ntrol if and when Python
swaps memory to disk.
Alex
On 16.02.2018 22:16, Andrew Donoho wrote:
> Gentlefolk,
>
>
>
> Apparently, my Google-fu is weak and I come seeking advice.
>
> Secret management is important. In particular, I want to make sure that
> any
Have we confirmed that all important downstreams (pyOpenSSL, Twisted,
eventually Fabric/Paramiko, urllib3/requests) have dropped 3.2?
Alex
On Tue, Apr 14, 2015 at 10:49 AM, Laurens Van Houtven <_...@lvh.io> wrote:
> I for one support any and all efforts that reduce the number of
Thank you for your years of maintenance of pyOpenSSL!
Alex
On Wed, Apr 15, 2015 at 2:02 PM, Jean-Paul Calderone <
jean-p...@clusterhq.com> wrote:
> On Tue, Apr 14, 2015 at 12:54 PM, Hynek Schlawack wrote:
>
>> Greetings fellow Pythoneers,
>>
>> I'm happy to
confirm if it's a problem for him. That said, I'm planning on merging this
as soon as Paul updates it with the last issue (;-)), and we can revert if
it turns out it'll be a giant issue for paramiko.
Cheers,
Alex
On Wed, Apr 15, 2015 at 4:58 AM, Cory Benfield wrote:
> On 15
I'll wait to see what he says first.
Alex
On Sat, Apr 18, 2015 at 3:57 PM, Donald Stufft wrote:
> If Jeff wants it I can generate graphs for paramiko as well.
>
>
> On Apr 18, 2015, at 3:52 PM, Alex Gaynor wrote:
>
> For those not following the issue, Donald post
Hi Olivier,
You can use the private_numbers() method:
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithNumbers.private_numbers
To get an EllipticCurvePrivateNumbers which has x and y attributes.
Alex
On
Hi Erik,
So far we've been focussed on the "read-only" side, we haven't really
discussed the "create a certificate" workflow.
That said:
IMO Certificate should always be immutable, when we get to creation, the
API should either go through a distinct CertificateBui
Hi Erik,
We'll support constructing a certificate in memory and signing it, but I
suspect the API will look a bit like:
x509.CertificateBuilder().set_issuer(...).add_extension(...).sign(parent_certificate)
Alex
On Thu, Apr 30, 2015 at 6:00 PM, Erik Trauschke
wrote:
> Hi Alex,
>
&
Perhaps an EllipticCurvePrivateNumbers.from_private_number_and_curve()
would be appropriate to automatically compute the public key?
Alex
On Thu, May 14, 2015 at 12:11 PM, Paul Kehrer
wrote:
> Hi Dario,
>
> The creation of an EllipticCurvePrivateNumbers object does require you to
Right now we don't have an API for doing certificate validation in our x509
layer.
Alex
On Tue, Jun 9, 2015 at 6:04 AM, Alexey Kuchmenko
wrote:
> Hi! How do I verify X509 cert? I see X509_verify_cert() function in
> bindings/openssl/x509_vfy.py, but it looks like it is not
fiable reason to use Python 2.6 anymore, both
Django and Twisted have dropped it.
If this would _seriously_ impact you, please reply to this thread. If
possible I'd also like to hear from our downstreams.
Cheers,
Alex
--
"I disapprove of what you say, but I will defend to the death yo
#x27;m going to drop
this until such time as the data supports it, unless anyone wants to argue
in favor vigorously.
Alex
On Wed, Dec 23, 2015 at 12:52 PM, Simo Sorce wrote:
> On Tue, 2015-12-22 at 22:43 -0500, Alex Gaynor wrote:
> > Hi all,
> >
> > I'd like to propose w
low enough that we can safely drop OpenSSL 0.9.8
support.
Platforms specifically known to be affected:
- RHEL/CentOS 5 and older
- Debian Squeeze (baed on OpenSSL version, this is where most of the
affected users will be).
Thoughts? Will you be affected by this?
Alex
--
"I disapprove of what
On OS X and Windows we distribute a Cryptography wheel which includes
OpenSSL 0.9.8.
Alex
On Fri, Jan 22, 2016 at 5:19 PM, Ron Frederick wrote:
> What impact will this have on MacOS systems? Even the latest MacOS El
> Capitan (10.11.3) is still back on OpenSSL 0.9.8zg from 14 July 20
Uhhh, sorry, which includes OpenSSL *1.0.2*.
