summaryrefslogtreecommitdiff
path: root/pipermail/pycrypto/attachments/20120420/0447be4b/attachment-0001.html
diff options
context:
space:
mode:
Diffstat (limited to 'pipermail/pycrypto/attachments/20120420/0447be4b/attachment-0001.html')
-rw-r--r--pipermail/pycrypto/attachments/20120420/0447be4b/attachment-0001.html50
1 files changed, 50 insertions, 0 deletions
diff --git a/pipermail/pycrypto/attachments/20120420/0447be4b/attachment-0001.html b/pipermail/pycrypto/attachments/20120420/0447be4b/attachment-0001.html
new file mode 100644
index 0000000..51e2ca3
--- /dev/null
+++ b/pipermail/pycrypto/attachments/20120420/0447be4b/attachment-0001.html
@@ -0,0 +1,50 @@
+<tt>
+Hello&nbsp;Legrandin&nbsp;&amp;&nbsp;Others.&lt;br&gt;&lt;br&gt;I&#39;m&nbsp;currently&nbsp;trying&nbsp;to&nbsp;implement&nbsp;the&nbsp;following&nbsp;:&lt;br&gt;&lt;br&gt;The&nbsp;&quot;proper&quot;&nbsp;way&nbsp;to&nbsp;do&nbsp;encryption&nbsp;would&nbsp;be&nbsp;to&nbsp;create&nbsp;a&nbsp;random&nbsp;AES&lt;br&gt;<br>
+session&nbsp;key&nbsp;(16&nbsp;bytes),&nbsp;encrypt&nbsp;it&nbsp;with&nbsp;RSA&nbsp;(hopefully&nbsp;at&nbsp;least&nbsp;2048&lt;br&gt;<br>
+bit&nbsp;long),&nbsp;send&nbsp;it,&nbsp;pad&nbsp;the&nbsp;data,&nbsp;encrypt&nbsp;it&nbsp;with&nbsp;AES,&nbsp;send&nbsp;it.&lt;br&gt;&lt;br&gt;Ok&nbsp;So&nbsp;..&nbsp;&lt;br&gt; -&nbsp;Create&nbsp;A&nbsp;Random&nbsp;AES&nbsp;16&nbsp;Bytes&nbsp;(&nbsp;I&#39;m&nbsp;assuming&nbsp;this&nbsp;will&nbsp;be&nbsp;the&nbsp;&quot;secret&quot;)&lt;br&gt;-&nbsp;Pad&nbsp;The&nbsp;Payload&nbsp;&lt;br&gt;-&nbsp;Encrypt&nbsp;Using&nbsp;AES&lt;br&gt;<br>
+-&nbsp;Encrypt&nbsp;The&nbsp;Secret&nbsp;+ &nbsp;Payload&nbsp;With&nbsp;the&nbsp;RSA&nbsp;Key&lt;br&gt;-&nbsp;Make&nbsp;A&nbsp;Signature&nbsp;Of&nbsp;The&nbsp;Entire&nbsp;&quot;Encrypted&nbsp;Payload&quot;&lt;br&gt;-&nbsp;Append&nbsp;it&nbsp;to&nbsp;the&nbsp;&quot;Encrypted&nbsp;Payload&quot;&lt;br&gt;Send&nbsp;it&nbsp;....&lt;br&gt;&lt;br&gt;Recv&nbsp;it&nbsp;..&lt;br&gt;Make&nbsp;the&nbsp;reverse&nbsp;process.&lt;br&gt;<br>
+ &lt;br&gt;One&nbsp;thing&nbsp;i&nbsp;can&#39;t&nbsp;use&nbsp;the&nbsp;Normal&nbsp;SSL/TLS&nbsp;type&nbsp;of&nbsp;&quot;session&nbsp;key&quot;&nbsp;since&nbsp;there&nbsp;is&nbsp;no&nbsp;state&nbsp;across&nbsp;requests&nbsp;or&nbsp;during&nbsp;the&nbsp;handshake.&lt;br&gt;Meaning&nbsp;&quot;one&nbsp;worker&nbsp;can&nbsp;receive&nbsp;the&nbsp;request&nbsp;but&nbsp;another&nbsp;one&nbsp;can&nbsp;answer&nbsp;it&nbsp;and&nbsp;there&nbsp;is&nbsp;no&nbsp;shared&nbsp;memory&nbsp;between&nbsp;the&nbsp;two.&quot;&lt;br&gt;<br>
