[pycrypto] Public key algos usage

Dwayne C. Litzenberger dlitz at dlitz.net
Thu Nov 19 01:34:58 CST 2009


On Mon, Nov 16, 2009 at 03:07:49PM +0100, Kiwi wrote:
>I cannot find documentation on using PyCrypto's public keys algorithms.
>The main problem is that while I can easily create a private/public
>keypair and use it, I don't understand how to create an object given
>only a public key (encryption/verify only).
>The only documentation says to "look at the source code".
>What is the best thing to do at this time?
>Wait for a definitive API? Use a development version? Use the old
>undocumented API?

PyCrypto's current public key API is half-baked.  It's experimental and was 
never really finished.  For example, the RSA module doesn't do any 
PKCS#1/OAEP padding, and the DSA module doesn't do the necessary hashing 
step.

The only way you'll achieve any security out of it is to read the source 
code while simultaneously reading the appropriate standards documents 
(PKCS#1 or FIPS 186-3).  It's far from where I would like it to be, but as 
it stands, if you can't figure out the API, you probably shouldn't be using 
it.

If you want to do real public-key crypto in Python today, you probably want 
to use a higher-level library like Keyczar or maybe ezPyCrypto (I haven't 
evaluated either of these, so I make no promises about their security.).

Or just invoke GnuPG. :-/


-- 
Dwayne C. Litzenberger <dlitz at dlitz.net>
  Key-signing key   - 19E1 1FE8 B3CF F273 ED17  4A24 928C EC13 39C2 5CF7
  Annual key (2009) - C805 1746 397B 0202 2758  2821 58E0 894B 81D2 582E


More information about the pycrypto mailing list