Alex
On Fri, Jan 22, 2016 at 5:21 PM, Alex Gaynor wrote:
> On OS X and Windows we distribute a Cryptography wheel which includes
> OpenSSL 0.9.8.
>
> Alex
>
> On Fri, Jan 22, 2016 at 5:19 PM, Ron Frederick wrote:
>
>> Wh
e the idea of adding a CRYPTOGRAPHY_ALLOW_DEPRECATED_OPENSSL for 1
release. That makes the timetable
- 1.3: Show deprecation warning
- 1.4: Removed by default with CRYPTOGRAPHY_ALLOW_DEPRECATED_OPENSSL
fallback
- 1.5: Removed entirely
With the 1.5 step contigent on feedback we receive from 1.4.
Al
Hi all,
This is an advanced notice that on Tuesday we'll be issuing a new release,
1.2.3. The only change will be upgrading the bundled version of OpenSSL on
Windows and OS X for
https://mta.openssl.org/pipermail/openssl-announce/2016-February/63.html
Alex
--
"I disapprove of wh
reproducer, that as well)?
Thanks!
Alex
On Thu, May 12, 2016 at 4:09 PM, Alexander Yukhanov
wrote:
> Hello,
> I have a service which uses hazmat, requests and tornado. Now and when i
> am encountering deadlock in openssl. One thread is trying to perform
> handshake, acquires CRYPT
e.
I fear your best option is probably to fork the Fernet mdoule, which
thankfully isn't terribly much code.
Alex
On Fri, May 27, 2016 at 10:28 PM, Todd Knarr wrote:
> Would there be an interest in, or philosophical/design objections to, a
> patch to allow Fernet to use AES192 an
The problem is Fernet refers to a specific standard, if you change it,
you've got something new and not interoperable :-)
Alex
On Sat, May 28, 2016 at 12:25 AM, Todd Knarr wrote:
> On 05/27/2016 07:36 PM, Alex Gaynor wrote:
>
>> Fernet is a standard maintained outside pyca
Hi Todd,
We're not going to merge non-standard extensions to Fernet. You're welcome
to attempt to contribute to the upstream spec, but absent a change there
I'm going to close your PR.
Alex
On Wed, Jun 1, 2016 at 12:44 PM, Todd Knarr wrote:
> On 05/30/2016 08:49 PM
ith a modern OpenSSL.
Alex
On Wed, Jun 8, 2016 at 9:59 AM, Rob Marshall
wrote:
> Hi,
>
> I'm trying to install cryptography-1.4 on SLES 10 SP3 running Python 2.7.8
> that I installed from source. I installed:
>
> libffi-devel-3.0.11-9.1
> libffi6-3.0.11-9.1
> openssl-d
That's unfortunate. You'll be unable to use cryptography, as we don't
supported an OpenSSL that old.
Alex
On Wed, Jun 8, 2016 at 1:25 PM, Rob Marshall
wrote:
> Hi Alex,
>
> OK, thanks. I can't upgrade because I use SLES 10 SP3 as the basis of a
> product I
Probably the one in our readme/homepage.
It's been a while since we wrote that. If I recall correctly, PyCrypto's
AES implementation is vulnerable to the cache timing side-channel that DJB
wrote about many years ago.
Alex
On Thu, Jun 30, 2016 at 6:10 PM, Glyph Lefkowitz
wrote:
>
https://stackoverflow.com/questions/20992760/understanding-bcryptsignhash-output-signature
matches your intuition: the format out of Microsoft's function is just the
two numbers concatenated together, perhaps they are little endian instead
of big endian though?
Alex
On Thu, Aug 11, 2016 at
Hi Eran,
At the moment, no. Right now we simply use whatever OpenSSL does for
generating `k`.
Alex
On Mon, Dec 12, 2016 at 6:43 AM, Eran Messeri via Cryptography-dev <
cryptography-dev@python.org> wrote:
> Hi,
>
> Is there a way to generate deterministic ECDSA signatures?
>
I'm opposed -- there's no benefit to this being in cryptography itself;
this API can be totally implemented outside of it.
Alex
On Mon, Dec 19, 2016 at 4:17 PM, Boris Bobrov wrote:
> Hi!
>
> I work on OpenStack Keystone. We use Fernet keys for our tokens. A
> token
If you'd like ed25519 from a supported library today, pyncal has it.
