delta/python-packages/pycrypto.git - github.com: dlitz/pycrypto.git

diff options


context:
space:
mode:

Diffstat (limited to 'pipermail/pycrypto/2010q2/000230.html')

-rw-r--r--

pipermail/pycrypto/2010q2/000230.html

306

1 files changed, 306 insertions, 0 deletions

diff --git a/pipermail/pycrypto/2010q2/000230.html b/pipermail/pycrypto/2010q2/000230.html
new file mode 100644
index 0000000..4a2443b
--- /dev/null
+++ b/pipermail/pycrypto/2010q2/000230.html

@@ -0,0 +1,306 @@

+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [pycrypto] Pycrypto question.

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20Pycrypto%20question.&In-Reply-To=4BE06ED7.7040003%40amberfisharts.com">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="000228.html">

+ <LINK REL="Next" HREF="000231.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[pycrypto] Pycrypto question.</H1>

+ jd

+ <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20Pycrypto%20question.&In-Reply-To=4BE06ED7.7040003%40amberfisharts.com"

+ TITLE="[pycrypto] Pycrypto question.">jdsw2002 at yahoo.com

+ </A>

+ Wed May 5 11:05:49 CST 2010

+ <UL>

+ <LI>Previous message: <A HREF="000228.html">[pycrypto] Pycrypto question.

+</A></li>

+ <LI>Next message: <A HREF="000231.html">[pycrypto] Pycrypto question.

+</A></li>

+ <LI> Messages sorted by:

+ <a href="date.html#230">[ date ]</a>

+ <a href="thread.html#230">[ thread ]</a>

+ <a href="subject.html#230">[ subject ]</a>

+ <a href="author.html#230">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+

+<PRE>Thanks this helps clarify few things.

+Couple od questions.

+1. I am on older version of pycrypto, can I simply use os.urandom for random # ?

+2. Do I really need a separate block encryption for the message ?

+ I know this may sound strange.. but asymmetric keys gives you ability to encrypt right ? So is there a big problem .. using it in the following manner ?

+ x=RSAkey.decrypt("Foo Bar") # This will use the private key

+ pub = RSAkey.publickey()

+ pub.encrypt(x,0) # This will use the public key and give me "Foo Bar" back.

+ Any restriction on the content being encrypted /decrypted ?

+Thanks for awesome response.

+/Jd

+--- On Tue, 5/4/10, Lorenz Quack <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>> wrote:

+> From: Lorenz Quack <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>>

+> Subject: Re: [pycrypto] Pycrypto question.

+> To: "PyCrypto discussion list" <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>>

+> Date: Tuesday, May 4, 2010, 12:00 PM

+> Hi jd,

+>

+> some time ago I wrote a small module which provided me with

+> a API that suited me better than that of PyCrypto.

+> I attached a slightly modified version of it. I also added

+> a short example to the end of it. I hope you can find the

+> information you want in there.

+>

+> Concerning the documentation: I agree, it could be

+> improved. I think you were looking for this [1].

+>

+> Concerning the import of externally generated keys: I think

+> this came up before on the list or bug tracker.

+> AFAIK, it is not directly supported by PyCrypto. However,

+> you can create a key pair from a tuple of numbers

+> (for example the public and private exponent and the

+> modulus). This is done with construct function [2].

+> You just have to find a way to get to those numbers of your

+> externally generated keys.

+>

+> I probably should also point out that the usage of

+> RandomPool is strongly discouraged [3] and that there is a

+> Random

+> module in PyCrypto-2.1 that you should use instead.

+>

+> sincerely yours

+> //Lorenz

+>

+> [1] <A HREF="http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.pubkey.pubkey-class.html">http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.pubkey.pubkey-class.html</A>

+> [2] <A HREF="http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html">http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html</A>

+> [3] <A HREF="http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html">http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html</A>

+>

+> On 05/04/2010 07:04 PM, jd wrote:

+> > Thanks for the response.(Sorry ..for late response.

+> Somehow this went in to my spam folder.)

+> >

+> > Yes, I indeed want to use private key to encrypt

+> (oops.. sign) and decrypt (verify) using public/private key

+> pairs.

+> >

+> > Would anyone point to the example usage/pseudo code

+> that I can try out.

+> >

+> > Didnt find method details over here.

+> > <A HREF="http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html">http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html</A>

+> >

+> > I am assuming that the intent is clear from the

+> example.

+> > Some Text ===>  Encrypt (optionally) sign

+> (using private key) ===>  encrypted message

+> > encrypted message ==>  (optionally) Verify and

+> decrypt (using public key) ==>  original message

+> (Some Text)

+> >

+> > Also, would appreciate if instead of generating keys

+> as in sample program, is there a way to use publick/private

+> keys used by ssh-keygen -t rsa.

+> >

+> > Help is much appreciated.

+> > Thanks

+> >

+> > /Jd

+> >

+> > --- On Sun, 5/2/10, Lorenz Quack<<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>>

+> wrote:

+> >

+> >> From: Lorenz Quack<<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>>

+> >> Subject: Re: [pycrypto] Pycrypto question.

+> >> To: "PyCrypto discussion list"<<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>>

+> >> Date: Sunday, May 2, 2010, 1:52 PM

+> >> On 05/02/2010 10:36 PM, Glenn

+> >> Linderman wrote:

+> >>> On 5/2/2010 1:13 PM, Lorenz Quack wrote:

+> >>>> Hi Jd,

+> >>>>

+> >>>> On 05/02/2010 10:02 PM, jd wrote:

+> >>>>

+> >>>>> Hi everyone,

+> >>>>>

+> >>>>> I am trying to implement a simple

+> pub/private

+> >> key scheme. Want to encrypt bunch of things and

+> decrypt it

+> >> using public

+> >>>>> key (which will be distributed).

