new things in 2023 that use pyOpenSSL 20, which is from 2020. Alex On Fri, Jan 6, 2023 at 5:07 PM Bird, Kurt wrote: > > Dear PyOpenSSL Maintainers, > > > > GDMS-C is preparing a response to a

Re: [Cryptography-dev] Declaration of Vulnerabilities - PyNaCl

I think you are confused about how this works. We are not your vendor, it's not our responsibility to help you do your RFP. If you want to sell something to the Canadian Government, you have to do the legwork. We're an open source project. We provide source code under an OSS license, we accept pu

[Cryptography-dev] PyCA cryptography 38.0.2 yanked

Yesterday, PyCA cryptography 38.0.2 was released to PyPI. Today, we yanked the release from PyPI due to regressions in OpenSSL that led the OpenSSL team to withdraw OpenSSL 3.0.6 (which PyCA cryptography's wheels include). We expect to issue a follow up release once the OpenSSL team has released O

Re: [Cryptography-dev] Quick Question

No, there is no plan to issue a 39 release shortly. This complaint should be directed at the Safety DB. There is no LibreSSL vulnerability, they are confused. https://github.com/pyupio/safety/issues/413 Alex On Mon, Oct 3, 2022 at 12:09 PM Rodney McBride via Cryptography-dev wrote: > > Is there

Re: [Cryptography-dev] regarding openSSL bindings in python-cryptography package

Hi Sudhakar, _openssl.so is the CFFI generated C extension that exposes OpenSSL's APIs to Python. Depending on how you built and installed cryptography this can be either statically linked against OpenSSL or dynamically. If you downloaded one of our wheels then it is statically linked against a ve

[Cryptography-dev] PyCA cryptography 37.0.4

PyCA cryptography 37.0.4 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 3.6+, and

[Cryptography-dev] PyCA cryptography 37.0.3 (and then yanked)

Yesterday, PyCA cryptography 37.0.3 was released to PyPI. Today, we yanked the release from PyPI due to a regression in OpenSSL that was producing heap corruption for users. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric

Re: [Cryptography-dev] Cryptography version for python 3.7 on Windows 64 machine

Your question doesn't have many details, but see: https://cryptography.io/en/latest/faq/#why-are-there-no-wheels-for-my-python3-x-version I suspect this answers your question. Alex On Tue, May 31, 2022 at 12:18 PM Zhang, Yang via Cryptography-dev < cryptography-dev@python.org> wrote: > Dear Cryp

Re: [Cryptography-dev] Certificates with RSASSA_PSS

Hi Andrew, Unfortunately fully supporting PSS certificates is not merely a matter of adding a value to SIG_OIDS_TO_HASH. This is tracked in https://github.com/pyca/cryptography/issues/2850 and https://github.com/pyca/cryptography/issues/4858. However, if that PR works for you, then you can likely

Re: [Cryptography-dev] Validate SSH key

t; make sure that the string which I'm receiving is a valid SSH public > key. > > On Mon, Feb 28, 2022 at 6:13 PM Alex Gaynor wrote: > > > > What does it mean to you to validate an SSH key? > > > > pyOpenSSL does not have any functions for interacting with >

Re: [Cryptography-dev] Validate SSH key

What does it mean to you to validate an SSH key? pyOpenSSL does not have any functions for interacting with SSH-formatted keys. cryptography has a function for parsing them: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#openssh-public-key Alex On Mon, Feb 28, 2022

Re: [Cryptography-dev] Alpine: pip install cryptography --no-binary cryptography generates wheel

--no-binary prevents downloading a pre-built wheel. However, pip will always build a wheel internally from an sdist, that's part of how it installs a package. What are you actually trying to do? Alex On Sun, Feb 27, 2022 at 8:00 AM Felix Woelk wrote: > > Hi there, > > I am using cryptography in

Re: [Cryptography-dev] Possible to customize how python handle ssl verify callback?