On Mon, Jan 16, 2017 at 8:55 PM, Paul Kehrer
wrote:
> We plan to add support for ed25519 as soon as there is an OpenSSL release
> that supports it. That may be 1.1.1, but it hasn't landed yet.
>
> -Paul Kehrer (reaperhulk)
>
>
You're generating a new salt on every invocation of encryptMAIN, which
means that a different key is used when you encrypt and decrypt.
On Wed, Feb 22, 2017 at 1:29 PM, Salvador Munguia via Cryptography-dev <
cryptography-dev@python.org> wrote:
> Original Data:
> gABYrP0tuwZsZ2D5v-r7O6NyGDpp3
e yourself with
SQLi and other basic application security concerns before diving into
cryptography.
Alex
On Thu, Feb 23, 2017 at 4:56 PM, Salvador Munguia via Cryptography-dev <
cryptography-dev@python.org> wrote:
> It works when I encrypt and decode from string in same script, but when
Hi David,
You're correct that HMAC's security is still fine when used with SHA-1,
HMAC-MD5 is even secure believe it or not.
That said, I'd generally recommend people migrate to HMAC-SHA-256 anyways,
to make analyzing their software easier.
Alex
On Wed, Mar 15, 2017 at 1:48
It's also worth noting that the correct time to switch is not when
something is broken, it's well before then.
Alex
On Wed, Mar 15, 2017 at 5:14 PM, Paul Kehrer
wrote:
> Echoing Alex's comments, SHA1's problems do not affect HMAC constructions
> so there's no cu
I'd also add that any primitives we expose need to be standardized and
interoperable. Does ECIES have a standard syntax/serialization/etc.?
Alex
On Tue, Mar 21, 2017 at 2:14 PM, Paul Kehrer
wrote:
> Hi Adam,
>
> Thanks for the offer! Our general criteria for inclusion of new ha
copy :-)
https://cryptography.io/en/latest/x509/ are our X.509 docs, and
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/
are the docs for key serialization. Let us know if you have any questions.
Alex
On Thu, Apr 20, 2017 at 8:14 AM, Paul King via Cryptography-dev <
te to serialize it however
you like.
Alex
On Thu, Apr 20, 2017 at 8:28 AM, Paul King wrote:
>
> Hi Alex,
>
> Thanks for the rapid response.
>
> I am trying to process a lot of certificates so that I can do some
> research on them. I have them in PEM format and I would idea
(Please reply to the full mailing lists)
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey
describes the methods that an EllipticCurvePublicKey has for exporting the
key, either to bytes or ot raw numbers.
Alex
Unfortunately we don't have an API for this:
https://github.com/pyca/cryptography/issues/2850 tracks adding this.
Truth be told, I'm not totally sure the status of PSS signature
verification in X.509 libs, so I can't promise what platforms this will
work on, even after we figure
this point the X.509 layer in cryptography is complete, can we deprecate
the one in pyOpenSSL? That'd let us kill a good deal of code, and really
get pyOpenSSL down to just an SSL layer, which is all we care about anyways.
Alex
On Wed, Jun 7, 2017 at 4:39 AM, Cory Benfield wrote:
> Hyne
Great point.
Alex
On Jun 7, 2017 9:24 AM, "Ron Frederick" wrote:
> On Jun 7, 2017, at 5:36 AM, Cory Benfield wrote:
>
> On 7 Jun 2017, at 13:15, Alex Gaynor wrote:
>
> Are there things we can do to lower the maintenance burden for ourselves?
> At this point the X.
We do not currently have an API for this format.
Alex
On Jul 5, 2017 2:22 PM, "Michael Ströder" wrote:
HI!
The only standardized string form for X.509 names is the LDAP "String
Representation of
Distinguished Names" (see RFC 4514).
M2Crypto allows to simply let OpenSSL
/ssl.html#OpenSSL.SSL.Connection.get_cipher_name
Alex
On Thu, Jul 13, 2017 at 8:49 PM, Karan karan wrote:
> Hi,
>
> I'm trying to test different cipher and protocols using the request
> packages, for which i extend the HTTPAdapter. Here are some of the code
> snip
Hi Deepen,
Without any more information, it looks like you didn't install cryptography
into your virtualenv. How did you install twisted?
Alex
On Sun, Jul 23, 2017 at 12:24 PM, Deepen Patel wrote:
> Hi,
>
> I got error like Import error.
