summaryrefslogtreecommitdiff
path: root/pipermail/pycrypto/attachments/20130218/750a6d6e/attachment-0001.html
blob: 5cfa71531e9d4b50af7820672600ebc5f4a8604b (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199

<tt>
Hi&nbsp;Dwayne,&lt;br&gt;&lt;br&gt;Please&nbsp;see&nbsp;inline.&lt;br&gt;&lt;br&gt;&lt;div&nbsp;class=&quot;gmail_quote&quot;&gt;2013/2/18&nbsp;Dwayne&nbsp;Litzenberger&nbsp;&lt;span&nbsp;dir=&quot;ltr&quot;&gt;&lt;&lt;a&nbsp;href=&quot;mailto:dlitz@dlitz.net&quot;&nbsp;target=&quot;_blank&quot;&gt;dlitz@dlitz.net&lt;/a&gt;&gt;&lt;/span&gt;&lt;br&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0&nbsp;0&nbsp;0&nbsp;.8ex;border-left:1px&nbsp;#ccc&nbsp;solid;padding-left:1ex&quot;&gt;<br>
<br>
<br>
<br>
[Reposted&nbsp;from&nbsp;&#39;Hash:&nbsp;Remove&nbsp;&quot;oid&quot;&nbsp;attributes;&nbsp;add&nbsp;&quot;name&quot;&nbsp;attribute&#39;&lt;br&gt;<br>
 &nbsp; &lt;a&nbsp;href=&quot;https://github.com/dlitz/pycrypto/commit/a3ec589b8dcd1c86ddd5f35666e74aa3230801b5&quot;&nbsp;target=&quot;_blank&quot;&gt;https://github.com/dlitz/&lt;u&gt;&lt;/u&gt;pycrypto/commit/&lt;u&gt;&lt;/u&gt;a3ec589b8dcd1c86ddd5f35666e74a&lt;u&gt;&lt;/u&gt;a3230801b5&lt;/a&gt;]:&lt;br&gt;<br>
<br>
<br>
<br>
<br>
&lt;br&gt;<br>
Legrandin&nbsp;wrote:&lt;br&gt;<br>
&lt;br&gt;<br>
&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0&nbsp;0&nbsp;0&nbsp;.8ex;border-left:1px&nbsp;#ccc&nbsp;solid;padding-left:1ex&quot;&gt;<br>
Hi&nbsp;Dwayne,&lt;br&gt;<br>
&lt;br&gt;<br>
The&nbsp;Object&nbsp;ID&nbsp;is&nbsp;an&nbsp;identifier&nbsp;assigned&nbsp;by&nbsp;(inter)national&nbsp;standard&nbsp;bodies&nbsp;(NIST)&nbsp;or&nbsp;recognized&nbsp;private&nbsp;organizations&nbsp;(RSA&nbsp;Inc,&nbsp;Teletrust)&nbsp;to&nbsp;the&nbsp;hash&nbsp;algorithm&nbsp;for&nbsp;use&nbsp;in&nbsp;all&nbsp;the&nbsp;several&nbsp;crypto&nbsp;protocols&nbsp;based&nbsp;on&nbsp;ASN.1&nbsp;(PKCS#1&nbsp;signatures,&nbsp;PKCS#7/CMS,&nbsp;PKCS#8&nbsp;private&nbsp;key&nbsp;encapsulation,&nbsp;SSL/TLS,&nbsp;CA&nbsp;certificates,&nbsp;etc).&nbsp;Nothing&nbsp;stops&nbsp;one&nbsp;from&nbsp;also&nbsp;using&nbsp;without&nbsp;ASN.1,&nbsp;as&nbsp;a&nbsp;stand-along&nbsp;numerical&nbsp;string&nbsp;guaranteed&nbsp;to&nbsp;be&nbsp;unique.&lt;br&gt;<br>
<br>
<br>
<br>
<br>
&lt;br&gt;<br>
