diff options
Diffstat (limited to 'pipermail/pycrypto/attachments/20111110/bda53c29/attachment.htm')
-rw-r--r-- | pipermail/pycrypto/attachments/20111110/bda53c29/attachment.htm | 283 |
1 files changed, 283 insertions, 0 deletions
diff --git a/pipermail/pycrypto/attachments/20111110/bda53c29/attachment.htm b/pipermail/pycrypto/attachments/20111110/bda53c29/attachment.htm new file mode 100644 index 0000000..c4b1728 --- /dev/null +++ b/pipermail/pycrypto/attachments/20111110/bda53c29/attachment.htm @@ -0,0 +1,283 @@ +<tt> +<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="&#1;" xmlns="http://www.w3.org/TR/REC-html40"><br> +<br> +<head><br> +<meta http-equiv=Content-Type content="text/html; charset=us-ascii"><br> +<meta name=Generator content="Microsoft Word 12 (filtered medium)"><br> +<style><br> +<!--<br> + /* Font Definitions */<br> + @font-face<br> +        {font-family:"Cambria Math";<br> +        panose-1:2 4 5 3 5 4 6 3 2 4;}<br> +@font-face<br> +        {font-family:Calibri;<br> +        panose-1:2 15 5 2 2 2 4 3 2 4;}<br> +@font-face<br> +        {font-family:Tahoma;<br> +        panose-1:2 11 6 4 3 5 4 4 2 4;}<br> + /* Style Definitions */<br> + p.MsoNormal, li.MsoNormal, div.MsoNormal<br> +        {margin:0in;<br> +        margin-bottom:.0001pt;<br> +        font-size:12.0pt;<br> +        font-family:"Times New Roman","serif";}<br> +a:link, span.MsoHyperlink<br> +        {mso-style-priority:99;<br> +        color:blue;<br> +        text-decoration:underline;}<br> +a:visited, span.MsoHyperlinkFollowed<br> +        {mso-style-priority:99;<br> +        color:purple;<br> +        text-decoration:underline;}<br> +span.EmailStyle17<br> +        {mso-style-type:personal-reply;<br> +        font-family:"Calibri","sans-serif";<br> +        color:#1F497D;}<br> +.MsoChpDefault<br> +        {mso-style-type:export-only;}<br> +@page Section1<br> +        {size:8.5in 11.0in;<br> +        margin:1.0in 1.0in 1.0in 1.0in;}<br> +div.Section1<br> +        {page:Section1;}<br> +--><br> +</style><br> +<!--[if gte mso 9]><xml><br> + <o:shapedefaults v:ext="edit" spidmax="1026" /><br> +</xml><![endif]--><!--[if gte mso 9]><xml><br> + <o:shapelayout v:ext="edit"><br> + <o:idmap v:ext="edit" data="1" /><br> + </o:shapelayout></xml><![endif]--><br> +</head><br> +<br> +<body lang=EN-US link=blue vlink=purple><br> +<br> +<div class=Section1><br> +<br> +<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";<br> +color:#1F497D'>All blocks need to be 16 bytes. &nbsp;So for example, if the<br> +file is 2,000,005 bytes, you'd encrypt 125,000 16-byte blocks; you then have 5<br> +bytes left over, to which you'd add 11 padding bytes, which can be any binary<br> +value and then encrypt that last block.<o:p></o:p></span></p><br> +<br> +<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";<br> +color:#1F497D'><o:p>&nbsp;</o:p></span></p><br> +<br> +<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";<br> +color:#1F497D'>Some schemes add a header to the beginning of the file with the cleartext<br> +length, so the decrypter can easily discard the padding.&nbsp; Also, consider<br> +using CBC mode with a non-zero IV, which has some security advantages.<o:p></o:p></span></p><br> +<br> +<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";<br> +color:#1F497D'><o:p>&nbsp;</o:p></span></p><br> +<br> +<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><br> +<br> +<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span<br> +style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><br> +pycrypto-bounces@lists.dlitz.net [mailto:pycrypto-bounces@lists.dlitz.net] <b>On<br> +Behalf Of </b>John Matthew<br><br> +<b>Sent:</b> Thursday, November 10, 2011 12:10 PM<br><br> +<b>To:</b> PyCrypto discussion list<br><br> +<b>Subject:</b> Re: [pycrypto] Public Key encryption of files<o:p></o:p></span></p><br> +<br> +</div><br> +<br> +<p class=MsoNormal><o:p>&nbsp;</o:p></p><br> +<br> +<p class=MsoNormal>Dean, thanks for the reply<o:p></o:p></p><br> +<br> +<div><br> +<br> +<p class=MsoNormal><o:p>&nbsp;</o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal><o:p>&nbsp;</o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal>Ah, I see. &nbsp;If I want to encrypt a 2mb file with<br> +a&nbsp;Symmetric&nbsp;Key, it just has to have a &quot;16 byte padding&quot;<br> +for AES, or do all the chunks need to be 16 bytes?