diff options
Diffstat (limited to 'pipermail/pycrypto/2010q2/000230.html')
-rw-r--r-- | pipermail/pycrypto/2010q2/000230.html | 306 |
1 files changed, 306 insertions, 0 deletions
diff --git a/pipermail/pycrypto/2010q2/000230.html b/pipermail/pycrypto/2010q2/000230.html new file mode 100644 index 0000000..4a2443b --- /dev/null +++ b/pipermail/pycrypto/2010q2/000230.html @@ -0,0 +1,306 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [pycrypto] Pycrypto question. + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20Pycrypto%20question.&In-Reply-To=4BE06ED7.7040003%40amberfisharts.com"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000228.html"> + <LINK REL="Next" HREF="000231.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[pycrypto] Pycrypto question.</H1> + <B>jd</B> + <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20Pycrypto%20question.&In-Reply-To=4BE06ED7.7040003%40amberfisharts.com" + TITLE="[pycrypto] Pycrypto question.">jdsw2002 at yahoo.com + </A><BR> + <I>Wed May 5 11:05:49 CST 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000228.html">[pycrypto] Pycrypto question. +</A></li> + <LI>Next message: <A HREF="000231.html">[pycrypto] Pycrypto question. +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#230">[ date ]</a> + <a href="thread.html#230">[ thread ]</a> + <a href="subject.html#230">[ subject ]</a> + <a href="author.html#230">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Thanks this helps clarify few things. + +Couple od questions. +1. I am on older version of pycrypto, can I simply use os.urandom for random # ? +2. Do I really need a separate block encryption for the message ? + + I know this may sound strange.. but asymmetric keys gives you ability to encrypt right ? So is there a big problem .. using it in the following manner ? + + x=RSAkey.decrypt("Foo Bar") # This will use the private key + + pub = RSAkey.publickey() + pub.encrypt(x,0) # This will use the public key and give me "Foo Bar" back. + + Any restriction on the content being encrypted /decrypted ? + +Thanks for awesome response. +/Jd + + +--- On Tue, 5/4/10, Lorenz Quack <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>> wrote: + +><i> From: Lorenz Quack <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>> +</I>><i> Subject: Re: [pycrypto] Pycrypto question. +</I>><i> To: "PyCrypto discussion list" <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>> +</I>><i> Date: Tuesday, May 4, 2010, 12:00 PM +</I>><i> Hi jd, +</I>><i> +</I>><i> some time ago I wrote a small module which provided me with +</I>><i> a API that suited me better than that of PyCrypto. +</I>><i> I attached a slightly modified version of it. I also added +</I>><i> a short example to the end of it. I hope you can find the +</I>><i> information you want in there. +</I>><i> +</I>><i> Concerning the documentation: I agree, it could be +</I>><i> improved. I think you were looking for this [1]. +</I>><i> +</I>><i> Concerning the import of externally generated keys: I think +</I>><i> this came up before on the list or bug tracker. +</I>><i> AFAIK, it is not directly supported by PyCrypto. However, +</I>><i> you can create a key pair from a tuple of numbers +</I>><i> (for example the public and private exponent and the +</I>><i> modulus). This is done with construct function [2]. +</I>><i> You just have to find a way to get to those numbers of your +</I>><i> externally generated keys. +</I>><i> +</I>><i> I probably should also point out that the usage of +</I>><i> RandomPool is strongly discouraged [3] and that there is a +</I>><i> Random +</I>><i> module in PyCrypto-2.1 that you should use instead. +</I>><i> +</I>><i> sincerely yours +</I>><i> //Lorenz +</I>><i> +</I>><i> [1] <A HREF="http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.pubkey.pubkey-class.html">http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.pubkey.pubkey-class.html</A> +</I>><i> [2] <A HREF="http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html">http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html</A> +</I>><i> [3] <A HREF="http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html">http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html</A> +</I>><i> +</I>><i> +</I>><i> +</I>><i> On 05/04/2010 07:04 PM, jd wrote: +</I>><i> > Thanks for the response.