>RandomPool is badly broken. Don't use it.<br><br>Thx for the hint.<br>I will check RandomPool and change it to some python build-in random function,<br>if that helps.<br><br><br>About DSA:<br>I thought the actual pycrypto use SHA-1...<br>
make hash of the AES key with SHA2, and then sign the SHA2-hash. Is that what you mean?<br><br>About RSA:<br>i will check the code about OAEP.<br>can't find it in the documentation. (but in wikipedia...)<br><br>ELGAMAL signature requires a random number k: 2<k<p-1 with GCD(k,p-1)=1<br>
i used a fix prime. I will correct this. <br><br>ELGAMAL ist important for me, because it has no patent /copyright.<br><br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
<a href="http://lists.dlitz.net/pipermail/pycrypto/2009q3/000116.html" target="_blank">http://lists.dlitz.net/pipermail/pycrypto/2009q3/000116.html</a><br>
<br>
>#################### DSA only sign<br>
<div class="im">>privatekeyCMS = DSA.generate(368, rpool.get_bytes)<br>
>publickeyCMS = privatekeyCMS.publickey()<br>
>signed_PWD = privatekeyCMS.sign(PWD,K)<br>
>print "identity check:\n",publickeyCMS.verify(dec_PWD,signed_PWD)<br>
>print "decrypted PWD from ELGAMAL:\n",dec_PWD<br>
<br>
</div>PyCrypto's public key primitives are incomplete at this point, and you<br>
should not use them unless you are willing to read both PyCrypto's source<br>
code and the relevant specifications. For RSA, you need OAEP (i.e. PKCS#1<br>
v2.1) if you want security. For DSA, there is a hash you need to compute<br>
(it's not done for you automatically---see FIPS 186. For ElGamal, I'm<br>
pretty sure there's something too.<br>
<br>
That's all I'm willing to comment on a vague question about a bunch of<br>
uncommented demo code.<br>
<font color="#888888"><br>
--<br>
Dwayne C. Litzenberger <<a href="mailto:dlitz@dlitz.net">dlitz@dlitz.net</a>><br>
Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7<br>
_______________________________________________<br>
pycrypto mailing list<br>
<a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br>
</font></blockquote><br>
</div><br>