The&nbsp;fact&nbsp;that&nbsp;a&nbsp;few&nbsp;other&nbsp;protocols&nbsp;don&#39;t&nbsp;use&nbsp;it&nbsp;(and&nbsp;prefer&nbsp;to&nbsp;have&nbsp;their&nbsp;own&nbsp;internal&nbsp;identifiers,&nbsp;and&nbsp;therefore&nbsp;not&nbsp;leverage&nbsp;work&nbsp;done&nbsp;by&nbsp;others&nbsp;already)&nbsp;does&nbsp;not&nbsp;look&nbsp;to&nbsp;me&nbsp;as&nbsp;a&nbsp;reason&nbsp;to&nbsp;isolate&nbsp;it&nbsp;in&nbsp;the&nbsp;PKCS#1v1.5&nbsp;signature&nbsp;module,&nbsp;considering&nbsp;that&nbsp;protocols&nbsp;that&nbsp;use&nbsp;it&nbsp;are&nbsp;the&nbsp;majority,&nbsp;and&nbsp;all&nbsp;hashes&nbsp;currently&nbsp;in&nbsp;pycrypto&nbsp;have&nbsp;it&nbsp;(being&nbsp;them&nbsp;all&nbsp;quite&nbsp;mature).&lt;br&gt;<br>
<br>
<br>
<br>
<br>
&lt;br&gt;<br>
The&nbsp;attribute&nbsp;could&nbsp;also&nbsp;remained&nbsp;undefined&nbsp;for&nbsp;those&nbsp;experimental&nbsp;hash&nbsp;that&nbsp;pycrypto&nbsp;ever&nbsp;introduced&nbsp;but&nbsp;that&nbsp;don&#39;t&nbsp;have&nbsp;any&nbsp;Object&nbsp;ID&nbsp;assigned&nbsp;yet&nbsp;(e.g.&nbsp;Salsa20&nbsp;maybe?).&nbsp;That&nbsp;would&nbsp;just&nbsp;mean&nbsp;that&nbsp;the&nbsp;hash&nbsp;cannot&nbsp;be&nbsp;used&nbsp;to&nbsp;make&nbsp;PKCS#1v1.5&nbsp;signatures&nbsp;(which&nbsp;makes&nbsp;sense).&nbsp;If&nbsp;the&nbsp;OID&nbsp;exists,&nbsp;it&nbsp;can&nbsp;be&nbsp;added&nbsp;to&nbsp;the&nbsp;module.&nbsp;It&nbsp;it&nbsp;doesn&#39;t,&nbsp;it&nbsp;is&nbsp;not&nbsp;defined.&lt;br&gt;<br>
<br>
<br>
<br>
<br>
&lt;/blockquote&gt;<br>
&lt;br&gt;<br>
My&nbsp;response:&lt;br&gt;<br>
&lt;br&gt;<br>
 &nbsp; &nbsp;Be&nbsp;very&nbsp;careful&nbsp;with&nbsp;your&nbsp;use&nbsp;of&nbsp;Object&nbsp;Identifiers.&nbsp; In&nbsp;many&nbsp;cases&nbsp;there&nbsp;are&nbsp;a&lt;br&gt;<br>
 &nbsp; &nbsp;great&nbsp;many&nbsp;OIDs&nbsp;available&nbsp;for&nbsp;the&nbsp;same&nbsp;algorithm,&nbsp;but&nbsp;the&nbsp;exact&nbsp;OID&nbsp;you&#39;re&lt;br&gt;<br>
 &nbsp; &nbsp;supposed&nbsp;to&nbsp;use&nbsp;varies&nbsp;somewhat.&lt;br&gt;<br>
 &nbsp; &nbsp;--&nbsp;Peter&nbsp;Gutmann,&nbsp;X.509&nbsp;Style&nbsp;Guide,&nbsp;&lt;a&nbsp;href=&quot;http://www.cs.auckland.ac.nz/%7Epgut001/pubs/x509guide.txt&quot;&nbsp;target=&quot;_blank&quot;&gt;http://www.cs.auckland.ac.nz/~&lt;u&gt;&lt;/u&gt;pgut001/pubs/x509guide.txt&lt;/a&gt;&lt;br&gt;<br>
&lt;br&gt;&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;Does&nbsp;any&nbsp;of&nbsp;the&nbsp;hash&nbsp;algorithm&nbsp;in&nbsp;the&nbsp;library&nbsp;have&nbsp;more&nbsp;than&nbsp;1&nbsp;OID?&lt;br&gt;If&nbsp;not,&nbsp;maybe&nbsp;this&nbsp;quote&nbsp;was&nbsp;referring&nbsp;to&nbsp;something&nbsp;else?&lt;br&gt; &lt;br&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0&nbsp;0&nbsp;0&nbsp;.8ex;border-left:1px&nbsp;#ccc&nbsp;solid;padding-left:1ex&quot;&gt;<br>
<br>
<br>
&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0&nbsp;0&nbsp;0&nbsp;.8ex;border-left:1px&nbsp;#ccc&nbsp;solid;padding-left:1ex&quot;&gt;<br>
