1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [pycrypto] PyCrypto AND Crypt_RSA integration
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20PyCrypto%20AND%20Crypt_RSA%20integration&In-Reply-To=3c5f192d0902090436r3e9c905n2edd78019033118%40mail.gmail.com">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000066.html">
<LINK REL="Next" HREF="000072.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[pycrypto] PyCrypto AND Crypt_RSA integration</H1>
<B>Dwayne C. Litzenberger</B>
<A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20PyCrypto%20AND%20Crypt_RSA%20integration&In-Reply-To=3c5f192d0902090436r3e9c905n2edd78019033118%40mail.gmail.com"
TITLE="[pycrypto] PyCrypto AND Crypt_RSA integration">dlitz at dlitz.net
</A><BR>
<I>Tue Feb 10 18:32:53 CST 2009</I>
<P><UL>
<LI>Previous message: <A HREF="000066.html">[pycrypto] PyCrypto AND Crypt_RSA integration
</A></li>
<LI>Next message: <A HREF="000072.html">[pycrypto] PyCrypto AND Crypt_RSA integration
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#67">[ date ]</a>
<a href="thread.html#67">[ thread ]</a>
<a href="subject.html#67">[ subject ]</a>
<a href="author.html#67">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On Mon, Feb 09, 2009 at 10:36:40AM -0200, Mauricio Arozi wrote:
><i>Am I helpless?
</I>
I think the problem is that you're asking the mailing list for the *Python*
Cryptography Toolkit about how to use an obscure *PHP* library.
We can help with the Python side of things. I wouldn't expect the people
here to know and/or care much about PHP.
><i> According to this site: <A HREF="http://pajhome.org.uk/crypt/rsa/rsa.html,">http://pajhome.org.uk/crypt/rsa/rsa.html,</A> and
</I>><i> yet others, the e(exponent?) is used for the public key, and d for the
</I>><i> private key.
</I>
The notation I've seen most often is something like this:
n - modulus (public)
e - public exponent
d - private exponent
(n, e) - public key
(n, d) - private key
(p, q) - the (private) primes from which the keypair is derived.
PyCrypto uses a similar notation:
from Crypto.PublicKey import RSA
import os
# DO NOT USE RandomPool (see below)
keypair = RSA.generate(2048, os.urandom)
print "PRIVATE KEYPAIR:"
print "n:", keypair.n # modulus (public)
print "e:", keypair.e # public exponent
print "d:", keypair.d # private exponent
print "p:", keypair.p # prime (private)
print "q:", keypair.q # other prime (private)
print "u:", keypair.u # I forget what this for (but it's private)
pub = keypair.publickey()
print ""
print "PUBLIC KEY:"
print "n (pub):", pub.n # modulus (public)
print "e (pub):", pub.e # public exponent
print "d (pub):", pub.d # raises an exception
print "p (pub):", pub.p # raises an exception
print "q (pub):", pub.q # raises an exception
print "u (pub):", pub.u # raises an exception
This outputs the following:
PRIVATE KEYPAIR:
n: 277...[truncated]
e: 65537
d: 232...[truncated]
p: 159...[truncated]
q: 174...[truncated]
u: 125...[truncated]
PUBLIC KEY:
n (pub): 277...[truncated]
e (pub): 65537
d (pub):
Traceback (most recent call last):
File "x.py", line 21, in ?
print "d (pub):", pub.d
File "/usr/lib/python2.4/site-packages/Crypto/PublicKey/RSA.py", line 154, in __getattr__
return getattr(self.key, attr)
AttributeError: rsaKey instance has no attribute 'd'
><i> My problem is that while using PyCrypto to generate both public and
</I>><i> private keys, the e(exponent?) is always the same.
</I>
Mads Kiilerich already talked a bit about this, but I won't go into detail.
What you're describing here is normal, and it really helps improve the
performance of encryption/verification.
If you're concerned about the security of using RSA, I suggest reading Dan
Boneh's 1999 article, "Twenty years of attacks on the RSA cryptosystem":
<A HREF="http://crypto.stanford.edu/~dabo/abstracts/RSAattack-survey.html">http://crypto.stanford.edu/~dabo/abstracts/RSAattack-survey.html</A>
><i>So in simple words, I only need to be able to encrypt/decrypt sign and
</I>><i>verify signs on php and python, simultaneously, if possible, using RSA
</I>><i>algo.
</I>
PyCrypto's PublicKey package is very low-level, so people shouldn't use it
directly unless they REALLY know what they are doing. Mere mortals should
use a separate library in addition to PyCrypto for that. You should never
do anything like this:
><i>privkeyA = RSA.generate(512, rpool.get_bytes)
</I>><i>pubkeyA = privkeyA.publickey()
</I>><i>
</I>><i>msg = 'This is the secret phrase testing.'
</I>><i>msgc = pubkeyA.encrypt(msg, '')
</I>
That is called "textbook RSA", and it's insecure. (Also, it uses a 512-bit
key, which is way too short, but I assume that's just for demonstration.)
I strongly recommend looking at PKCS#1v2 (also known as RSAES-OAEP).
PyCrypto doesn't include an implementation yet, but Sergey Chernov
mentioned that he is working on one.
Also, I noticed in your code that you used RandomPool. Don't. RandomPool
is a security disaster, and it will be removed from future versions. See
the following messages:
<A HREF="http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html">http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html</A>
<A HREF="http://lists.dlitz.net/pipermail/pycrypto/2008q3/000020.html">http://lists.dlitz.net/pipermail/pycrypto/2008q3/000020.html</A>
I hope you find the above information helpful.
Cheers,
- Dwayne
--
Dwayne C. Litzenberger <<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">dlitz at dlitz.net</A>>
Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 179F 1C11 B877 E780 4B45
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000066.html">[pycrypto] PyCrypto AND Crypt_RSA integration
</A></li>
<LI>Next message: <A HREF="000072.html">[pycrypto] PyCrypto AND Crypt_RSA integration
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#67">[ date ]</a>
<a href="thread.html#67">[ thread ]</a>
<a href="subject.html#67">[ subject ]</a>
<a href="author.html#67">[ author ]</a>
</LI>
</UL>
<hr>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto
mailing list</a><br>
</body></html>
|