>
> Traceback (most recent
If you're using pip<6, can you chime in and let us know why, and how
disruptive this change would be so we can make an informed decision?
Alex
--
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing V
I'm not sure what you mean by "raw bytes", keys can be generated and
serialized as documented here:
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#serialization
Alex
On Fri, Sep 15, 2017 at 3:11 PM, John Pacific wrote:
> Hey there!
>
> Is there a
private_key.private_numbers() gives you an object with a `private_value`
attribute which is an integer.
Alex
On Fri, Sep 15, 2017 at 6:09 PM, John Pacific wrote:
> Sorry, asking questions for remote people.
> I think he meant the actual numbers of the key pair.
>
> I found a class
As you noted, I have a disdain for FIPS-140. Familiarity breeds contempt.
That said, I'm ok with landing just the bindings.
Alex
On Mon, Sep 25, 2017 at 11:54 AM, Scott Sturdivant <
scott.sturdiv...@gmail.com> wrote:
> Hi,
>
> Would the cryptography dev team be accepting o
! This will be fixed in the next cryptography release --
you can verify this by testing with the version of cryptography in git.
Alex
On Sun, Oct 1, 2017 at 9:43 AM, Julian Meyer
wrote:
> Hi,
>
> I woud like to sign a certificate with my internal intermediate (CA)
> certificate. First I
Woo! Good call me :-)
We're hoping to have it released in the next week or two.
Alex
On Sun, Oct 1, 2017 at 10:25 AM, Julian Meyer
wrote:
> Hi,
>
> Just a update. I tested it with cryptography==2.1.dev1 and now it is
> working. So it is exactly this issue, as you guessed
You are using an out of date version of setuptools; upgrade to the latest
release and it should resolve your issue.
Alex
On Tue, Oct 17, 2017 at 3:17 PM, 白 岩 wrote:
> Hi, I'm using python2.7 and need to install this moudel.
> I installed it with command : pip install cryptography .
Hi John,
We don't have an API for doing raw EC point arithmetic.
https://github.com/pyca/cryptography/pull/2919 is an issue proposing (and
implementing) it, but I've been very hesitant to expand the API like this.
Point multiplication can be accomplished with the ECDH API.
Alex
On
Nope, we don't have a public API for modular inverse.
Alex
On Fri, Dec 1, 2017 at 5:38 PM, John Pacific wrote:
> Hey, Alex!
>
> Thanks for the response! I've been using the ECDH API for the scalar
> multiplication, but my last remaining need is for `BN_mod_inverse` and
Just looking at the code here, are you sure the `key` is a bytes object?
Alex
On Thu, Jun 14, 2018 at 5:30 PM Fennell, Felix W. wrote:
> Hi,
>
> I'm not sure if this the best place to ask for support using Cryptography,
> apologies if it isn't.
>
> I am trying to r
When you load an object into an EllipticCurvePublicKey instance, we verify
that the point is on the curve. EllipticCurvePrivateKey.exchange(ECDH(),
public_key) will also refuse to perform an excahgen where the public and
private keys aren't on the same curve.
Alex
On Mon, Jul 23, 2018 at 4:
/#key-serialization
Alex
On Fri, Oct 12, 2018 at 4:47 PM Ramani wrote:
> Hello,
>
> I am trying to serialize a private key using private_bytes method. I want
> to serialize a RSA private key with no password in one python module and
> bring it back in another so that I can use the pri
key, you need to do
implement an ECIES scheme where you perform an ECDH exchange with another
key and then encrypt under a key derived from the shared secret.
Alex
On Wed, Dec 12, 2018 at 4:55 PM Prashanth Ravindran <
prashanthravind...@gmail.com> wrote:
> Hi,
>
> I am tryi
Neither cryptography nor pyOpenSSL support CSR attributes. There is a long
standing issue about it: https://github.com/pyca/cryptography/issues/3384
Alex
On Fri, Feb 8, 2019 at 4:42 PM Ben Kinsella
wrote:
> In pyOpenSSL and pyca/cryptography, I can’t find any way to add custom
> attribu
/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.get_curve_for_oid>
.
- Add support for OpenSSL when compiled with the no-engine (
OPENSSL_NO_ENGINE) flag.
Alex
--
All that is necessary for evil to succeed is for good people to do nothing.
