[pycrypto] Public key algos usage
Dwayne C. Litzenberger
dlitz at dlitz.net
Thu Nov 19 01:34:58 CST 2009
On Mon, Nov 16, 2009 at 03:07:49PM +0100, Kiwi wrote:
>I cannot find documentation on using PyCrypto's public keys algorithms.
>The main problem is that while I can easily create a private/public
>keypair and use it, I don't understand how to create an object given
>only a public key (encryption/verify only).
>The only documentation says to "look at the source code".
>What is the best thing to do at this time?
>Wait for a definitive API? Use a development version? Use the old
>undocumented API?
PyCrypto's current public key API is half-baked. It's experimental and was
never really finished. For example, the RSA module doesn't do any
PKCS#1/OAEP padding, and the DSA module doesn't do the necessary hashing
step.
The only way you'll achieve any security out of it is to read the source
code while simultaneously reading the appropriate standards documents
(PKCS#1 or FIPS 186-3). It's far from where I would like it to be, but as
it stands, if you can't figure out the API, you probably shouldn't be using
it.
If you want to do real public-key crypto in Python today, you probably want
to use a higher-level library like Keyczar or maybe ezPyCrypto (I haven't
evaluated either of these, so I make no promises about their security.).
Or just invoke GnuPG. :-/
--
Dwayne C. Litzenberger <dlitz at dlitz.net>
Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
Annual key (2009) - C805 1746 397B 0202 2758 2821 58E0 894B 81D2 582E
More information about the pycrypto
mailing list