diff options
Diffstat (limited to 'pipermail/pycrypto/2013q3/000680.html')
-rw-r--r-- | pipermail/pycrypto/2013q3/000680.html | 203 |
1 files changed, 203 insertions, 0 deletions
diff --git a/pipermail/pycrypto/2013q3/000680.html b/pipermail/pycrypto/2013q3/000680.html new file mode 100644 index 0000000..0d59e7d --- /dev/null +++ b/pipermail/pycrypto/2013q3/000680.html @@ -0,0 +1,203 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML> + <HEAD> + <TITLE> [pycrypto] RSA exportKey question with bcrypt? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20RSA%20exportKey%20question%20with%20bcrypt%3F&In-Reply-To=%3CCAGwD-ja5L5TsQ7kkdSo%2BQEubPVVLPQPd-f0KnSicPvCP-57dWg%40mail.gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <style type="text/css"> + pre { + white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */ + } + </style> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000679.html"> + <LINK REL="Next" HREF="000681.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[pycrypto] RSA exportKey question with bcrypt?</H1> + <B>Kurt Vogel</B> + <A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=Re%3A%20%5Bpycrypto%5D%20RSA%20exportKey%20question%20with%20bcrypt%3F&In-Reply-To=%3CCAGwD-ja5L5TsQ7kkdSo%2BQEubPVVLPQPd-f0KnSicPvCP-57dWg%40mail.gmail.com%3E" + TITLE="[pycrypto] RSA exportKey question with bcrypt?">kvogel at mdcom.com + </A><BR> + <I>Mon Jul 15 00:26:45 PDT 2013</I> + <P><UL> + <LI>Previous message: <A HREF="000679.html">[pycrypto] RSA exportKey question with bcrypt? +</A></li> + <LI>Next message: <A HREF="000681.html">[pycrypto] RSA exportKey question with bcrypt? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#680">[ date ]</a> + <a href="thread.html#680">[ thread ]</a> + <a href="subject.html#680">[ subject ]</a> + <a href="author.html#680">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>And finally a comment/question/complaint :( + +If I use protection like this for ex: + +export = rsa.exportKey(passphrase='boo', pkcs=8, protection= +'PBKDF2WithHMAC-SHA1AndAES256-CBC') + +The exported key looks like this: +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIHI1C+JhO35cCAgPo +MB0GCWCGSAFlAwQBKgQQ2FsezYUEaQLPHxk0z6+R4gSCBNDV++BsvKxxpo6uhUYw +... + +With export = rsa.exportKey(passphrase='boo'): + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,CE7B6EC598ED0D10 + +lPMvbYUypG+O4P/LilzGVQqP+6PMbnnLMP6eosyubcBqLtQxvMlvRRqgRu5CDApA +... + +The logic in exportKey() looks a bit convoluted, is this for some backward +compatibility issue? I would expect to see something like this, what +ssh-key does: + +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,16D792053CB9E5981B06E020900F86EA + +oL8O6n5v1S3cgGJIwrzrAq5TQIb7OeolGJpHXiyTUj1iStulgS5vAjkht0cgq53p +... +.. + +Thanks, +Kurt + + +On Sun, Jul 14, 2013 at 11:40 PM, Kurt Vogel <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">kvogel at mdcom.com</A>> wrote: + +><i> While I'm on the subject and appears Dwayne is merging in pull requests :) +</I>><i> +</I>><i> For RSA exportKey() think we could have **kwargs for extra prot_params +</I>><i> passed to +</I>><i> +</I>><i> PKCS8.wrap() like iteration_count and salt size? +</I>><i> +</I>><i> +</I>><i> +</I>><i> On Sun, Jul 14, 2013 at 9:34 PM, Kurt Vogel <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">kvogel at mdcom.com</A>> wrote: +</I>><i> +</I>>><i> Hi, +</I>>><i> +</I>>><i> Do you guys know roughly when this will go in? +</I>>><i> +</I>>><i> Also with import/export RSA keys can we support bcrypt? +</I>>><i> +</I>>><i> Does JCA and BouncyCastle use bcrypt, eg: +</I>>><i> +</I>>><i> 'BcryptWithHMAC-SHA1AndAES256-CBC' +</I>>><i> +</I>>><i> Thanks, +</I>>><i> Kurt +</I>>><i> +</I>>><i> +</I>>><i> On Fri, Jul 5, 2013 at 2:52 AM, Legrandin <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">helderijs at gmail.com</A>> wrote: +</I>>><i> > +</I>>><i> > Hi Kurt , thanks a lot for providing feedback. It is much appreciated. +</I>>><i> > +</I>>><i> > * I guess you refer to camel-casing used for several variables, which +</I>>><i> > was due to my preference to stick to ASN.1 naming. +</I>>><i> > I can work on that and make sure flake8 does not complain that much. +</I>>><i> > +</I>>><i> > * Right. Code evolved at different points in time, and indeed it is +</I>>><i> > now hard to follow the path of the 