___
Cryptography-de
ial/#creating-a-self-signed-certificate
gives
an example of how to go about creating a certificate (you'll need to modify
it a bit to sign with a CA instead of being self-signed). Figuring out what
data from the CSR you want to include in the cert is your decision.
Alex
On Thu, Apr 11, 2019 at
Cryptography is not in-scope within the definition of FIPS-140-2; we use
OpenSSL for implementation of cryptographic algorithms. If you link
cryptography against an certified and/or validated OpenSSL, that is
controlling for whether your cryptography is certified/validated.
Alex
On Wed, Jun 12
Hi everyone,
We're considering dropping support for macOS versions older than 10.12, due
to maintenance burden, and incredibly low usage (per PyPI metrics).
Before we do that, we just wanted to check in to see if there was any
reason this would cause a problem for anyone?
Alex
--
All th
No, cryptography does not support OpenSSH format private keys. This is not
currently planned.
Alex
On Tue, Mar 3, 2020 at 1:28 AM Lalit Kumar wrote:
> Can we retrieve the public key from private key in the new OpenSSH format
> like
Hi all,
We're investigating the inclusion of Rust code into pyca/cryptography. If
you are interested in providing feedback on this, please see
https://github.com/pyca/cryptography/issues/5381 and leave a comment.
Thanks,
Alex
--
All that is necessary for evil to succeed is for good peop
We're not yet ready to do a release, and have things remaining in that
milestone https://github.com/pyca/cryptography/milestone/34 -- including
changes to the SMIME API.
Alex
On Fri, Oct 16, 2020 at 1:59 PM Jonathan Trinh via Cryptography-dev <
cryptography-dev@python.org> wrot
Hi Tristan,
Yes, this impacts every version going back to 0.4 when this functionality
was first introduced.
Alex
On Wed, Oct 28, 2020 at 9:33 AM Tristan Laurillard wrote:
> Hello,
>
> We maintain the Safety <http://pyup.io/safety/> vulnerability tool.
>
> I have a small q
e the time before our 3.4 release to ensure you have a Rust
toolchain installed, and verify that building cryptography from source
in git works for you:
https://cryptography.io/en/latest/installation.html#rust
Happy holidays,
Alex
[0]: https://mail.python.org/pipermail/cryptography-dev/2020-August/0
put in the work here, but we won't accept "don't use Rust" as
an answer.
Alex
On Tue, Jan 12, 2021 at 11:29 AM Michael Ströder via Cryptography-dev
wrote:
>
> On 12/22/20 8:43 PM, Alex Gaynor wrote:
> > As we previewed in August [0] we're planning to incorporate
/cryptography) will not require any compiler or build
toolchain on user's machines.
Alex
On Tue, Jan 12, 2021 at 12:17 PM Barry Scott wrote:
>
> On Tuesday, 12 January 2021 15:52:01 GMT Michael Ströder via Cryptography-dev
> wrote:
> > On 12/22/20 8:43 PM, Alex Gaynor wrote:
>
ilable
in RTD, etc.), but we're not simply going to stop these efforts:
Language level memory safety is not negotiable.
Alex
On Tue, Jan 12, 2021 at 1:00 PM Michael Ströder via Cryptography-dev
wrote:
>
> On 1/12/21 6:23 PM, Alex Gaynor wrote:
> > As ever, our wheels (which are how
https://www.python.org/dev/peps/pep-0599/ :-)
Alex
On Wed, Jan 13, 2021 at 2:49 AM Hynek Schlawack wrote:
>
>
>
> > On 12. Jan 2021, at 19:05, Alex Gaynor wrote:
> >
> > At the moment we provide wheels for:
> >
> > - x86_64, arm64 Linux
>
> T
But what we won't do
is simply stop trying to drop C.
Alex
On Wed, Jan 13, 2021 at 9:45 AM Barry Scott wrote:
>
> On Tuesday, 12 January 2021 17:23:10 GMT Alex Gaynor wrote:
> > Running `yum install rust` in a CentOS8 docker container seems to get
> > me rustc 1.45.2, and
I'll make
sure we fix those docs.
Alex
On Wed, Mar 10, 2021 at 11:56 AM Saurabh Kapoor wrote:
>
> Hi,
>
> A service we communicate with sends us their Curve25519 public key as a PEM
> file. The key is DER encoded and the format is X.509's SubjectPublicKeyInfo.
yInfo formats. We should fix those docs.