+> >>>>>

+> >>>> You seem to have some misconceptions about

+> how

+> >> public key cryptography works.

+> >>>> I suggest you (re-)read up on it.

+> Wikipedia will

+> >> probably cover the basics.

+> >>>> For starters, by definition you use the

+> *public*

+> >> key for encrypt and the privat one for

+> decryption.

+> >>>>

+> >>>

+> >>> Indeed, Wikipedia has an article. And in the

+> first

+> >> paragraph [1] they

+> >>> describe one use case for encrypting by public

+> key,

+> >> and decrypting by

+> >>> private key, and another use case for

+> encrypting by

+> >> private key, and

+> >>> decrypting by public key. It might be

+> appropriate to

+> >> figure out what use

+> >>> case the OP has before declaring definitions

+> for a

+> >> particular use case.

+> >>> Now as far as what the APIs are called, that

+> might be

+> >> a different story :)

+> >>>

+> >>> [1] *Public-key cryptography* is a

+> cryptographic

+> >>> <<A HREF="http://en.wikipedia.org/wiki/Cryptography">http://en.wikipedia.org/wiki/Cryptography</A>>

+> approach

+> >> which involves the

+> >>> use of asymmetric key algorithms instead of or

+> in

+> >> addition to symmetric

+> >>> key algorithms<<A HREF="http://en.wikipedia.org/wiki/Symmetric_key_algorithm">http://en.wikipedia.org/wiki/Symmetric_key_algorithm</A>>.

+> >>> Unlike symmetric key algorithms, it does not

+> require a

+> >> secure

+> >>> <<A HREF="http://en.wikipedia.org/wiki/Secure_channel">http://en.wikipedia.org/wiki/Secure_channel</A>>

+> initial

+> >> exchange

+> >>> <<A HREF="http://en.wikipedia.org/wiki/Key_exchange">http://en.wikipedia.org/wiki/Key_exchange</A>>  of

+> one or

+> >> more secret keys

+> >>> <<A HREF="http://en.wikipedia.org/wiki/Secret_key">http://en.wikipedia.org/wiki/Secret_key</A>>  to

+> both

+> >> sender and receiver.

+> >>> The asymmetric key algorithms are used to

+> create a

+> >> mathematically

+> >>> related key pair: a secret private key and a

+> published

+> >> public key. Use

+> >>> of these keys allows protection of the

+> authenticity

+> >>> <<A HREF="http://en.wikipedia.org/wiki/Authenticity">http://en.wikipedia.org/wiki/Authenticity</A>>  of

+> a

+> >> message by creating a

+> >>> digital signature<<A HREF="http://en.wikipedia.org/wiki/Digital_signature">http://en.wikipedia.org/wiki/Digital_signature</A>>

+> of

+> >> a

+> >>> message using the private key, which can be

+> verified

+> >> using the public

+> >>> key. It also allows protection of the

+> confidentiality

+> >>> <<A HREF="http://en.wikipedia.org/wiki/Confidentiality">http://en.wikipedia.org/wiki/Confidentiality</A>>

+> and

+> >> integrity

+> >>> <<A HREF="http://en.wikipedia.org/wiki/Integrity">http://en.wikipedia.org/wiki/Integrity</A>>  of a

+> >> message, by public key

+> >>> encryption<<A HREF="http://en.wikipedia.org/wiki/Encryption">http://en.wikipedia.org/wiki/Encryption</A>>,

+> encrypting

+> >> the

+> >>> message using the public key, which can only

+> be

+> >> decrypted using the

+> >>> private key.

+> >>>

+> >>

+> >> Granted "definition" may have been a poor choice

+> of word.

+> >> But AFAIK the use case of "encrypting" via the

+> private key

+> >> is generally called signing.

+> >> So I assumed that the OP had the wrong idea about

+> how the

+> >> scheme is used because he didn't

+> >> use the generally accept terminology. If that was

+> >> presumptuous I hereby apologize.

+> >>

+> >> So, to come back to the OPs question:

+> >> if you use a RSA key to encrypt a message like you

+> did in

+> >> your example internally it uses the public

+> >> part of the key pair for encryption. you would

+> then have to

+> >> use the private part to decypt it.

+> >> If on the other hand you really want to encrypt

+> with the

+> >> private part and decrypt with the public part

+> >> then know that this is usually refered to as

+> signing and

+> >> verifying (verification?).

+> >> There is also and API for this in PyCrypto.

+> >>

+> >> Hope this is clearer and more helpful than my

+> last

+> >> message.

+> >>

+> >> have a nice day

+> >> //Lorenz

+>

+> -----Inline Attachment Follows-----

+>

+> _______________________________________________

+> pycrypto mailing list

+> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>

+> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A>

+>

+

+</PRE>

+

+ <HR>

+ <UL>

+

+ <LI>Previous message: <A HREF="000228.html">[pycrypto] Pycrypto question.

+</A></li>

+ <LI>Next message: <A HREF="000231.html">[pycrypto] Pycrypto question.

+</A></li>

+ <LI> Messages sorted by:

+ <a href="date.html#230">[ date ]</a>

+ <a href="thread.html#230">[ thread ]</a>

+ <a href="subject.html#230">[ subject ]</a>

+ <a href="author.html#230">[ author ]</a>

+ </LI>

+ </UL>

+<hr>

+<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto

+mailing list</a>

+</body></html>