(Sorry ..for late response. +</I>><i> Somehow this went in to my spam folder.) +</I>><i> > +</I>><i> > Yes, I indeed want to use private key to encrypt +</I>><i> (oops.. sign) and decrypt (verify) using public/private key +</I>><i> pairs. +</I>><i> > +</I>><i> > +</I>><i> > Would anyone point to the example usage/pseudo code +</I>><i> that I can try out. +</I>><i> > +</I>><i> > Didnt find method details over here. +</I>><i> > <A HREF="http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html">http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html</A> +</I>><i> > +</I>><i> > I am assuming that the intent is clear from the +</I>><i> example. +</I>><i> > Some Text ===>  Encrypt (optionally) sign +</I>><i> (using private key) ===>  encrypted message +</I>><i> > encrypted message ==>  (optionally) Verify and +</I>><i> decrypt (using public key) ==>  original message +</I>><i> (Some Text) +</I>><i> > +</I>><i> > Also, would appreciate if instead of generating keys +</I>><i> as in sample program, is there a way to use publick/private +</I>><i> keys used by ssh-keygen -t rsa. +</I>><i> > +</I>><i> > Help is much appreciated. +</I>><i> > Thanks +</I>><i> > +</I>><i> > +</I>><i> > +</I>><i> > +</I>><i> > /Jd +</I>><i> > +</I>><i> > +</I>><i> > --- On Sun, 5/2/10, Lorenz Quack<<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>>  +</I>><i> wrote: +</I>><i> > +</I>><i> >> From: Lorenz Quack<<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>> +</I>><i> >> Subject: Re: [pycrypto] Pycrypto question. +</I>><i> >> To: "PyCrypto discussion list"<<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>> +</I>><i> >> Date: Sunday, May 2, 2010, 1:52 PM +</I>><i> >> On 05/02/2010 10:36 PM, Glenn +</I>><i> >> Linderman wrote: +</I>><i> >>> On 5/2/2010 1:13 PM, Lorenz Quack wrote: +</I>><i> >>>> Hi Jd, +</I>><i> >>>> +</I>><i> >>>> On 05/02/2010 10:02 PM, jd wrote: +</I>><i> >>>> +</I>><i> >>>>> Hi everyone, +</I>><i> >>>>> +</I>><i> >>>>> I am trying to implement a simple +</I>><i> pub/private +</I>><i> >> key scheme. Want to encrypt bunch of things and +</I>><i> decrypt it +</I>><i> >> using public +</I>><i> >>>>> key (which will be distributed). +</I>><i> >>>>> +</I>><i> >>>> You seem to have some misconceptions about +</I>><i> how +</I>><i> >> public key cryptography works. +</I>><i> >>>> I suggest you (re-)read up on it. +</I>><i> Wikipedia will +</I>><i> >> probably cover the basics. +</I>><i> >>>> For starters, by definition you use the +</I>><i> *public* +</I>><i> >> key for encrypt and the privat one for +</I>><i> decryption. +</I>><i> >>>> +</I>><i> >>> +</I>><i> >>> Indeed, Wikipedia has an article. And in the +</I>><i> first +</I>><i> >> paragraph [1] they +</I>><i> >>> describe one use case for encrypting by public +</I>><i> key, +</I>><i> >> and decrypting by +</I>><i> >>> private key, and another use case for +</I>><i> encrypting by +</I>><i> >> private key, and +</I>><i> >>> decrypting by public key. It might be +</I>><i> appropriate to +</I>><i> >> figure out what use +</I>><i> >>> case the OP has before declaring definitions +</I>><i> for a +</I>><i> >> particular use case. +</I>><i> >>> Now as far as what the APIs are called, that +</I>><i> might be +</I>><i> >> a different story :) +</I>><i> >>> +</I>><i> >>> [1] *Public-key cryptography* is a +</I>><i> cryptographic +</I>><i> >>> <<A HREF="http://en.wikipedia.org/wiki/Cryptography">http://en.wikipedia.org/wiki/Cryptography</A>>  +</I>><i> approach +</I>><i> >> which involves the +</I>><i> >>> use of asymmetric key algorithms instead of or +</I>><i> in +</I>><i> >> addition to symmetric +</I>><i> >>> key algorithms<<A HREF="http://en.wikipedia.org/wiki/Symmetric_key_algorithm">http://en.wikipedia.org/wiki/Symmetric_key_algorithm</A>>. +</I>><i> >>> Unlike