This mailing list is for dealing with the Python Cryptographic Authority family of libraries, so we're not really in a position to provide support for the Python stdlib modules. For that you want something like https://discuss.python.org/. That said, if you really this this to apply to _all_ X.509

Re: [Cryptography-dev] Need information for cryptography 3.4.7

If this is coming from the US government, please email me off list with which agencies are demanding to know if python is impacted by log4j. Alex בתאריך יום ד׳, 15 בדצמ׳ 2021, 11:59, מאת Bill Cain ‏: > First, thank you so much for the quick response. We so appreciate all > that you do for crypt

Re: [Cryptography-dev] Linux CPython 3.8 version for cffi, bcrypt and PyNaCl

Cryptography already publishes abi3 wheels that cover all supported versions of Python3: https://cryptography.io/en/latest/faq/#why-are-there-no-wheels-for-my-python3-x-version You likely need to upgrade your version of pip. Alex On Mon, Nov 15, 2021 at 8:57 PM Andrey Gusakov wrote: > > Hi guys

Re: [Cryptography-dev] Compute issuerKeyHash

You want Encoding.DER, not PEM. Alex On Thu, Sep 16, 2021 at 11:51 AM pepone.onrez wrote: > > Hi, > > Is there a way to compute the issuer key hash from the certificate issuer? > > I tried with: > > public_key = issuer_cert.public_key().public_bytes( > Encoding.PEM, > PublicFormat.Subjec

Re: [Cryptography-dev] SM4 support

We do not have a planned release date for our next release. Probably towards the end of the month though, maybe early next month. Alex On Mon, Aug 2, 2021 at 8:34 PM Rowan, Jim wrote: > > I have a few questions about SM4 support? > > Is there a planned release date for a release that includes SM

Re: [Cryptography-dev] Problems with importing OpenSSL on Windows

I'd guess it's related to upgraded version of build tools in our release pipeline -- possibly related to abi3? Alex On Wed, Apr 21, 2021 at 12:31 PM Łukasz Hanuszczak wrote: > Hello again, > > On Thu, Apr 15, 2021 at 2:30 PM Alex Gaynor wrote: > >> I don'

[Cryptography-dev] codecov security incident

This morning codecov disclosed a security incident: https://about.codecov.io/security-update/ This incident allowed an attacker to run code in environments that use codecov for uploading coverage. Since the Python Cryptographic Authority uses codecov across our projects for tracking coverage, we

Re: [Cryptography-dev] Problems with importing OpenSSL on Windows

Hi Lukasz, Unfortunately this issue doesn't ring a bell at all for me. I don't believe we made any fundamental changes to our DLLs -- all we've done is update OpenSSL versions over this period. We have definitely not introduced any new system dependencies. Alex On Thu, Apr 15, 2021 at 8:10 AM Łu

Re: [Cryptography-dev] Replicating CI of the project?

I haven't tried it myself, but https://github.com/nektos/act may literally let you just run our github actions locally. To answer your question more specifically: there's usually one of two reasons our CI fails that aren't caught locally: either due to the many many versions of OpenSSL we support,

Re: [Cryptography-dev] Loading a Curve25519 X.509 key

yInfo formats. We should fix those docs. > > -Paul > > On Wed, Mar 10, 2021 at 11:05 AM Alex Gaynor wrote: > > > > Hi Saruabh, > > > > I think > > https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.p

Re: [Cryptography-dev] Loading a Curve25519 X.509 key

Hi Saruabh, I think https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.primitives.serialization.load_pem_public_key should work. Notwithstanding the docs, I believe it'll load an X25519PublicKey :-) If that works for you, let us know and I'll mak

Re: [Cryptography-dev] Rust in pyca/cryptography

But what we won't do is simply stop trying to drop C. Alex On Wed, Jan 13, 2021 at 9:45 AM Barry Scott wrote: > > On Tuesday, 12 January 2021 17:23:10 GMT Alex Gaynor wrote: > > Running `yum install rust` in a CentOS8 docker container seems to get > > me rustc 1.45.2, and

Re: [Cryptography-dev] Rust in pyca/cryptography

https://www.python.org/dev/peps/pep-0599/ :-) Alex On Wed, Jan 13, 2021 at 2:49 AM Hynek Schlawack wrote: > > > > > On 12. Jan 2021, at 19:05, Alex Gaynor wrote: > > > > At the moment we provide wheels for: > > > > - x86_64, arm64 Linux > > T

Re: [Cryptography-dev] Rust in pyca/cryptography

ilable in RTD, etc.), but we're not simply going to stop these efforts: Language level memory safety is not negotiable. Alex On Tue, Jan 12, 2021 at 1:00 PM Michael Ströder via Cryptography-dev wrote: > > On 1/12/21 6:23 PM, Alex Gaynor wrote: > > As ever, our wheels (which are how

