[pycrypto] Pycrypto question.
jd
jdsw2002 at yahoo.com
Wed May 5 11:05:49 CST 2010
Thanks this helps clarify few things.
Couple od questions.
1. I am on older version of pycrypto, can I simply use os.urandom for random # ?
2. Do I really need a separate block encryption for the message ?
I know this may sound strange.. but asymmetric keys gives you ability to encrypt right ? So is there a big problem .. using it in the following manner ?
x=RSAkey.decrypt("Foo Bar") # This will use the private key
pub = RSAkey.publickey()
pub.encrypt(x,0) # This will use the public key and give me "Foo Bar" back.
Any restriction on the content being encrypted /decrypted ?
Thanks for awesome response.
/Jd
--- On Tue, 5/4/10, Lorenz Quack <don at amberfisharts.com> wrote:
> From: Lorenz Quack <don at amberfisharts.com>
> Subject: Re: [pycrypto] Pycrypto question.
> To: "PyCrypto discussion list" <pycrypto at lists.dlitz.net>
> Date: Tuesday, May 4, 2010, 12:00 PM
> Hi jd,
>
> some time ago I wrote a small module which provided me with
> a API that suited me better than that of PyCrypto.
> I attached a slightly modified version of it. I also added
> a short example to the end of it. I hope you can find the
> information you want in there.
>
> Concerning the documentation: I agree, it could be
> improved. I think you were looking for this [1].
>
> Concerning the import of externally generated keys: I think
> this came up before on the list or bug tracker.
> AFAIK, it is not directly supported by PyCrypto. However,
> you can create a key pair from a tuple of numbers
> (for example the public and private exponent and the
> modulus). This is done with construct function [2].
> You just have to find a way to get to those numbers of your
> externally generated keys.
>
> I probably should also point out that the usage of
> RandomPool is strongly discouraged [3] and that there is a
> Random
> module in PyCrypto-2.1 that you should use instead.
>
> sincerely yours
> //Lorenz
>
> [1] http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.pubkey.pubkey-class.html
> [2] http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html
> [3] http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html
>
>
>
> On 05/04/2010 07:04 PM, jd wrote:
> > Thanks for the response.(Sorry ..for late response.
> Somehow this went in to my spam folder.)
> >
> > Yes, I indeed want to use private key to encrypt
> (oops.. sign) and decrypt (verify) using public/private key
> pairs.
> >
> >
> > Would anyone point to the example usage/pseudo code
> that I can try out.
> >
> > Didnt find method details over here.
> > http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html
> >
> > I am assuming that the intent is clear from the
> example.
> > Some Text ===> Encrypt (optionally) sign
> (using private key) ===> encrypted message
> > encrypted message ==> (optionally) Verify and
> decrypt (using public key) ==> original message
> (Some Text)
> >
> > Also, would appreciate if instead of generating keys
> as in sample program, is there a way to use publick/private
> keys used by ssh-keygen -t rsa.
> >
> > Help is much appreciated.
> > Thanks
> >
> >
> >
> >
> > /Jd
> >
> >
> > --- On Sun, 5/2/10, Lorenz Quack<don at amberfisharts.com>
> wrote:
> >
> >> From: Lorenz Quack<don at amberfisharts.com>
> >> Subject: Re: [pycrypto] Pycrypto question.
> >> To: "PyCrypto discussion list"<pycrypto at lists.dlitz.net>
> >> Date: Sunday, May 2, 2010, 1:52 PM
> >> On 05/02/2010 10:36 PM, Glenn
> >> Linderman wrote:
> >>> On 5/2/2010 1:13 PM, Lorenz Quack wrote:
> >>>> Hi Jd,
> >>>>
> >>>> On 05/02/2010 10:02 PM, jd wrote:
> >>>>
> >>>>> Hi everyone,
> >>>>>
> >>>>> I am trying to implement a simple
> pub/private
> >> key scheme. Want to encrypt bunch of things and
> decrypt it
> >> using public
> >>>>> key (which will be distributed).
> >>>>>
> >>>> You seem to have some misconceptions about
> how
> >> public key cryptography works.
> >>>> I suggest you (re-)read up on it.
> Wikipedia will
> >> probably cover the basics.
> >>>> For starters, by definition you use the
> *public*
> >> key for encrypt and the privat one for
> decryption.
> >>>>
> >>>
> >>> Indeed, Wikipedia has an article. And in the
> first
> >> paragraph [1] they
> >>> describe one use case for encrypting by public
> key,
> >> and decrypting by
> >>> private key, and another use case for
> encrypting by
> >> private key, and
> >>> decrypting by public key. It might be
> appropriate to
> >> figure out what use
> >>> case the OP has before declaring definitions
> for a
> >> particular use case.
> >>> Now as far as what the APIs are called, that
> might be
> >> a different story :)
> >>>
> >>> [1] *Public-key cryptography* is a
> cryptographic
> >>> <http://en.wikipedia.org/wiki/Cryptography>
> approach
> >> which involves the
> >>> use of asymmetric key algorithms instead of or
> in
> >> addition to symmetric
> >>> key algorithms<http://en.wikipedia.org/wiki/Symmetric_key_algorithm>.
> >>> Unlike symmetric key algorithms, it does not
> require a
> >> secure
> >>> <http://en.wikipedia.org/wiki/Secure_channel>
> initial
> >> exchange
> >>> <http://en.wikipedia.org/wiki/Key_exchange> of
> one or
> >> more secret keys
> >>> <http://en.wikipedia.org/wiki/Secret_key> to
> both
> >> sender and receiver.
> >>> The asymmetric key algorithms are used to
> create a
> >> mathematically
> >>> related key pair: a secret private key and a
> published
> >> public key. Use
> >>> of these keys allows protection of the
> authenticity
> >>> <http://en.wikipedia.org/wiki/Authenticity> of
> a
> >> message by creating a
> >>> digital signature<http://en.wikipedia.org/wiki/Digital_signature>
> of
> >> a
> >>> message using the private key, which can be
> verified
> >> using the public
> >>> key. It also allows protection of the
> confidentiality
> >>> <http://en.wikipedia.org/wiki/Confidentiality>
> and
> >> integrity
> >>> <http://en.wikipedia.org/wiki/Integrity> of a
> >> message, by public key
> >>> encryption<http://en.wikipedia.org/wiki/Encryption>,
> encrypting
> >> the
> >>> message using the public key, which can only
> be
> >> decrypted using the
> >>> private key.
> >>>
> >>
> >> Granted "definition" may have been a poor choice
> of word.
> >> But AFAIK the use case of "encrypting" via the
> private key
> >> is generally called signing.
> >> So I assumed that the OP had the wrong idea about
> how the
> >> scheme is used because he didn't
> >> use the generally accept terminology. If that was
> >> presumptuous I hereby apologize.
> >>
> >> So, to come back to the OPs question:
> >> if you use a RSA key to encrypt a message like you
> did in
> >> your example internally it uses the public
> >> part of the key pair for encryption. you would
> then have to
> >> use the private part to decypt it.
> >> If on the other hand you really want to encrypt
> with the
> >> private part and decrypt with the public part
> >> then know that this is usually refered to as
> signing and
> >> verifying (verification?).
> >> There is also and API for this in PyCrypto.
> >>
> >> Hope this is clearer and more helpful than my
> last
> >> message.
> >>
> >> have a nice day
> >> //Lorenz
>
>
> -----Inline Attachment Follows-----
>
> _______________________________________________
> pycrypto mailing list
> pycrypto at lists.dlitz.net
> http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto
>
More information about the pycrypto
mailing list