[pycrypto] Can pycrypt do a key exchange?
James A. Donald
jamesd at echeque.com
Fri Jan 23 23:05:07 CST 2009
Gre7g Luterman wrote:
> Hey list -
>
> I'm working on a Python application where clients will
> open encrypted connections to a custom server
> application. The data isn't something super-important,
> like credit card numbers, but I'd rather not have it
> snooped or otherwise mucked with by outsiders.
>
> pycrypt makes this easy, but how do I share the key
> securely? pycrypt has code for calculating
> public/private keys, encrypting with them, decrypting
> with them, etc., but I don't see an obvious way to do
> an exchange with it.
Key distribution is in the general case a major unsolved
problem, and there are no libraries to handle it -
worse, there are no protocols to handle it, worse still,
there are no successful examples to imitate, other than
SSH.
You, however, are not solving the general case, so might
hand roll your own custom solution, perhaps starting
with a single widely known trusted master public key
embedded in both client and server, whose secret key,
which you alone possess, is used to sign durable client
keys and server keys, which are used in combination with
transient client keys and transient server keys - the
skype solution.
Now, of course, all the experts say "never hand roll
your own custom solution", which is true if the experts
have something ready to roll that actually works. Which,
for key distribution, they generally do not.
The particular special case solution will depend on the
particulars of your particular special case.
More information about the pycrypto
mailing list