Protocols&nbsp;that&nbsp;use&nbsp;[OIDs]&nbsp;are&nbsp;the&nbsp;majority&lt;br&gt;<br>
&lt;/blockquote&gt;<br>
&lt;br&gt;<br>
Really?&nbsp; The&nbsp;only&nbsp;widely-used&nbsp;protocols&nbsp;I&nbsp;can&nbsp;think&nbsp;of&nbsp;are&nbsp;SNMP&nbsp;(which&nbsp;is&nbsp;irrelevant&nbsp;here),&nbsp;LDAP&nbsp;(also&nbsp;irrelevant),&nbsp;and&nbsp;the&nbsp;CMS/TLS/PKCS&nbsp;protocol&nbsp;suite.&nbsp; SSH&nbsp;doesn&#39;t&nbsp;use&nbsp;them,&nbsp;OpenPGP&nbsp;doesn&#39;t&nbsp;use&nbsp;them,&nbsp;DNSSEC&nbsp;doesn&#39;t&nbsp;use&nbsp;them,&nbsp;OAuth&nbsp;doesn&#39;t&nbsp;use&nbsp;them,&nbsp;OpenID&nbsp;doesn&#39;t&nbsp;use&nbsp;them,&nbsp;DKIM&nbsp;doesn&#39;t&nbsp;use&nbsp;them,&nbsp;and&nbsp;I&#39;m&nbsp;pretty&nbsp;sure&nbsp;that&nbsp;IPsec/IKEv1/IKEv2&nbsp;don&#39;t&nbsp;use&nbsp;them.&nbsp; Of&nbsp;the&nbsp;protocols&nbsp;that&nbsp;do&nbsp;use&nbsp;them,&nbsp;which&nbsp;ones&nbsp;actually&nbsp;use&nbsp;the&nbsp;OIDs&nbsp;listed&nbsp;in&nbsp;this&nbsp;commit,&nbsp;rather&nbsp;than&nbsp;some&nbsp;ciphersuite&nbsp;identifier&nbsp;like&nbsp;pbeWithSHA1AndDES-CBC?&nbsp; Have&nbsp;there&nbsp;been&nbsp;any&nbsp;major&nbsp;new&nbsp;crypto&nbsp;protocols&nbsp;designed&nbsp;in&nbsp;the&nbsp;last&nbsp;decade&nbsp;that&nbsp;use&nbsp;these&nbsp;OIDs?&nbsp; That&nbsp;use&nbsp;ASN.1? &lt;/blockquote&gt;<br>
<br>
&lt;div&gt;&lt;/div&gt;&lt;div&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0&nbsp;0&nbsp;0&nbsp;.8ex;border-left:1px&nbsp;#ccc&nbsp;solid;padding-left:1ex&quot;&gt;<br>
This&nbsp;is&nbsp;going&nbsp;to&nbsp;be&nbsp;a&nbsp;bit&nbsp;of&nbsp;a&nbsp;long&nbsp;rant.&lt;br&gt;<br>
&lt;br&gt;<br>
OIDs&nbsp;and&nbsp;ASN.1&nbsp;are&nbsp;legacy&nbsp;ITU-T&nbsp;crap,&nbsp;and&nbsp;the&nbsp;protocols&nbsp;built&nbsp;around&nbsp;them&nbsp;are&nbsp;overcomplicated&nbsp;and&nbsp;error-prone.&nbsp; The&nbsp;only&nbsp;reason&nbsp;why&nbsp;I&nbsp;merged&nbsp;any&nbsp;ASN.1&nbsp;stuff&nbsp;at&nbsp;all&nbsp;is&nbsp;because&nbsp;PKCS#1&nbsp;uses&nbsp;it.&nbsp; PKCS#1&nbsp;is&nbsp;a&nbsp;bit&nbsp;of&nbsp;a&nbsp;special&nbsp;case,&nbsp;because&nbsp;it&#39;s&nbsp;basically&nbsp;synonymous&nbsp;with&nbsp;RSA;&nbsp;It&#39;s&nbsp;even&nbsp;used&nbsp;protocols&nbsp;that&nbsp;don&#39;t&nbsp;otherwise&nbsp;use&nbsp;ASN.1&nbsp;use&nbsp;PKCS#1.&lt;br&gt;<br>
<br>
<br>
