diff options
Diffstat (limited to 'pipermail/pycrypto/attachments/20130717/5b8cab35/attachment-0001.html')
-rw-r--r-- | pipermail/pycrypto/attachments/20130717/5b8cab35/attachment-0001.html | 273 |
1 files changed, 273 insertions, 0 deletions
diff --git a/pipermail/pycrypto/attachments/20130717/5b8cab35/attachment-0001.html b/pipermail/pycrypto/attachments/20130717/5b8cab35/attachment-0001.html new file mode 100644 index 0000000..a65230c --- /dev/null +++ b/pipermail/pycrypto/attachments/20130717/5b8cab35/attachment-0001.html @@ -0,0 +1,273 @@ +<tt> +Hi, quick question for the group and maintainer...<div><br></div><div>I am about ready to deploy a project and wondering how set we are on the format of rsa.exportKey() for next pycrypto?</div><div><br></div><div>Is it safe to include in our requirements.pip (for now) a reference to <a href="https://github.com/dlitz/pycrypto">https://github.com/dlitz/pycrypto</a> master branch? And export my keys with the new protection scheme? And consequently matching importKey().</div><br> +<div><br></div><div>It would be super nice if we could add **kwargs for iteration_count and salt_size to export() but beggars can't be choosers :) It seems a simple enough change and looks like importKey() reads those fields in, I'd do it myself but would like any thoughts/opinions?</div><br> +<div><br></div><div>Thanks,</div><div>Kurt</div><div><br></div><div><br><div class="gmail_quote">On Mon, Jul 15, 2013 at 1:52 PM, Legrandin <span dir="ltr"><<a href="mailto:helderijs@gmail.com" target="_blank">helderijs@gmail.com</a>></span> wrote:<br><br> +<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Kurt,<br><br> +<br><br> +I hope I understand correctly this time.<br><br> +The presence of a header like:<br><br> +<br><br> +-----BEGIN RSA PRIVATE KEY-----<br><br> +Proc-Type: 4,ENCRYPTED<br><br> +DEK-Info: AES-256-CBC,16D792053CB9E5981B06E020900F86EA<br><br> +[...]<br><br> +<br><br> +indicates that the PEM envelope is encrypted and that the inner PKCS#8<br><br> +structure is clear.<br><br> +<br><br> +A header like:<br><br> +<br><br> +-----BEGIN ENCRYPTED PRIVATE KEY-----<br><br> +MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIHI1C+JhO35cCAgPo<br><br> +[...]<br><br> +<br><br> +indicates the opposite: the PEM envelope is clear and the inner PKCS#8<br><br> +structure is encrypted. That was produced by a call like:<br><br> +<br><br> + >> rsa.exportKey(passphrase='boo', pkcs=8,<br><br> +protection='PBKDF2WithHMAC-SHA1AndAES256-CBC')<br><br> +<br><br> +I don't think you can have both PKCS#8-level encryption (with all its<br><br> +nice properties, like ability to fine tune the algorithms and so on)<br><br> +and nice human-readable headers in the PEM envelope (like DEK-Info)<br><br> +describing the type of encryption that was performed.That would<br><br> +totally confuse the receiver...<br><br> +<br><br> +It' also worth streessing that PEM-level encryption is not really<br><br> +specified anywhere other than in very old RFCs like RFC 1421, which<br><br> +only define DES as algorithm and no password key derivation. Nowadays,<br><br> +PEM-level encryption is best avoided, even if that means that the only<br><br> +hint that the key is encrypted is the generic "BEGIN ENCRYPTED PRIVATE<br><br> +KEY" line.<br><br> +<br><br> +As described in the docstrings, specifying the 'protection' parameter<br><br> +automatically implies<br><br> +PKCS#8-level encryption, so the change of export format is actually<br><br> +done on purpose.