diff options
Diffstat (limited to 'pipermail/pycrypto/attachments/20090213/d009e7ea/attachment.htm')
-rw-r--r-- | pipermail/pycrypto/attachments/20090213/d009e7ea/attachment.htm | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/pipermail/pycrypto/attachments/20090213/d009e7ea/attachment.htm b/pipermail/pycrypto/attachments/20090213/d009e7ea/attachment.htm new file mode 100644 index 0000000..1986b9c --- /dev/null +++ b/pipermail/pycrypto/attachments/20090213/d009e7ea/attachment.htm @@ -0,0 +1,130 @@ +<tt> +Yes, I noticed that, I&#39;m using 2048 in production, and I&#39;ll start using urandom too. But that&#39;s not my problem, currently I&#39;m focusing on other things, so I&#39;ll just wait, meanwhile if someone find anything, it&#39;s all good, otherwise when I need I&#39;ll ask for that other RSA implementation.<br><br> +<br> +<br><div class="gmail_quote">On Tue, Feb 10, 2009 at 10:32 PM, Dwayne C. Litzenberger <span dir="ltr">&lt;<a href="mailto:dlitz@dlitz.net" target="_blank">dlitz@dlitz.net</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br> +<br> +On Mon, Feb 09, 2009 at 10:36:40AM -0200, Mauricio Arozi wrote:<br><br> +&gt;Am I helpless?<br><br> +<br><br> +I think the problem is that you&#39;re asking the mailing list for the *Python*<br><br> +Cryptography Toolkit about how to use an obscure *PHP* library.<br><br> +<br><br> +We can help with the Python side of things. &nbsp;I wouldn&#39;t expect the people<br><br> +here to know and/or care much about PHP.<br><br> +<div><br><br> +&gt; According to this site: <a href="http://pajhome.org.uk/crypt/rsa/rsa.html" target="_blank">http://pajhome.org.uk/crypt/rsa/rsa.html</a>, and<br><br> +&gt; yet others, the e(exponent?) is used for the public key, and d for the<br><br> +&gt; private key.<br><br> +<br><br> +</div>The notation I&#39;ve seen most often is something like this:<br><br> +<br><br> + &nbsp; &nbsp; n - modulus (public)<br><br> + &nbsp; &nbsp; e - public exponent<br><br> + &nbsp; &nbsp; d - private exponent<br><br> + &nbsp; &nbsp; (n, e) - public key<br><br> + &nbsp; &nbsp; (n, d) - private key<br><br> + &nbsp; &nbsp; (p, q) - the (private) primes from which the keypair is derived.<br><br> +<br><br> +PyCrypto uses a similar notation:<br><br> +<div><br><br> + &nbsp; &nbsp; from Crypto.PublicKey import RSA<br><br> +</div> &nbsp; &nbsp; import os<br><br> +<br><br> + &nbsp; &nbsp; # DO NOT USE RandomPool (see below)<br><br> + &nbsp; &nbsp; keypair = RSA.generate(2048, os.urandom)<br><br> +<br><br> + &nbsp; &nbsp; print &quot;PRIVATE KEYPAIR:&quot;<br><br> + &nbsp; &nbsp; print &quot;n:&quot;, keypair.n &nbsp; # modulus (public)<br><br> + &nbsp; &nbsp; print &quot;e:&quot;, keypair.e &nbsp; # public exponent<br><br> + &nbsp; &nbsp; print &quot;d:&quot;, keypair.d &nbsp; # private exponent<br><br> + &nbsp; &nbsp; print &quot;p:&quot;, keypair.p &nbsp; # prime (private)<br><br> + &nbsp; &nbsp; print &quot;q:&quot;, keypair.q &nbsp; # other prime (private)<br><br> + &nbsp; &nbsp; print &quot;u:&quot;, keypair.u &nbsp; # I forget what this for (but it&#39;s private)<br><br> +<br><br> + &nbsp; &nbsp; pub = keypair.publickey()<br><br> + &nbsp; &nbsp; print &quot;&quot;<br><br> + &nbsp; &nbsp; print &quot;PUBLIC KEY:&quot;<br><br> + &nbsp; &nbsp; print &quot;n (pub):&quot;, pub.n &nbsp; &nbsp; # modulus (public)<br><br> + &nbsp; &nbsp; print &quot;e (pub):&quot;, pub.e &nbsp; &nbsp; # public exponent<br><br> + &nbsp; &nbsp; print &quot;d (pub):&quot;, pub.d &nbsp; &nbsp; # raises an exception<br><br> + &nbsp; &nbsp; print &quot;p (pub):&quot;, pub.p &nbsp; &nbsp; # raises an exception<br><br> + &nbsp; &nbsp; print &quot;q (pub):&quot;, pub.q &nbsp; &nbsp; # raises an exception<br><br> + &nbsp; &nbsp; print &quot;u (pub):&quot;, pub.u &nbsp; &nbsp; # raises an exception<br><br> +<br><br> +This outputs the following:<br><br> +<br><br> + &nbsp; &nbsp; PRIVATE KEYPAIR:<br><br> + &nbsp; &nbsp; n: 277...[truncated]<br><br> + &nbsp; &nbsp; e: 65537<br><br> + &nbsp; &nbsp; d: 232...[truncated]<br><br> + &nbsp; &nbsp; p: 159...