&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;I&nbsp;think&nbsp;we&nbsp;are&nbsp;throwing&nbsp;the&nbsp;baby&nbsp;with&nbsp;the&nbsp;dirty&nbsp;water&nbsp;here.&lt;br&gt;&lt;br&gt;I&nbsp;agree&nbsp;ITU&nbsp;created&nbsp;a&nbsp;lot&nbsp;of&nbsp;bloated&nbsp;standards&nbsp;and&nbsp;protocols.&lt;br&gt;ASN.1&nbsp;got&nbsp;a&nbsp;bad&nbsp;fame&nbsp;mostly&nbsp;because&nbsp;of&nbsp;that,&nbsp;and&nbsp;even&nbsp;though&nbsp;bells&nbsp;and&nbsp;whistles&nbsp;have&nbsp;been&nbsp;added&nbsp;over&nbsp;time&nbsp;due&nbsp;to&nbsp;design-by-committee,&nbsp;its&nbsp;core&nbsp;remains&nbsp;very&nbsp;simple&nbsp;and&nbsp;elegant.&nbsp;BER/DER&nbsp;encoding&nbsp;in&nbsp;particular&nbsp;is&nbsp;very&nbsp;handy&nbsp;for&nbsp;binary&nbsp;serialization&nbsp;(even&nbsp;outside&nbsp;of&nbsp;the&nbsp;crypto&nbsp;context);&nbsp;it&nbsp;could&nbsp;be&nbsp;summarized&nbsp;in&nbsp;3&nbsp;or&nbsp;4&nbsp;pages&nbsp;only&nbsp;and&nbsp;still&nbsp;cover&nbsp;95%&nbsp;of&nbsp;the&nbsp;use&nbsp;cases&nbsp;one&nbsp;could&nbsp;ever&nbsp;need.&nbsp;Even&nbsp;the&nbsp;famous,&nbsp;short&nbsp;layman&nbsp;guide&nbsp;could&nbsp;be&nbsp;trimmed&nbsp;down&nbsp;a&nbsp;lot&nbsp;[2].&nbsp;To&nbsp;me,&nbsp;BER/DER&nbsp;is&nbsp;just&nbsp;a&nbsp;rock&nbsp;solid&nbsp;binary&nbsp;TLV&nbsp;with&nbsp;a&nbsp;compact&nbsp;schema&nbsp;format&nbsp;(which&nbsp;even&nbsp;XML&nbsp;never&nbsp;had&nbsp;until&nbsp;RELAX&nbsp;NG).&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;Google&#39;s&nbsp;ProtocolBuffers,&nbsp;Facebook&#39;s&nbsp;Thrift&nbsp;and&nbsp;several&nbsp;others&nbsp;have&nbsp;been&nbsp;created&nbsp;very&nbsp;recently&nbsp;to&nbsp;cover&nbsp;the&nbsp;same&nbsp;problem&nbsp;space;&nbsp;they&nbsp;ended&nbsp;up&nbsp;re-inventing&nbsp;the&nbsp;same&nbsp;wheel,&nbsp;getting&nbsp;the&nbsp;abstraction&nbsp;wrong,&nbsp;and&nbsp;still&nbsp;without&nbsp;the&nbsp;simplicity&nbsp;of&nbsp;BER/DER&nbsp;[3].&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;Now,&nbsp;in&nbsp;the&nbsp;crypto&nbsp;world,&nbsp;ASN.1&nbsp;DER&nbsp;has&nbsp;been&nbsp;the&nbsp;encoding&nbsp;of&nbsp;choice&nbsp;exactly&nbsp;because&nbsp;it&nbsp;is&nbsp;simple,&nbsp;clear,&nbsp;efficient,&nbsp;and&nbsp;unambiguous.&nbsp;I&nbsp;stress&nbsp;&quot;efficient&quot;&nbsp;in&nbsp;that&nbsp;crypto&nbsp;is&nbsp;also&nbsp;done&nbsp;by&nbsp;resource&nbsp;constrained&nbsp;applications&nbsp;like&nbsp;embedded/industrial&nbsp;devices,&nbsp;sensors,&nbsp;smart&nbsp;cards,&nbsp;crypto&nbsp;tokens&nbsp;(all&nbsp;things&nbsp;that&nbsp;have&nbsp;serious&nbsp;trouble&nbsp;processing&nbsp;a&nbsp;bit&nbsp;of&nbsp;HTTP&nbsp;or&nbsp;XML).&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;Sure,&nbsp;horrible&nbsp;things&nbsp;have&nbsp;been&nbsp;built&nbsp;with&nbsp;ASN.1,&nbsp;but&nbsp;that&#39;s&nbsp;true&nbsp;for&nbsp;anything.&lt;br&gt;XML-DSIG&nbsp;is&nbsp;a&nbsp;good&nbsp;example&nbsp;[4],&nbsp;which&nbsp;does&nbsp;*not*&nbsp;prove&nbsp;that&nbsp;XML&nbsp;is&nbsp;bad&nbsp;per&nbsp;se.&lt;br&gt;&lt;br&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