<br><br> +<br><br> +> Also maybe more importantly would be the extra parameters for salt size and<br><br> +> iteration count?<br><br> +<br><br> +I agree it would be a nice addition (along with some support for bcrypt/scrypt).<br><br> +<br><br> +> An afterthought, maybe it's time exportKey(), importKey() stay the same as<br><br> +> 2.6 and have new functions that allow these extra combinations?<br><br> +<br><br> +Which extra combinations? Salt size and iteration count you mean?<br><br> +They could be passed as a dictionary, since they are<br><br> +algorithm-specific parameters.<br><br> +<br><br> +2013/7/15 Kurt Vogel <<a href="mailto:kvogel@mdcom.com">kvogel@mdcom.com</a>>:<br><br> +><br><br> +> Understood, but the format of the export changes when we add 'protection'<br><br> +> parameter.<br><br> +> Can we keep same format and have different headers, ex:<br><br> +><br><br> +>> Proc-Type: 4,ENCRYPTED<br><br> +>> DEK-Info: AES-256-CBC,16D792053CB9E5981B06E020900F86EA<br><br> +><br><br> +> Because I notice we wrap the unencrypted PEM into a PBES2 which is encrypted<br><br> +> there.<br><br> +><br><br> +> Also maybe more importantly would be the extra parameters for salt size and<br><br> +> iteration count?<br><br> +><br><br> +> An afterthought, maybe it's time exportKey(), importKey() stay the same as<br><br> +> 2.6 and have new functions that allow these extra combinations?<br><br> +><br><br> +> Thanks,<br><br> +> Kurt<br><br> +><br><br> +><br><br> +><br><br> +> On Mon, Jul 15, 2013 at 2:26 AM, Legrandin <<a href="mailto:helderijs@gmail.com">helderijs@gmail.com</a>> wrote:<br><br> +>><br><br> +>> Hi Kurt,<br><br> +>><br><br> +>> In the PyCrypto 2.6 release, rsa.exportKey(passphrase='boo') generates<br><br> +>> a TDES-encrypted private key, with encryption being done at the PEM<br><br> +>> level.<br><br> +>><br><br> +>> I don't think that behavior should change (e.g. we should not silently<br><br> +>> switch to AES or even to the more robust PKCS#8-level encryption).<br><br> +>><br><br> +>> 2013/7/15 Kurt Vogel <<a href="mailto:kvogel@mdcom.com">kvogel@mdcom.com</a>>:<br><br> +>> > And finally a comment/question/complaint :(<br><br> +>> ><br><br> +>> > If I use protection like this for ex:<br><br> +>> ><br><br> +>> > export = rsa.exportKey(passphrase='boo', pkcs=8,<br><br> +>> > protection='PBKDF2WithHMAC-SHA1AndAES256-CBC')<br><br> +>> ><br><br> +>> > The exported key looks like this:<br><br> +>> ><br><br> +>> > -----BEGIN ENCRYPTED PRIVATE KEY-----<br><br> +>> > MIIFHzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIHI1C+JhO35cCAgPo<br><br> +>> > MB0GCWCGSAFlAwQBKgQQ2FsezYUEaQLPHxk0z6+R4gSCBNDV++BsvKxxpo6uhUYw<br><br> +>> > ...<br><br> +>> ><br><br> +>> > With export = rsa.exportKey(passphrase='boo'):<br><br> +>> ><br><br> +>> > -----BEGIN RSA PRIVATE KEY-----<br><br> +>> > Proc-Type: 4,ENCRYPTED<br><br> +>> > DEK-Info: DES-EDE3-CBC,CE7B6EC598ED0D10<br><br> +>> ><br><br> +>> > lPMvbYUypG+O4P/LilzGVQqP+6PMbnnLMP6eosyubcBqLtQxvMlvRRqgRu5CDApA<br><br> +>> > ...<br><br> +>> ><br><br> +>> > The logic in exportKey() looks a bit convoluted, is this for some<br><br> +>> > backward<br><br> +>> > compatibility issue? I would expect to see something like this, what<br><br> +>> > ssh-key does:<br><br> +>> ><br><br> +>> > -----BEGIN RSA PRIVATE KEY-----<br><br> +>> > Proc-Type: 4,ENCRYPTED<br><br> +>> > DEK-Info: AES-256-CBC,16D792053CB9E5981B06E020900F86EA<br><br> +>> ><br><br> +>> > oL8O6n5v1S3cgGJIwrzrAq5TQIb7OeolGJpHXiyTUj1iStulgS5vAjkht0cgq53p<br><br> +>> > ...