[pycrypto] adding ssh keys support in distutils2

Legrandin gooksankoo at hoiptorrow.mailexpire.com
Tue Feb 22 14:23:24 CST 2011


>> It seems to be that openssl alone is more practical for that, as it
>> simply runs from the command line.
>> Or do you plan to do everything from within Python?
>
> within python since both client and server are python code.

Right now ssh keys cannot be imported in pycrypto (although I have
been planning for a while to add that).
Is that important to you?

You can import openssl keys though (.pem/.der) provided they are not
encrypted with a password. Alternatively, if interoperability is not a
concern, you can generate a key pair (e.g. RSA) within python and
export it with pickle.

Once the keys are in python at the sender, you can concatenate and
pass the file and the request headers through a hash function (like
SHA), and then sign the resulting hash using RSA.sign.

At the other end, you do the same hash and pass it to RSA.verify
(where RSA is the public half only) together with the signature you
received from the sender.


More information about the pycrypto mailing list