'parameter' value. I will try to +</I>>><i> > fix that. +</I>>><i> > +</I>>><i> > * I used strings like 'PBKDF2WithHMAC-SHA1AndAES128-CBC' because that +</I>>><i> > is the style used in JCA and BouncyCastle and a lot of people are +</I>>><i> > familiar with it. +</I>>><i> > I am not very clear what the benefit enums might bring? One option I +</I>>><i> > considered was the ability to provide 3 independent parameters +</I>>><i> > instead of one (since protection mainly depends on type of KDF, PRF, +</I>>><i> > and symmetric cipher) but at the end I guess most +</I>>><i> > uses case are about the desire to protect the private key using a +</I>>><i> > password in a strong way, and the ability to tweak the various +</I>>><i> > parameters +</I>>><i> > is not that relevant. Plus, exportKey() parameter list becomes to +</I>>><i> long. +</I>>><i> > +</I>>><i> > * I am really ashamed to admit that I actually have 9 pull requests +</I>>><i> > open, not 2 so I am totally giving headaches to the maintainer. :-) +</I>>><i> > It is of course only up to him to decide which features should go +</I>>><i> > in; given that he has not much time these days, it is likely that only +</I>>><i> > few features and bugfixes may go into any next release. +</I>>><i> > The release merge window seems to roughly be once per year and I +</I>>><i> > find it is natural to have so many outstanding pull requests by now. +</I>>><i> > To my defense, I can only say that the all pull requests cover one +</I>>><i> > feature only and that I try to keep them as independent as possible. +</I>>><i> > Most of them apply cleanly to master (e.g. HKDF, CCM, PKCS#8, bug +</I>>><i> fixes, etc). +</I>>><i> > In some cases though, they do depend on an existing pull request (as +</I>>><i> > in the case of DSA import/export depending on PKCS8 be applied first), +</I>>><i> > because keeping them separated is honestly too much work for me +</I>>><i> > *and* they are indeed extensions of other extensions. +</I>>><i> > +</I>>><i> > > Hi, I was looking at the pycrypto pull request +</I>>><i> > > <A HREF="https://github.com/dlitz/pycrypto/pull/32.">https://github.com/dlitz/pycrypto/pull/32.</A> Just a few comments... +</I>>><i> > > +</I>>><i> > > * For readability can you pep8 format the code? +</I>>><i> > > * RSA, for import/export the protection parameter maybe rename to +</I>>><i> algo or +</I>>><i> > > wrap algo? It evolves from: 'protection' to 'wrap_algo' to 'mode' as +</I>>><i> it +</I>>><i> > > goes down the call stack. +</I>>><i> > > * Also maybe make this parameter an enum/value? Since the long +</I>>><i> string can +</I>>><i> > > be error prone, low level code would need to change anyway if it were +</I>>><i> either +</I>>><i> > > string or int if we support more modes. +</I>>><i> > > * And last but not least... I'm new to this email list and not sure +</I>>><i> how +</I>>><i> > > often pull requests are accepted but maybe you could reduce the +</I>>><i> amount of +</I>>><i> > > features going in? I know you have another one, 51, after this... +</I>>><i> > > Maintainer may reluctant to do massive changes all at once? +</I>>><i> > > +</I>>><i> > > Anyway just ideas... +</I>>><i> > > Thanks for your time, +</I>>><i> > > Sincerely, +</I>>><i> > > Kurt +</I>>><i> > > +</I>>><i> > _______________________________________________ +</I>>><i> > pycrypto mailing list +</I>>><i> > <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A> +</I>>><i> > <A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</A> +</I>>><i> +</I>>><i> +</I>><i> +</I>-------------- next part -------------- +An HTML attachment was scrubbed... +URL: <<A HREF="http://lists.dlitz.net/pipermail/pycrypto/attachments/20130715/670efb00/attachment-0001.html">http://lists.dlitz.net/pipermail/pycrypto/attachments/20130715/670efb00/attachment-0001.html</A>> +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000679.html">[pycrypto] RSA exportKey question with bcrypt? +</A></li> + <LI>Next message: <A HREF="000681.html">[pycrypto] RSA exportKey question with bcrypt? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#680">[ date ]</a> + <a href="thread.html#680">[ thread ]</a> + <a href="subject.html#680">[ subject ]</a> + <a href="author.html#680">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto +mailing list</a><br> +</body></html> |