<br><br> +>> > ..<br><br> +>> ><br><br> +>> > Thanks,<br><br> +>> > Kurt<br><br> +>> ><br><br> +>> ><br><br> +>> > On Sun, Jul 14, 2013 at 11:40 PM, Kurt Vogel <<a href="mailto:kvogel@mdcom.com">kvogel@mdcom.com</a>> wrote:<br><br> +>> >><br><br> +>> >> While I'm on the subject and appears Dwayne is merging in pull requests<br><br> +>> >> :)<br><br> +>> >><br><br> +>> >> For RSA exportKey() think we could have **kwargs for extra prot_params<br><br> +>> >> passed to<br><br> +>> >><br><br> +>> >> PKCS8.wrap() like iteration_count and salt size?<br><br> +>> >><br><br> +>> >><br><br> +>> >><br><br> +>> >> On Sun, Jul 14, 2013 at 9:34 PM, Kurt Vogel <<a href="mailto:kvogel@mdcom.com">kvogel@mdcom.com</a>> wrote:<br><br> +>> >>><br><br> +>> >>> Hi,<br><br> +>> >>><br><br> +>> >>> Do you guys know roughly when this will go in?<br><br> +>> >>><br><br> +>> >>> Also with import/export RSA keys can we support bcrypt?<br><br> +>> >>><br><br> +>> >>> Does JCA and BouncyCastle use bcrypt, eg:<br><br> +>> >>><br><br> +>> >>> 'BcryptWithHMAC-SHA1AndAES256-CBC'<br><br> +>> >>><br><br> +>> >>> Thanks,<br><br> +>> >>> Kurt<br><br> +>> >>><br><br> +>> >>><br><br> +>> >>> On Fri, Jul 5, 2013 at 2:52 AM, Legrandin <<a href="mailto:helderijs@gmail.com">helderijs@gmail.com</a>> wrote:<br><br> +>> >>> ><br><br> +>> >>> > Hi Kurt , thanks a lot for providing feedback. It is much<br><br> +>> >>> > appreciated.<br><br> +>> >>> ><br><br> +>> >>> > * I guess you refer to camel-casing used for several variables,<br><br> +>> >>> > which<br><br> +>> >>> > was due to my preference to stick to ASN.1 naming.<br><br> +>> >>> > I can work on that and make sure flake8 does not complain that<br><br> +>> >>> > much.<br><br> +>> >>> ><br><br> +>> >>> > * Right. Code evolved at different points in time, and indeed it is<br><br> +>> >>> > now hard to follow the path of the 'parameter' value. I will try to<br><br> +>> >>> > fix that.<br><br> +>> >>> ><br><br> +>> >>> > * I used strings like 'PBKDF2WithHMAC-SHA1AndAES128-CBC' because<br><br> +>> >>> > that<br><br> +>> >>> > is the style used in JCA and BouncyCastle and a lot of people are<br><br> +>> >>> > familiar with it.<br><br> +>> >>> > I am not very clear what the benefit enums might bring? One option<br><br> +>> >>> > I<br><br> +>> >>> > considered was the ability to provide 3 independent parameters<br><br> +>> >>> > instead of one (since protection mainly depends on type of KDF,<br><br> +>> >>> > PRF,<br><br> +>> >>> > and symmetric cipher) but at the end I guess most<br><br> +>> >>> > uses case are about the desire to protect the private key using a<br><br> +>> >>> > password in a strong way, and the ability to tweak the various<br><br> +>> >>> > parameters<br><br> +>> >>> > is not that relevant. Plus, exportKey() parameter list becomes to<br><br> +>> >>> > long.<br><br> +>> >>> ><br><br> +>> >>> > * I am really ashamed to admit that I actually have 9 pull requests<br><br> +>> >>> > open, not 2 so I am totally giving headaches to the maintainer. :-)<br><br> +>> >>> > It is of course only up to him to decide which features should go<br><br> +>> >>> > in; given that he has not much time these days, it is likely that<br><br> +>> >>> > only<br><br> +>> >>> > few features and bugfixes may go into any next release.<br><br> +>> >>> > The release merge window seems to roughly be once per year and I<br><br> +>> >>> > find it is natural to have so many outstanding pull requests by now.