Re: [Cryptography-dev] Rust in pyca/cryptography

/cryptography) will not require any compiler or build toolchain on user's machines. Alex On Tue, Jan 12, 2021 at 12:17 PM Barry Scott wrote: > > On Tuesday, 12 January 2021 15:52:01 GMT Michael Ströder via Cryptography-dev > wrote: > > On 12/22/20 8:43 PM, Alex Gaynor wrote: >

Re: [Cryptography-dev] Rust in pyca/cryptography

put in the work here, but we won't accept "don't use Rust" as an answer. Alex On Tue, Jan 12, 2021 at 11:29 AM Michael Ströder via Cryptography-dev wrote: > > On 12/22/20 8:43 PM, Alex Gaynor wrote: > > As we previewed in August [0] we're planning to incorporate

[Cryptography-dev] Rust in pyca/cryptography

Hi all, As we previewed in August [0] we're planning to incorporate Rust code into pyca/cryptography. I'm thrilled to announce that we just landed a patch that starts us down that path: https://github.com/pyca/cryptography/commit/c84d6ee0605645a24fd93c436967ee2519aa586a As a reminder, the s

Re: [Cryptography-dev] Affected version of CVE-2020-25659

Hi Tristan, Yes, this impacts every version going back to 0.4 when this functionality was first introduced. Alex On Wed, Oct 28, 2020 at 9:33 AM Tristan Laurillard wrote: > Hello, > > We maintain the Safety vulnerability tool. > > I have a small question regarding CVE-

Re: [Cryptography-dev] Cryptography v3.2 publish to PyPi

We're not yet ready to do a release, and have things remaining in that milestone https://github.com/pyca/cryptography/milestone/34 -- including changes to the SMIME API. Alex On Fri, Oct 16, 2020 at 1:59 PM Jonathan Trinh via Cryptography-dev < cryptography-dev@python.org> wrote: > Hello, > > >

[Cryptography-dev] Rust code in pyca/cryptography

Hi all, We're investigating the inclusion of Rust code into pyca/cryptography. If you are interested in providing feedback on this, please see https://github.com/pyca/cryptography/issues/5381 and leave a comment. Thanks, Alex -- All that is necessary for evil to succeed is for good people to do

Re: [Cryptography-dev] New OpenSSH key format

No, cryptography does not support OpenSSH format private keys. This is not currently planned. Alex On Tue, Mar 3, 2020 at 1:28 AM Lalit Kumar wrote: > Can we retrieve the public key from private key in the new OpenSSH format > like below: > > > > > > > > > > > > > > > > > > > > > > > > > > > >

[Cryptography-dev] macOS older than 10.12

Hi everyone, We're considering dropping support for macOS versions older than 10.12, due to maintenance burden, and incredibly low usage (per PyPI metrics). Before we do that, we just wanted to check in to see if there was any reason this would cause a problem for anyone? Alex -- All that is n

Re: [Cryptography-dev] FIPS Certfication

Cryptography is not in-scope within the definition of FIPS-140-2; we use OpenSSL for implementation of cryptographic algorithms. If you link cryptography against an certified and/or validated OpenSSL, that is controlling for whether your cryptography is certified/validated. Alex On Wed, Jun 12, 2

Re: [Cryptography-dev] Signing a CSR with your own CA

Hi Kevin, The short version is, despite what the OpenSSL CLI would have you think, "signing a CSR" isn't a thing. When a CA receives a CSR, it copies some of the elements (most importantly the public key) from the CSR into a new cert. https://cryptography.io/en/latest/x509/tutorial/#creating-a-sel

[Cryptography-dev] PyCA cryptography 2.6

PyCA cryptography 2.5 has been released to PyPI. cryptography includes both high level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, asymmetric algorithms, message digests, X509, key derivation functions, and much more. We support Python 2.7, Python

Re: [Cryptography-dev] Adding custom attributes to a CSR

Neither cryptography nor pyOpenSSL support CSR attributes. There is a long standing issue about it: https://github.com/pyca/cryptography/issues/3384 Alex On Fri, Feb 8, 2019 at 4:42 PM Ben Kinsella wrote: > In pyOpenSSL and pyca/cryptography, I can’t find any way to add custom > attributes to a

Re: [Cryptography-dev] Private Set Intersection

1) By get the bytes I assume you mean for the private value? In that case, key.private_numbers().private_value will give you it as an integer, then you can encode it as you like. 2) No, EC private keys do not mathetmatically support encryption. If you want to encrypt with an elliptic curve private