+&lt;br&gt;&lt;div&nbsp;class=&quot;gmail_quote&quot;&gt;2012/4/12&nbsp;Antonio&nbsp;Teixeira&nbsp;&lt;span&nbsp;dir=&quot;ltr&quot;&gt;&lt;&lt;a&nbsp;href=&quot;mailto:eagle.antonio@gmail.com&quot;&gt;eagle.antonio@gmail.com&lt;/a&gt;&gt;&lt;/span&gt;&lt;br&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
+&lt;span&gt;Legrandin&nbsp;thank&nbsp;you&nbsp;for&nbsp;your&nbsp;help.&lt;br&gt;When&nbsp;i&nbsp;have&nbsp;time&nbsp;i&nbsp;will&nbsp;put&nbsp;something&nbsp;on&nbsp;pastebin&nbsp;so&nbsp;it&nbsp;can&nbsp;serve&nbsp;as&nbsp;example&nbsp;for&nbsp;future&nbsp;members&nbsp;that&nbsp;require&nbsp;this&nbsp;type&nbsp;of&nbsp;solution&nbsp;:)&lt;br&gt;&lt;br&gt;Regards&lt;span&nbsp;class=&quot;HOEnZb&quot;&gt;&lt;font&nbsp;color=&quot;#888888&quot;&gt;&lt;br&gt;<br>
+A/T&lt;br&gt;&lt;/font&gt;&lt;/span&gt;&lt;/span&gt;&lt;div&nbsp;class=&quot;HOEnZb&quot;&gt;&lt;div&nbsp;class=&quot;h5&quot;&gt;&lt;br&gt;<br>
+&lt;div&nbsp;class=&quot;gmail_quote&quot;&gt;2012/4/11&nbsp;Legrandin&nbsp;&lt;span&nbsp;dir=&quot;ltr&quot;&gt;&lt;&lt;a&nbsp;href=&quot;mailto:gooksankoo@hoiptorrow.mailexpire.com&quot;&nbsp;target=&quot;_blank&quot;&gt;gooksankoo@hoiptorrow.mailexpire.com&lt;/a&gt;&gt;&lt;/span&gt;&lt;br&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
+<br>
+&lt;div&gt;&gt;&nbsp;So&nbsp;after&nbsp;a&nbsp;small&nbsp;search&nbsp;i&nbsp;found&nbsp;out&nbsp;that&nbsp;if&nbsp;i&nbsp;increase&nbsp;the&nbsp;RSA&nbsp;Modulus&nbsp;i&#39;m&lt;br&gt;<br>
+&gt;&nbsp;able&nbsp;to&nbsp;encrypt&nbsp;larger&nbsp;number&nbsp;of&nbsp;bits&nbsp;(&nbsp;makes&nbsp;sense&nbsp;) &nbsp;but&nbsp;this&nbsp;feels&nbsp;dirty.&lt;br&gt;<br>
+&gt;&lt;br&gt;<br>
+&gt;&nbsp;What&nbsp;do&nbsp;your&nbsp;guys&nbsp;recommend&nbsp;?&lt;br&gt;<br>
+&gt;&lt;br&gt;<br>
+&gt;&nbsp;Breaking&nbsp;the&nbsp;data&nbsp;in&nbsp;chunks&nbsp;and&nbsp;encrypting&nbsp;part&nbsp;by&nbsp;part&nbsp;joining&nbsp;it&nbsp;all&nbsp;in&nbsp;a&lt;br&gt;<br>
+&gt;&nbsp;buffer&nbsp;and&nbsp;send&nbsp;it&nbsp;down&nbsp;the&nbsp;socket&nbsp;all&nbsp;in&nbsp;one&nbsp;with&nbsp;the&nbsp;other&nbsp;server&lt;br&gt;<br>
+&gt;&nbsp;decrypting&nbsp;part&nbsp;by&nbsp;part&nbsp;and&nbsp;merging&nbsp;the&nbsp;data&nbsp;again&nbsp;?&lt;br&gt;<br>
+&gt;&lt;br&gt;<br>
+&gt;&nbsp;P.S&nbsp;-&nbsp;I&nbsp;dont&nbsp;mind&nbsp;fishing&nbsp;by&nbsp;myself&nbsp;just&nbsp;trying&nbsp;to&nbsp;understand&nbsp;the&nbsp;best&nbsp;&quot;way&lt;br&gt;<br>
+&gt;&nbsp;/&nbsp;more&nbsp;correct&nbsp;way&nbsp;&quot;&nbsp;to&nbsp;do&nbsp;it&nbsp;:)&lt;br&gt;<br>
+&lt;br&gt;<br>