[truncated]<br><br> + &nbsp; &nbsp; q: 174...[truncated]<br><br> + &nbsp; &nbsp; u: 125...[truncated]<br><br> +<br><br> + &nbsp; &nbsp; PUBLIC KEY:<br><br> + &nbsp; &nbsp; n (pub): 277...[truncated]<br><br> + &nbsp; &nbsp; e (pub): 65537<br><br> + &nbsp; &nbsp; d (pub):<br><br> + &nbsp; &nbsp; Traceback (most recent call last):<br><br> + &nbsp; &nbsp; &nbsp; File &quot;x.py&quot;, line 21, in ?<br><br> + &nbsp; &nbsp; &nbsp; &nbsp; print &quot;d (pub):&quot;, pub.d<br><br> + &nbsp; &nbsp; &nbsp; File &quot;/usr/lib/python2.4/site-packages/Crypto/PublicKey/RSA.py&quot;, line 154, in __getattr__<br><br> + &nbsp; &nbsp; &nbsp; &nbsp; return getattr(self.key, attr)<br><br> + &nbsp; &nbsp; AttributeError: rsaKey instance has no attribute &#39;d&#39;<br><br> +<div><br><br> +&gt; My problem is that while using PyCrypto to generate both public and<br><br> +&gt; private keys, the e(exponent?) is always the same.<br><br> +<br><br> +</div>Mads Kiilerich already talked a bit about this, but I won&#39;t go into detail.<br><br> +What you&#39;re describing here is normal, and it really helps improve the<br><br> +performance of encryption/verification.<br><br> +<br><br> +If you&#39;re concerned about the security of using RSA, I suggest reading Dan<br><br> +Boneh&#39;s 1999 article, &quot;Twenty years of attacks on the RSA cryptosystem&quot;:<br><br> +<br><br> + &nbsp; &nbsp; <a href="http://crypto.stanford.edu/%7Edabo/abstracts/RSAattack-survey.html" target="_blank">http://crypto.stanford.edu/~dabo/abstracts/RSAattack-survey.html</a><br><br> +<div><br><br> +&gt;So in simple words, I only need to be able to encrypt/decrypt sign and<br><br> +&gt;verify signs on php and python, simultaneously, if possible, using RSA<br><br> +&gt;algo.<br><br> +<br><br> +</div>PyCrypto&#39;s PublicKey package is very low-level, so people shouldn&#39;t use it<br><br> +directly unless they REALLY know what they are doing. &nbsp;Mere mortals should<br><br> +use a separate library in addition to PyCrypto for that. &nbsp;You should never<br><br> +do anything like this:<br><br> +<div><br><br> +&gt;privkeyA = RSA.generate(512, rpool.get_bytes)<br><br> +&gt;pubkeyA = privkeyA.publickey()<br><br> +&gt;<br><br> +&gt;msg = &#39;This is the secret phrase testing.&#39;<br><br> +&gt;msgc = pubkeyA.encrypt(msg, &#39;&#39;)<br><br> +<br><br> +</div>That is called &quot;textbook RSA&quot;, and it&#39;s insecure. &nbsp;(Also, it uses a 512-bit<br><br> +key, which is way too short, but I assume that&#39;s just for demonstration.)<br><br> +I strongly recommend looking at PKCS#1v2 (also known as RSAES-OAEP).<br><br> +PyCrypto doesn&#39;t include an implementation yet, but Sergey Chernov<br><br> +mentioned that he is working on one.<br><br> +<br><br> +Also, I noticed in your code that you used RandomPool. &nbsp;Don&#39;t. &nbsp;RandomPool<br><br> +is a security disaster, and it will be removed from future versions. &nbsp;See<br><br> +the following messages:<br><br> +<br><br> + &nbsp; &nbsp; <a href="http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html" target="_blank">http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html</a><br><br> + &nbsp; &nbsp; <a href="http://lists.dlitz.net/pipermail/pycrypto/2008q3/000020.html" target="_blank">http://lists.dlitz.net/pipermail/pycrypto/2008q3/000020.html</a><br><br> +<br><br> +I hope you find the above information helpful.<br><br> +<br><br> +Cheers,<br><br> + &nbsp;- Dwayne<br><br> +<font color="#888888"><br><br> +--<br><br> +Dwayne C. Litzenberger &lt;<a href="mailto:dlitz@dlitz.net" target="_blank">dlitz@dlitz.net</a>&gt;<br><br> + &nbsp;Key-signing key &nbsp; - 19E1 1FE8 B3CF F273 ED17 &nbsp;4A24 928C EC13 39C2 5CF7<br><br> + &nbsp;Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 &nbsp;179F 1C11 B877 E780 4B45<br><br> +</font><div><div></div><div>_______________________________________________<br><br> +pycrypto mailing list<br><br> +<a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><br> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +</div></div></blockquote></div><br><br> + +</tt> |