1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [pycrypto] Pycrypto question.
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20Pycrypto%20question.&In-Reply-To=153650.14719.qm%40web114215.mail.gq1.yahoo.com">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000226.html">
<LINK REL="Next" HREF="000230.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[pycrypto] Pycrypto question.</H1>
<B>Lorenz Quack</B>
<A HREF="mailto:pycrypto%40lists.dlitz.net?Subject=%5Bpycrypto%5D%20Pycrypto%20question.&In-Reply-To=153650.14719.qm%40web114215.mail.gq1.yahoo.com"
TITLE="[pycrypto] Pycrypto question.">don at amberfisharts.com
</A><BR>
<I>Tue May 4 13:00:39 CST 2010</I>
<P><UL>
<LI>Previous message: <A HREF="000226.html">[pycrypto] Pycrypto question.
</A></li>
<LI>Next message: <A HREF="000230.html">[pycrypto] Pycrypto question.
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#228">[ date ]</a>
<a href="thread.html#228">[ thread ]</a>
<a href="subject.html#228">[ subject ]</a>
<a href="author.html#228">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hi jd,
some time ago I wrote a small module which provided me with a API that suited me better than that of PyCrypto.
I attached a slightly modified version of it. I also added a short example to the end of it. I hope you can find the
information you want in there.
Concerning the documentation: I agree, it could be improved. I think you were looking for this [1].
Concerning the import of externally generated keys: I think this came up before on the list or bug tracker.
AFAIK, it is not directly supported by PyCrypto. However, you can create a key pair from a tuple of numbers
(for example the public and private exponent and the modulus). This is done with construct function [2].
You just have to find a way to get to those numbers of your externally generated keys.
I probably should also point out that the usage of RandomPool is strongly discouraged [3] and that there is a Random
module in PyCrypto-2.1 that you should use instead.
sincerely yours
//Lorenz
[1] <A HREF="http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.pubkey.pubkey-class.html">http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.pubkey.pubkey-class.html</A>
[2] <A HREF="http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html">http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html</A>
[3] <A HREF="http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html">http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html</A>
On 05/04/2010 07:04 PM, jd wrote:
><i> Thanks for the response.(Sorry ..for late response. Somehow this went in to my spam folder.)
</I>><i>
</I>><i> Yes, I indeed want to use private key to encrypt (oops.. sign) and decrypt (verify) using public/private key pairs.
</I>><i>
</I>><i>
</I>><i> Would anyone point to the example usage/pseudo code that I can try out.
</I>><i>
</I>><i> Didnt find method details over here.
</I>><i> <A HREF="http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html">http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html</A>
</I>><i>
</I>><i> I am assuming that the intent is clear from the example.
</I>><i> Some Text ===> Encrypt (optionally) sign (using private key) ===> encrypted message
</I>><i> encrypted message ==> (optionally) Verify and decrypt (using public key) ==> original message (Some Text)
</I>><i>
</I>><i> Also, would appreciate if instead of generating keys as in sample program, is there a way to use publick/private keys used by ssh-keygen -t rsa.
</I>><i>
</I>><i> Help is much appreciated.
</I>><i> Thanks
</I>><i>
</I>><i>
</I>><i>
</I>><i>
</I>><i> /Jd
</I>><i>
</I>><i>
</I>><i> --- On Sun, 5/2/10, Lorenz Quack<<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>> wrote:
</I>><i>
</I>>><i> From: Lorenz Quack<<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">don at amberfisharts.com</A>>
</I>>><i> Subject: Re: [pycrypto] Pycrypto question.
</I>>><i> To: "PyCrypto discussion list"<<A HREF="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">pycrypto at lists.dlitz.net</A>>
</I>>><i> Date: Sunday, May 2, 2010, 1:52 PM
</I>>><i> On 05/02/2010 10:36 PM, Glenn
</I>>><i> Linderman wrote:
</I>>>><i> On 5/2/2010 1:13 PM, Lorenz Quack wrote:
</I>>>>><i> Hi Jd,
</I>>>>><i>
</I>>>>><i> On 05/02/2010 10:02 PM, jd wrote:
</I>>>>><i>
</I>>>>>><i> Hi everyone,
</I>>>>>><i>
</I>>>>>><i> I am trying to implement a simple pub/private
</I>>><i> key scheme. Want to encrypt bunch of things and decrypt it
</I>>><i> using public
</I>>>>>><i> key (which will be distributed).
</I>>>>>><i>
</I>>>>><i> You seem to have some misconceptions about how
</I>>><i> public key cryptography works.
</I>>>>><i> I suggest you (re-)read up on it. Wikipedia will
</I>>><i> probably cover the basics.
</I>>>>><i> For starters, by definition you use the *public*
</I>>><i> key for encrypt and the privat one for decryption.
</I>>>>><i>
</I>>>><i>
</I>>>><i> Indeed, Wikipedia has an article. And in the first
</I>>><i> paragraph [1] they
</I>>>><i> describe one use case for encrypting by public key,
</I>>><i> and decrypting by
</I>>>><i> private key, and another use case for encrypting by
</I>>><i> private key, and
</I>>>><i> decrypting by public key. It might be appropriate to
</I>>><i> figure out what use
</I>>>><i> case the OP has before declaring definitions for a
</I>>><i> particular use case.
