[pycrypto] Pycrypto question.
don at amberfisharts.com
Tue May 4 13:00:39 CST 2010
some time ago I wrote a small module which provided me with a API that suited me better than that of PyCrypto.
I attached a slightly modified version of it. I also added a short example to the end of it. I hope you can find the
information you want in there.
Concerning the documentation: I agree, it could be improved. I think you were looking for this .
Concerning the import of externally generated keys: I think this came up before on the list or bug tracker.
AFAIK, it is not directly supported by PyCrypto. However, you can create a key pair from a tuple of numbers
(for example the public and private exponent and the modulus). This is done with construct function .
You just have to find a way to get to those numbers of your externally generated keys.
I probably should also point out that the usage of RandomPool is strongly discouraged  and that there is a Random
module in PyCrypto-2.1 that you should use instead.
On 05/04/2010 07:04 PM, jd wrote:
> Thanks for the response.(Sorry ..for late response. Somehow this went in to my spam folder.)
> Yes, I indeed want to use private key to encrypt (oops.. sign) and decrypt (verify) using public/private key pairs.
> Would anyone point to the example usage/pseudo code that I can try out.
> Didnt find method details over here.
> I am assuming that the intent is clear from the example.
> Some Text ===> Encrypt (optionally) sign (using private key) ===> encrypted message
> encrypted message ==> (optionally) Verify and decrypt (using public key) ==> original message (Some Text)
> Also, would appreciate if instead of generating keys as in sample program, is there a way to use publick/private keys used by ssh-keygen -t rsa.
> Help is much appreciated.
> --- On Sun, 5/2/10, Lorenz Quack<don at amberfisharts.com> wrote:
>> From: Lorenz Quack<don at amberfisharts.com>
>> Subject: Re: [pycrypto] Pycrypto question.
>> To: "PyCrypto discussion list"<pycrypto at lists.dlitz.net>
>> Date: Sunday, May 2, 2010, 1:52 PM
>> On 05/02/2010 10:36 PM, Glenn
>> Linderman wrote:
>>> On 5/2/2010 1:13 PM, Lorenz Quack wrote:
>>>> Hi Jd,
>>>> On 05/02/2010 10:02 PM, jd wrote:
>>>>> Hi everyone,
>>>>> I am trying to implement a simple pub/private
>> key scheme. Want to encrypt bunch of things and decrypt it
>> using public
>>>>> key (which will be distributed).
>>>> You seem to have some misconceptions about how
>> public key cryptography works.
>>>> I suggest you (re-)read up on it. Wikipedia will
>> probably cover the basics.
>>>> For starters, by definition you use the *public*
>> key for encrypt and the privat one for decryption.
>>> Indeed, Wikipedia has an article. And in the first
>> paragraph  they
>>> describe one use case for encrypting by public key,
>> and decrypting by
>>> private key, and another use case for encrypting by
>> private key, and
>>> decrypting by public key. It might be appropriate to
>> figure out what use
>>> case the OP has before declaring definitions for a
>> particular use case.
>>> Now as far as what the APIs are called, that might be
>> a different story :)
>>>  *Public-key cryptography* is a cryptographic
>>> <http://en.wikipedia.org/wiki/Cryptography> approach
>> which involves the
>>> use of asymmetric key algorithms instead of or in
>> addition to symmetric
>>> key algorithms<http://en.wikipedia.org/wiki/Symmetric_key_algorithm>.
>>> Unlike symmetric key algorithms, it does not require a
>>> <http://en.wikipedia.org/wiki/Secure_channel> initial
>>> <http://en.wikipedia.org/wiki/Key_exchange> of one or
>> more secret keys
>>> <http://en.wikipedia.org/wiki/Secret_key> to both
>> sender and receiver.
>>> The asymmetric key algorithms are used to create a
>>> related key pair: a secret private key and a published
>> public key. Use
>>> of these keys allows protection of the authenticity
>>> <http://en.wikipedia.org/wiki/Authenticity> of a
>> message by creating a
>>> digital signature<http://en.wikipedia.org/wiki/Digital_signature> of
>>> message using the private key, which can be verified
>> using the public
>>> key. It also allows protection of the confidentiality
>>> <http://en.wikipedia.org/wiki/Confidentiality> and
>>> <http://en.wikipedia.org/wiki/Integrity> of a
>> message, by public key
>>> encryption<http://en.wikipedia.org/wiki/Encryption>, encrypting
>>> message using the public key, which can only be
>> decrypted using the
>>> private key.
>> Granted "definition" may have been a poor choice of word.
>> But AFAIK the use case of "encrypting" via the private key
>> is generally called signing.
>> So I assumed that the OP had the wrong idea about how the
>> scheme is used because he didn't
>> use the generally accept terminology. If that was
>> presumptuous I hereby apologize.
>> So, to come back to the OPs question:
>> if you use a RSA key to encrypt a message like you did in
>> your example internally it uses the public
>> part of the key pair for encryption. you would then have to
>> use the private part to decypt it.
>> If on the other hand you really want to encrypt with the
>> private part and decrypt with the public part
>> then know that this is usually refered to as signing and
>> verifying (verification?).
>> There is also and API for this in PyCrypto.
>> Hope this is clearer and more helpful than my last
>> have a nice day
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3969 bytes
Desc: not available
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20100504/d5ad8e25/attachment.py
More information about the pycrypto