>
> -Paul
>
> On Wed, Mar 10, 2021 at 11:05 AM Alex Gaynor wrote:
> >
> > Hi Saruabh,
> >
> > I think
> > https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization.html#cryptography.hazmat.p
run black+flake8+mypy by hand, since it's faster.
Does that answer what you're looking for?
Alex
On Fri, Apr 2, 2021 at 6:09 PM Konstantin Shemyak
wrote:
> In my attempt to contribute to the project, I have bumped into numerous
> "corners" of the CI checks and h
Hi Lukasz,
Unfortunately this issue doesn't ring a bell at all for me. I don't believe
we made any fundamental changes to our DLLs -- all we've done is update
OpenSSL versions over this period. We have definitely not introduced any
new system dependencies.
Alex
On Thu, Apr 15,
nd compute aggregate coverage and
reports and it needs to be highly reliable. We encourage folks to send
recommendations our way.
Regards,
Alex & Paul
--
All that is necessary for evil to succeed is for good people to do nothing.
___
Cryptography-de
I'd guess it's related to upgraded version of build tools in our release
pipeline -- possibly related to abi3?
Alex
On Wed, Apr 21, 2021 at 12:31 PM Łukasz Hanuszczak
wrote:
> Hello again,
>
> On Thu, Apr 15, 2021 at 2:30 PM Alex Gaynor wrote:
>
>> I don'
We do not have a planned release date for our next release. Probably
towards the end of the month though, maybe early next month.
Alex
On Mon, Aug 2, 2021 at 8:34 PM Rowan, Jim wrote:
>
> I have a few questions about SM4 support?
>
> Is there a planned release date for a release t
You want Encoding.DER, not PEM.
Alex
On Thu, Sep 16, 2021 at 11:51 AM pepone.onrez wrote:
>
> Hi,
>
> Is there a way to compute the issuer key hash from the certificate issuer?
>
> I tried with:
>
> public_key = issuer_cert.public_key().public_b
Cryptography already publishes abi3 wheels that cover all supported
versions of Python3:
https://cryptography.io/en/latest/faq/#why-are-there-no-wheels-for-my-python3-x-version
You likely need to upgrade your version of pip.
Alex
On Mon, Nov 15, 2021 at 8:57 PM Andrey Gusakov wrote:
>
&
If this is coming from the US government, please email me off list with
which agencies are demanding to know if python is impacted by log4j.
Alex
בתאריך יום ד׳, 15 בדצמ׳ 2021, 11:59, מאת Bill Cain :
> First, thank you so much for the quick response. We so appreciate all
> that you
ll_ X.509 validation
for TLS connections, your best bet is probably to monkeypatch
https://docs.python.org/3/library/ssl.html#ssl.create_default_context
to return a context with your verify callback.
Alex
On Fri, Jan 7, 2022 at 1:13 PM Edward Tsang via Cryptography-dev
wrote:
>
> Is it possibl
--no-binary prevents downloading a pre-built wheel. However, pip will
always build a wheel internally from an sdist, that's part of how it
installs a package.
What are you actually trying to do?
Alex
On Sun, Feb 27, 2022 at 8:00 AM Felix Woelk wrote:
>
> Hi there,
>
> I am u
What does it mean to you to validate an SSH key?
pyOpenSSL does not have any functions for interacting with
SSH-formatted keys. cryptography has a function for parsing them:
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#openssh-public-key
Alex
On Mon, Feb 28
Sure, then the parse function in cryptography should do what you want
-- it will either return a public key or raise an exception.
Alex
On Mon, Feb 28, 2022 at 9:57 AM Seyed Mohammad Fakhraie
wrote:
>
> Hey Alex,
> Thanks for getting back. My bad. I meant SSH public keys. I want to
&g
likely make do by
using `cert.signature_algorithm_oid` instead of
`cert.signature_algorithm` and mapping the OID to hash algorithm
yourself.
Alex
On Tue, Mar 8, 2022 at 7:29 AM Doran, Andrew
wrote:
>
> Hi,
>
> We are using the cryptography module with pyWinRM to run PowerShell scripts
Your question doesn't have many details, but see:
https://cryptography.io/en/latest/faq/#why-are-there-no-wheels-for-my-python3-x-version
I suspect this answers your question.
Alex
On Tue, May 31, 2022 at 12:18 PM Zhang, Yang via Cryptography-dev <
cryptography-dev@python.org> wro
ciphers,
asymmetric algorithms, message digests, X509, key derivation
functions, and much more. We support Python 3.6+, and PyPy3.