Re: [Cryptography-dev] serialize private ley

You should pass an instance of https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#cryptography.hazmat.primitives.serialization.NoEncryption if you want an unencrypted key. Here's an example: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#key-serializ

Re: [Cryptography-dev] The ECDH vulnerability

When you load an object into an EllipticCurvePublicKey instance, we verify that the point is on the curve. EllipticCurvePrivateKey.exchange(ECDH(), public_key) will also refuse to perform an excahgen where the public and private keys aren't on the same curve. Alex On Mon, Jul 23, 2018 at 4:53 PM

Re: [Cryptography-dev] Type error using CBC IV

Just looking at the code here, are you sure the `key` is a bytes object? Alex On Thu, Jun 14, 2018 at 5:30 PM Fennell, Felix W. wrote: > Hi, > > I'm not sure if this the best place to ask for support using Cryptography, > apologies if it isn't. > > I am trying to recover and decrypt some data e

Re: [Cryptography-dev] Using EC Point arithemtic in cryptography

I > can't seem to find anything on that quite yet. No pointers here, I guess? > > > Thanks! > > -John > > On Fri, Dec 1, 2017 at 3:24 PM, Alex Gaynor wrote: > >> Hi John, >> >> We don't have an API for doing raw EC point arithmetic. &g

Re: [Cryptography-dev] Using EC Point arithemtic in cryptography

Hi John, We don't have an API for doing raw EC point arithmetic. https://github.com/pyca/cryptography/pull/2919 is an issue proposing (and implementing) it, but I've been very hesitant to expand the API like this. Point multiplication can be accomplished with the ECDH API. Alex On Fri, Dec 1, 2

Re: [Cryptography-dev] Help on ERROR, please.

You are using an out of date version of setuptools; upgrade to the latest release and it should resolve your issue. Alex On Tue, Oct 17, 2017 at 3:17 PM, 白 岩 wrote: > Hi, I'm using python2.7 and need to install this moudel. > I installed it with command : pip install cryptography . > but I got

Re: [Cryptography-dev] Signing with Intermediate Certificate not accepted by Browsers

s I can > see one created with python are UTF8STRING and the one with my other > application are PRINTABLESTRING. > > I try to make a new test with the current git version of cryptography. > > Thanks, > Julian > > Am 01.10.2017 um 15:45 schrieb Alex Gaynor : > > Can

Re: [Cryptography-dev] Signing with Intermediate Certificate not accepted by Browsers

Can you point your certificate at `openssl asn1parse` and compare the string types used in the signature? My guess it that the cryptography generated cert will have UTF8String, and the cert generated by your other software will have PrintableString or some other string time. If yes, good news! Th

Re: [Cryptography-dev] FIPS cffi bindings

As you noted, I have a disdain for FIPS-140. Familiarity breeds contempt. That said, I'm ok with landing just the bindings. Alex On Mon, Sep 25, 2017 at 11:54 AM, Scott Sturdivant < scott.sturdiv...@gmail.com> wrote: > Hi, > > Would the cryptography dev team be accepting of a patch that added b

Re: [Cryptography-dev] Raw ECDSA keypairs?

that does it in the API. I'm assuming, that I could > probably convert it to the bytes representation of it by doing something > along the lines of (presuming a 256bit curve a la secp256k1): > `PrivKeyNumber.to_bytes(32, byteorder='big')`. > > Does that make sens

Re: [Cryptography-dev] Raw ECDSA keypairs?

I'm not sure what you mean by "raw bytes", keys can be generated and serialized as documented here: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#serialization Alex On Fri, Sep 15, 2017 at 3:11 PM, John Pacific wrote: > Hey there! > > Is there a good way to generate an ECDS

[Cryptography-dev] Using pip<6 to install cryptography?

Hello, We'd like to make some long desired cleanups to our setup.py ( https://github.com/pyca/cryptography/pull/3796). Unfortunately, if you're installing cryptography with pip<6, things won't work (specifically, all of cryptography's dependencies won't be installed). If you're using pip<6, can y

Re: [Cryptography-dev] Import Error.

Hi Deepen, Without any more information, it looks like you didn't install cryptography into your virtualenv. How did you install twisted? Alex On Sun, Jul 23, 2017 at 12:24 PM, Deepen Patel wrote: > Hi, > > I got error like Import error. > > Traceback (most recent call last): > File "startno

  1   2   >