symmetric key algorithms, it does not +</I>><i> require a +</I>><i> >> secure +</I>><i> >>> <<A HREF="http://en.wikipedia.org/wiki/Secure_channel">http://en.wikipedia.org/wiki/Secure_channel</A>>  +</I>><i> initial +</I>><i> >> exchange +</I>><i> >>> <<A HREF="http://en.wikipedia.org/wiki/Key_exchange">http://en.wikipedia.org/wiki/Key_exchange</A>>  of +</I>><i> one or +</I>><i> >> more secret keys +</I>><i> >>> <<A HREF="http://en.wikipedia.org/wiki/Secret_key">http://en.wikipedia.org/wiki/Secret_key</A>>  to +</I>><i> both +</I>><i> >> sender and receiver. +</I>><i> >>> The asymmetric key algorithms are used to +</I>><i> create a +</I>><i> >> mathematically +</I>><i> >>> related key pair: a secret private key and a +</I>><i> published +</I>><i> >> public key. Use +</I>><i> >>> of these keys allows protection of the +</I>><i> authenticity +</I>><i> >>> <<A HREF="http://en.wikipedia.org/wiki/Authenticity">http://en.wikipedia.org/wiki/Authenticity</A>>  of +</I>><i> a +</I>><i> >> message by creating a +</I>><i> >>> digital signature<<A HREF="http://en.wikipedia.org/wiki/Digital_signature">http://en.wikipedia.org/wiki/Digital_signature</A>>  +</I>><i> of +</I>><i> >> a +</I>><i> >>> message using the private key, which can be +</I>><i> verified +</I>><i> >> using the public +</I>><i> >>> key. It also allows protection of the +</I>><i> confidentiality +</I>><i> >>> <<A HREF="http://en.wikipedia.org/wiki/Confidentiality">http://en.wikipedia.org/wiki/Confidentiality</A>>  +</I>><i> and +</I>><i> >> integrity +</I>><i> >>> <<A HREF="http://en.wikipedia.org/wiki/Integrity">http://en.wikipedia.org/wiki/Integrity</A>>  of a +</I>><i> >> message, by public key +</I>><i> >>> encryption<<A HREF="http://en.wikipedia.org/wiki/Encryption">http://en.wikipedia.org/wiki/Encryption</A>>, +</I>><i> encrypting +</I>><i> >> the +</I>><i> >>> message using the public key, which can only +</I>><i> be +</I>><i> >> decrypted using the +</I>><i> >>> private key. +</I>><i> >>> +</I>><i> >> +</I>><i> >> Granted "definition" may have been a poor choice +</I>><i> of word. +</I>><i> >> But AFAIK the use case of "encrypting" via the +</I>><i> private key +</I>><i> >> is generally called signing. +</I>><i> >> So I assumed that the OP had the wrong idea about +</I>><i> how the +</I>><i> >> scheme is used because he didn't +</I>><i> >> use the generally accept terminology. If that was +</I>><i> >> presumptuous I hereby apologize. +</I>><i> >> +</I>><i> >> So, to come back to the OPs question: +</I>><i> >> if you use a RSA key to encrypt a message like you +</I>><i> did in +</I>><i> >> your example internally it uses the public +</I>><i> >> part of the key pair for encryption. you would +</I>><i> then have to +</I>><i> >> use the private part to decypt it. +</I>><i> >> If on the other hand you really want to encrypt +</I>><i> with the +</I>><i> >> private part and decrypt with the public part +</I>><i> >> then know that this is usually refered to as +</I>><i> signing and +</I>><i> >> verifying (verification?). +</I>><i> >> There is also and API for this in PyCrypto. +</I>><i> >> +</I>><i> >> Hope this is clearer and more helpful than my +</I>><i> last +</I>><i> >> message. +</I>><i> >> +</I>><i> >> have a nice day +</I>><i> >> //Lorenz +</I>><i> +</I>><i> +</I>><i> -----Inline Attachment Follows----- +</I>><i> +</I>><i> _______________________________________________ +</I>><i> pycrypto mailing list +</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> +</I>><i> <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I>><i> +</I> + + +</PRE> + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000228.html">[pycrypto] Pycrypto question. +</A></li> + <LI>Next message: <A HREF="000231.html">[pycrypto] Pycrypto question. +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#230">[ date ]</a> + <a href="thread.html#230">[ thread ]</a> + <a href="subject.html#230">[ subject ]</a> + <a href="author.html#230">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto +mailing list</a><br> +</body></html> |