Changelog (https://cryptography.io/en/latest/changelog/#v37-0-3)
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.4.
Alex
--
All that is
+, and PyPy3.
Changelog (https://cryptography.io/en/latest/changelog/#v37-0-4):
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.0.5.
Alex
--
All that is necessary for evil to succeed is for good people to do nothing
on a machine with the same version of OpenSSL and headers.
Alex
On Mon, Jul 11, 2022 at 3:02 PM SUDHAKAR REDDY KHANDI wrote:
>
> hi
>
> i am using python-cryptography to sign a http request using RSA. I am using
> this on the linux platform. In my source tree, I don't see
No, there is no plan to issue a 39 release shortly.
This complaint should be directed at the Safety DB. There is no
LibreSSL vulnerability, they are confused.
https://github.com/pyupio/safety/issues/413
Alex
On Mon, Oct 3, 2022 at 12:09 PM Rodney McBride via Cryptography-dev
wrote:
>
&
eased OpenSSL 3.0.7.
cryptography includes both high level recipes and low level interfaces
to common cryptographic algorithms such as symmetric ciphers,
asymmetric algorithms, message digests, X509, key derivation
functions, and much more. We support Python 3.6+, and PyPy3.
Alex
--
All th
we accept public contributions, and we publish our security
releases in the usual places (CVE DB, GHSA, oss-security list). We
don't fill out vendor forms.
Alex
On Fri, Jan 6, 2023 at 1:32 PM Bird, Kurt wrote:
>
> Dear PyNaCl Developers,
>
>
>
> GDMS-C is preparing a r
a) Everything I said about your identical email regarding pynacl is
applicable here
b) Please don't ship new things in 2023 that use pyOpenSSL 20, which
is from 2020.
Alex
On Fri, Jan 6, 2023 at 5:07 PM Bird, Kurt wrote:
>
> Dear PyOpenSSL Maintainers,
>
>
>
> GDMS-C is
This is not correct, block size and key size are not the same thing
for symmetric encryption algorithms.
AES's block size is always 128-bit, it's not something cryptography
chooses to use, it's the definition of the algorithm.
Alex
On Thu, Feb 2, 2023 at 8:02 PM Arshad Khan w
prefer.
Alex
On Thu, Feb 2, 2023 at 8:14 PM Arshad Khan wrote:
>
> Thanks Alex for the quick reply.
>
> So in my case it can be said that I am using AES-256-CTR cipher? Because I
> was calling it AES-128-CTR and people were asking me why I am using a smaller
> key.
>
> On
We upload wheels for all releases.
We use abi3 wheels, so there aren't wheels specifically for Python
3.8:
https://cryptography.io/en/latest/faq/#why-are-there-no-wheels-for-my-python3-x-version
Alex
On Fri, Feb 17, 2023 at 5:44 AM Manish Gupta <9manishgup...@gmail.com> wrote:
>
This issue is resolved in cryptography version 39.0.1 and newer. You
simply need to upgrade.
Alex
On Tue, Mar 7, 2023 at 6:02 AM Mani Sankar Karanam via
Cryptography-dev wrote:
>
> Hello Team !!!
> Thank you for providing the open source python package cryptography. It is
> greatl
I'm not positive I understand your question.
That said, cryptography has supported OpenSSL 3.0 since version 35.0,
and pyOpenSSL has required cryptography 35.0.0 since pyOpenSSL 22.
Alex
On Wed, Apr 5, 2023 at 10:58 AM Prasad, PCRaghavendra via
Cryptography-dev wrote:
>
> Hi Team,
Cryptography can be built to link OpenSSL in either mode. Our pre-built
wheels statically link OpenSSL, but users can compile it either way.
Alex
On Thu, May 25, 2023, 1:38 PM Laurent Philippart (Nokia) <
laurent.philipp...@nokia.com> wrote:
> Hi,
>
>
>
> Could
The error you're receiving, "Error: Unable to find a match:
python-devel OpenSSL-devel" is coming from yum, and not from anything
to do with cryptography.
For support with using yum, you should contact Red Hat.
Alex
On Wed, Aug 2, 2023 at 5:37 PM Rishi Kesh Kumar
wrote:
>
&g
1 - 100 of 142 matches
Mail list logo