+&lt;/div&gt;Hi&nbsp;Antonio,&lt;br&gt;<br>
+&lt;br&gt;<br>
+Increasing&nbsp;the&nbsp;RSA&nbsp;key&nbsp;length&nbsp;is&nbsp;not&nbsp;&quot;dirty&quot;:&nbsp;it&nbsp;simply&nbsp;increases&lt;br&gt;<br>
+security&nbsp;(and&nbsp;incidentally&nbsp;useful&nbsp;payload&nbsp;size)&nbsp;at&nbsp;the&nbsp;expense&nbsp;of&lt;br&gt;<br>
+decryption&nbsp;speed.&lt;br&gt;<br>
+If&nbsp;decryption&nbsp;speed&nbsp;is&nbsp;not&nbsp;that&nbsp;important&nbsp;to&nbsp;you,&nbsp;and&nbsp;you&nbsp;have&nbsp;a&nbsp;clear&lt;br&gt;<br>
+idea&nbsp;on&nbsp;how&nbsp;long&nbsp;you&nbsp;data&nbsp;can&nbsp;be&nbsp;at&nbsp;most,&nbsp;go&nbsp;ahead&nbsp;and&nbsp;increase&nbsp;the&lt;br&gt;<br>
+key&nbsp;size.&nbsp;The&nbsp;time&nbsp;you&nbsp;gain&nbsp;by&nbsp;taking&nbsp;this&nbsp;approach&nbsp;can&nbsp;be&nbsp;spent&nbsp;on&lt;br&gt;<br>
+important&nbsp;tasks&nbsp;like&nbsp;making&nbsp;the&nbsp;private&nbsp;key&nbsp;secure,&nbsp;or&nbsp;adding&nbsp;some&lt;br&gt;<br>
+form&nbsp;of&nbsp;authentication&nbsp;to&nbsp;your&nbsp;protocol.&lt;br&gt;<br>
+&lt;br&gt;<br>
+The&nbsp;&quot;proper&quot;&nbsp;way&nbsp;to&nbsp;do&nbsp;encryption&nbsp;would&nbsp;be&nbsp;to&nbsp;create&nbsp;a&nbsp;random&nbsp;AES&lt;br&gt;<br>
+session&nbsp;key&nbsp;(16&nbsp;bytes),&nbsp;encrypt&nbsp;it&nbsp;with&nbsp;RSA&nbsp;(hopefully&nbsp;at&nbsp;least&nbsp;2048&lt;br&gt;<br>
+bit&nbsp;long),&nbsp;send&nbsp;it,&nbsp;pad&nbsp;the&nbsp;data,&nbsp;encrypt&nbsp;it&nbsp;with&nbsp;AES,&nbsp;send&nbsp;it.&lt;br&gt;<br>
+Additionally,&nbsp;you&nbsp;should&nbsp;also&nbsp;sign&nbsp;the&nbsp;data&nbsp;and&nbsp;send&nbsp;the&nbsp;signature&lt;br&gt;<br>
+along.&lt;br&gt;<br>
+&lt;br&gt;<br>
+At&nbsp;the&nbsp;receiving&nbsp;end,&nbsp;you&nbsp;decrypt&nbsp;the&nbsp;session&nbsp;key&nbsp;with&nbsp;RSA,&nbsp;decrypt&lt;br&gt;<br>
+the&nbsp;data&nbsp;with&nbsp;AES,&nbsp;unpad&nbsp;the&nbsp;data,&nbsp;and&nbsp;verify&nbsp;its&nbsp;signature.&lt;br&gt;<br>
+_______________________________________________&lt;br&gt;<br>
+pycrypto&nbsp;mailing&nbsp;list&lt;br&gt;<br>
+&lt;a&nbsp;href=&quot;mailto:pycrypto@lists.dlitz.net&quot;&nbsp;target=&quot;_blank&quot;&gt;pycrypto@lists.dlitz.net&lt;/a&gt;&lt;br&gt;<br>
+&lt;a&nbsp;href=&quot;http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto&quot;&nbsp;target=&quot;_blank&quot;&gt;http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto&lt;/a&gt;&lt;br&gt;<br>
+&lt;/blockquote&gt;&lt;/div&gt;&lt;br&gt;<br>
+&lt;/div&gt;&lt;/div&gt;&lt;/blockquote&gt;&lt;/div&gt;&lt;br&gt;<br>
+
+</tt>
View Lorry Controller Status