</I>>>><i> Now as far as what the APIs are called, that might be
</I>>><i> a different story :)
</I>>>><i>
</I>>>><i> [1] *Public-key cryptography* is a cryptographic
</I>>>><i> <<A HREF="http://en.wikipedia.org/wiki/Cryptography">http://en.wikipedia.org/wiki/Cryptography</A>> approach
</I>>><i> which involves the
</I>>>><i> use of asymmetric key algorithms instead of or in
</I>>><i> addition to symmetric
</I>>>><i> key algorithms<<A HREF="http://en.wikipedia.org/wiki/Symmetric_key_algorithm">http://en.wikipedia.org/wiki/Symmetric_key_algorithm</A>>.
</I>>>><i> Unlike symmetric key algorithms, it does not require a
</I>>><i> secure
</I>>>><i> <<A HREF="http://en.wikipedia.org/wiki/Secure_channel">http://en.wikipedia.org/wiki/Secure_channel</A>> initial
</I>>><i> exchange
</I>>>><i> <<A HREF="http://en.wikipedia.org/wiki/Key_exchange">http://en.wikipedia.org/wiki/Key_exchange</A>> of one or
</I>>><i> more secret keys
</I>>>><i> <<A HREF="http://en.wikipedia.org/wiki/Secret_key">http://en.wikipedia.org/wiki/Secret_key</A>> to both
</I>>><i> sender and receiver.
</I>>>><i> The asymmetric key algorithms are used to create a
</I>>><i> mathematically
</I>>>><i> related key pair: a secret private key and a published
</I>>><i> public key. Use
</I>>>><i> of these keys allows protection of the authenticity
</I>>>><i> <<A HREF="http://en.wikipedia.org/wiki/Authenticity">http://en.wikipedia.org/wiki/Authenticity</A>> of a
</I>>><i> message by creating a
</I>>>><i> digital signature<<A HREF="http://en.wikipedia.org/wiki/Digital_signature">http://en.wikipedia.org/wiki/Digital_signature</A>> of
</I>>><i> a
</I>>>><i> message using the private key, which can be verified
</I>>><i> using the public
</I>>>><i> key. It also allows protection of the confidentiality
</I>>>><i> <<A HREF="http://en.wikipedia.org/wiki/Confidentiality">http://en.wikipedia.org/wiki/Confidentiality</A>> and
</I>>><i> integrity
</I>>>><i> <<A HREF="http://en.wikipedia.org/wiki/Integrity">http://en.wikipedia.org/wiki/Integrity</A>> of a
</I>>><i> message, by public key
</I>>>><i> encryption<<A HREF="http://en.wikipedia.org/wiki/Encryption">http://en.wikipedia.org/wiki/Encryption</A>>, encrypting
</I>>><i> the
</I>>>><i> message using the public key, which can only be
</I>>><i> decrypted using the
</I>>>><i> private key.
</I>>>><i>
</I>>><i>
</I>>><i> Granted "definition" may have been a poor choice of word.
</I>>><i> But AFAIK the use case of "encrypting" via the private key
</I>>><i> is generally called signing.
</I>>><i> So I assumed that the OP had the wrong idea about how the
</I>>><i> scheme is used because he didn't
</I>>><i> use the generally accept terminology. If that was
</I>>><i> presumptuous I hereby apologize.
</I>>><i>
</I>>><i> So, to come back to the OPs question:
</I>>><i> if you use a RSA key to encrypt a message like you did in
</I>>><i> your example internally it uses the public
</I>>><i> part of the key pair for encryption. you would then have to
</I>>><i> use the private part to decypt it.
</I>>><i> If on the other hand you really want to encrypt with the
</I>>><i> private part and decrypt with the public part
</I>>><i> then know that this is usually refered to as signing and
</I>>><i> verifying (verification?).
</I>>><i> There is also and API for this in PyCrypto.
</I>>><i>
</I>>><i> Hope this is clearer and more helpful than my last
</I>>><i> message.
</I>>><i>
</I>>><i> have a nice day
</I>>><i> //Lorenz
</I>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crypt.py
Type: text/x-python
Size: 3969 bytes
Desc: not available
Url : <A HREF="http://lists.dlitz.net/pipermail/pycrypto/attachments/20100504/d5ad8e25/attachment.py">http://lists.dlitz.net/pipermail/pycrypto/attachments/20100504/d5ad8e25/attachment.py</A>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000226.html">[pycrypto] Pycrypto question.
</A></li>
<LI>Next message: <A HREF="000230.html">[pycrypto] Pycrypto question.
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#228">[ date ]</a>
<a href="thread.html#228">[ thread ]</a>
<a href="subject.html#228">[ subject ]</a>
<a href="author.html#228">[ author ]</a>
</LI>
</UL>
<hr>
<a href="http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto">More information about the pycrypto
mailing list</a><br>
</body></html>
|
