[pycrypto] example

avo ga avogatro2007 at googlemail.com
Mon Aug 24 20:04:19 CST 2009

>RandomPool is badly broken.  Don't use it.

Thx for the hint.
I will check  RandomPool and change it to some python build-in random
if that helps.

About DSA:
I thought the actual pycrypto use SHA-1...
make hash of the AES key with SHA2, and then sign the SHA2-hash. Is that
what you mean?

About RSA:
i will check the code about OAEP.
can't find it in the documentation. (but in wikipedia...)

ELGAMAL signature requires a random number k: 2<k<p-1 with GCD(k,p-1)=1
i used a fix prime. I will correct this.

ELGAMAL ist important for me, because it has no patent /copyright.

> http://lists.dlitz.net/pipermail/pycrypto/2009q3/000116.html
> >#################### DSA only sign
> >privatekeyCMS = DSA.generate(368, rpool.get_bytes)
> >publickeyCMS = privatekeyCMS.publickey()
> >signed_PWD = privatekeyCMS.sign(PWD,K)
> >print "identity check:\n",publickeyCMS.verify(dec_PWD,signed_PWD)
> >print "decrypted PWD from ELGAMAL:\n",dec_PWD
> PyCrypto's public key primitives are incomplete at this point, and you
> should not use them unless you are willing to read both PyCrypto's source
> code and the relevant specifications.  For RSA, you need OAEP (i.e.  PKCS#1
> v2.1) if you want security.  For DSA, there is a hash you need to compute
> (it's not done for you automatically---see FIPS 186.  For ElGamal, I'm
> pretty sure there's something too.
> That's all I'm willing to comment on a vague question about a bunch of
> uncommented demo code.
> --
> Dwayne C. Litzenberger <dlitz at dlitz.net>
>  Key-signing key   - 19E1 1FE8 B3CF F273 ED17  4A24 928C EC13 39C2 5CF7
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.dlitz.net/pipermail/pycrypto/attachments/20090825/412e85b7/attachment.htm 

More information about the pycrypto mailing list