<o:p></o:p></p><br> +<br> +<div><br> +<br> +<p class=MsoNormal><o:p>&nbsp;</o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='margin-bottom:12.0pt'>J<o:p></o:p></p><br> +<br> +<div><br> +<br> +<p class=MsoNormal>On Thu, Nov 10, 2011 at 5:17 AM, Dean Macinskas &lt;<a<br> +href="mailto:dmacinskas@geobridge.net">dmacinskas@geobridge.net</a>&gt; wrote:<o:p></o:p></p><br> +<br> +<div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>John,</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>Unless the file is small, the typical<br> +way to encrypt a file is to use a symmetric key, like TDES or AES.&nbsp;<br> +Asymmetric key crypto is usually too slow for bulk encryption; you use a<br> +symmetric key for that, and store/export the symmetric key using asymmetric key<br> +protection.</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>The block size of a public key is fixed<br> +by the length of the key; in other words, if you generate a 2048 bit key, the<br> +block size is 2048 bits (256 bytes).&nbsp; Symmetric key block length is set by<br> +the algorithm: 8 bytes for TDES, 16 for AES.&nbsp; Any data you encrypt has to<br> +be padded to a multiple of the block length.</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>If you use RSA, there are a couple of<br> +rules for encrypting data, one of which is that the data has to be numerically<br> +less than the public modulus.&nbsp; This is usually accomplished by setting the<br> +left-most bit (MSB) of the data block to zero; another reason why using a<br> +public key directly is not a good choice for bulk encryption.</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>HTH,</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>Dean</span><o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span<br> +style='font-size:11.0pt;color:#1F497D'>&nbsp;</span><o:p></o:p></p><br> +<br> +<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span<br> +style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> <a<br> +href="mailto:pycrypto-bounces@lists.dlitz.net" target="_blank">pycrypto-bounces@lists.dlitz.net</a><br> +[mailto:<a href="mailto:pycrypto-bounces@lists.dlitz.net" target="_blank">pycrypto-bounces@lists.dlitz.net</a>]<br> +<b>On Behalf Of </b>John Matthew<br><br> +<b>Sent:</b> Tuesday, November 08, 2011 11:59 AM<br><br> +<b>To:</b> <a href="mailto:pycrypto@lists.dlitz.net" target="_blank">pycrypto@lists.dlitz.net</a><br><br> +<b>Subject:</b> [pycrypto] Public Key encryption of files</span><o:p></o:p></p><br> +<br> +</div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>First<br> +off, pycrypto is awesome! &nbsp;Thank you for creating it!<o:p></o:p></p><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I'd<br> +like to use Public Keys to encrypt files, is this something that seems<br> +appropriate for file encryption?<o:p></o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I've<br> +noticed that the encrypt method for RSA keys is only 256 bytes, which seems<br> +rather small.<o:p></o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I<br> +know I could wrap that in a generator, but was hoping for some feedback on<br> +another way or a configuration change to increase that number.<o:p></o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Thanks<br> +for your contribution, and help.<o:p></o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>&nbsp;<o:p></o:p></p><br> +<br> +</div><br> +<br> +<div><br> +<br> +<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>J<o:p></o:p></p><br> +<br> +</div><br> +<br> +</div><br> +<br> +</div><br> +<br> +<p class=MsoNormal style='margin-bottom:12.0pt'><br><br> +_______________________________________________<br><br> +pycrypto mailing list<br><br> +<a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto"<br> +target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><o:p></o:p></p><br> +<br> +</div><br> +<br> +<p class=MsoNormal><o:p>&nbsp;</o:p></p><br> +<br> +</div><br> +<br> +</div><br> +<br> +</div><br> +<br> +</body><br> +<br> +</html><br> + +</tt> |