<br><br> +>> >>> > To my defense, I can only say that the all pull requests cover one<br><br> +>> >>> > feature only and that I try to keep them as independent as possible.<br><br> +>> >>> > Most of them apply cleanly to master (e.g. HKDF, CCM, PKCS#8, bug<br><br> +>> >>> > fixes, etc).<br><br> +>> >>> > In some cases though, they do depend on an existing pull request<br><br> +>> >>> > (as<br><br> +>> >>> > in the case of DSA import/export depending on PKCS8 be applied<br><br> +>> >>> > first),<br><br> +>> >>> > because keeping them separated is honestly too much work for me<br><br> +>> >>> > *and* they are indeed extensions of other extensions.<br><br> +>> >>> ><br><br> +>> >>> > > Hi, I was looking at the pycrypto pull request<br><br> +>> >>> > > <a href="https://github.com/dlitz/pycrypto/pull/32" target="_blank">https://github.com/dlitz/pycrypto/pull/32</a>. Just a few comments...<br><br> +>> >>> > ><br><br> +>> >>> > > * For readability can you pep8 format the code?<br><br> +>> >>> > > * RSA, for import/export the protection parameter maybe rename to<br><br> +>> >>> > > algo or<br><br> +>> >>> > > wrap algo? It evolves from: 'protection' to 'wrap_algo' to 'mode'<br><br> +>> >>> > > as<br><br> +>> >>> > > it<br><br> +>> >>> > > goes down the call stack.<br><br> +>> >>> > > * Also maybe make this parameter an enum/value? Since the long<br><br> +>> >>> > > string can<br><br> +>> >>> > > be error prone, low level code would need to change anyway if it<br><br> +>> >>> > > were<br><br> +>> >>> > > either<br><br> +>> >>> > > string or int if we support more modes.<br><br> +>> >>> > > * And last but not least... I'm new to this email list and not<br><br> +>> >>> > > sure<br><br> +>> >>> > > how<br><br> +>> >>> > > often pull requests are accepted but maybe you could reduce the<br><br> +>> >>> > > amount of<br><br> +>> >>> > > features going in? I know you have another one, 51, after this...<br><br> +>> >>> > > Maintainer may reluctant to do massive changes all at once?<br><br> +>> >>> > ><br><br> +>> >>> > > Anyway just ideas...<br><br> +>> >>> > > Thanks for your time,<br><br> +>> >>> > > Sincerely,<br><br> +>> >>> > > Kurt<br><br> +>> >>> > ><br><br> +>> >>> > _______________________________________________<br><br> +>> >>> > pycrypto mailing list<br><br> +>> >>> > <a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br> +>> >>> > <a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +>> >>><br><br> +>> >><br><br> +>> ><br><br> +>> ><br><br> +>> > _______________________________________________<br><br> +>> > pycrypto mailing list<br><br> +>> > <a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br> +>> > <a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +>> ><br><br> +>> _______________________________________________<br><br> +>> pycrypto mailing list<br><br> +>> <a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br> +>> <a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +><br><br> +><br><br> +><br><br> +> _______________________________________________<br><br> +> pycrypto mailing list<br><br> +> <a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br> +> <a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +><br><br> +_______________________________________________<br><br> +pycrypto mailing list<br><br> +<a href="mailto:pycrypto@lists.dlitz.net">pycrypto@lists.dlitz.net</a><br><br> +<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto" target="_blank">http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto</a><br><br> +</blockquote></div><br></div><br> + +</tt> |