<br>
<br>
<br>
I&nbsp;think&nbsp;it&nbsp;was&nbsp;you&nbsp;who&nbsp;convinced&nbsp;me&nbsp;that&nbsp;the&nbsp;ASN.1&nbsp;used&nbsp;by&nbsp;PKCS#1&nbsp;was&nbsp;simple&nbsp;enough&nbsp;that&nbsp;it&nbsp;wouldn&#39;t&nbsp;lead&nbsp;to&nbsp;an&nbsp;endless&nbsp;series&nbsp;of&nbsp;bugs.&nbsp; Even&nbsp;so,&nbsp;you&nbsp;*still*&nbsp;got&nbsp;it&nbsp;wrong,&nbsp;as&nbsp;described&nbsp;in&nbsp;LP#1119552&nbsp;[1]&nbsp;.&nbsp; I&#39;m&nbsp;not&nbsp;blaming&nbsp;you;&nbsp;I&#39;m&nbsp;blaming&nbsp;ASN.1&nbsp;for&nbsp;being&nbsp;such&nbsp;a&nbsp;terrible,&nbsp;complicated,&nbsp;obfuscatory&nbsp;way&nbsp;to&nbsp;define&nbsp;and&nbsp;describe&nbsp;data&nbsp;formats.&nbsp; Hell,&nbsp;the&nbsp;only&nbsp;reason&nbsp;why&nbsp;you&nbsp;got&nbsp;it&nbsp;wrong&nbsp;was&nbsp;because&nbsp;*so&nbsp;many&nbsp;other&nbsp;people&nbsp;got&nbsp;it&nbsp;wrong&nbsp;early&nbsp;on&nbsp;that&nbsp;the&nbsp;spec&nbsp;was&nbsp;modified&nbsp;to&nbsp;accommodate&nbsp;their&nbsp;errors*.&nbsp; And&nbsp;PKCS#1&nbsp;is&nbsp;a&nbsp;much&nbsp;*simpler*&nbsp;use-case&nbsp;of&nbsp;ASN.1&nbsp;compared&nbsp;to&nbsp;the&nbsp;rest&nbsp;of&nbsp;the&nbsp;CMS/TLS/PKCS&nbsp;suite...&lt;br&gt;<br>
<br>
<br>
&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;I&nbsp;ignored&nbsp;3&nbsp;lines&nbsp;in&nbsp;Appendix&nbsp;B&nbsp;of&nbsp;RFC&nbsp;3447&nbsp;(page&nbsp;54,&nbsp;out&nbsp;of&nbsp;70+).&lt;br&gt;&lt;br&gt;Would&nbsp;have&nbsp;it&nbsp;made&nbsp;any&nbsp;different&nbsp;if&nbsp;the&nbsp;encoding&nbsp;had&nbsp;been&nbsp;XML,&nbsp;Json,&nbsp;or&nbsp;some&nbsp;custom&nbsp;application-specific&nbsp;format?&nbsp;I&nbsp;don&#39;t&nbsp;think&nbsp;so.&lt;br&gt;<br>
&lt;br&gt;It&nbsp;has&nbsp;more&nbsp;to&nbsp;do&nbsp;with&nbsp;the&nbsp;fact&nbsp;that&nbsp;any&nbsp;20+&nbsp;years&nbsp;old&nbsp;format&nbsp;(PKCS#1)&nbsp;always&nbsp;has&nbsp;some&nbsp;quirks.&nbsp;That,&nbsp;and&nbsp;I&nbsp;was&nbsp;not&nbsp;good&nbsp;enough&nbsp;to&nbsp;read&nbsp;the&nbsp;whole&nbsp;the&nbsp;RFC.&lt;br&gt;But&nbsp;not&nbsp;really&nbsp;a&nbsp;good&nbsp;example&nbsp;for&nbsp;why&nbsp;ASN.1&nbsp;is&nbsp;bad.&lt;br&gt;<br>
<br>
&nbsp;&lt;br&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
In&nbsp;contrast,&nbsp;PyCrypto&nbsp;*needs*&nbsp;to&nbsp;be&nbsp;kept&nbsp;simple,&nbsp;because&nbsp;we&nbsp;simply&nbsp;don&#39;t&nbsp;have&nbsp;the&nbsp;developer&nbsp;resources&nbsp;to&nbsp;create&nbsp;a&nbsp;secure&nbsp;CMS/TLS/PKCS&nbsp;implementation.&nbsp; Even&nbsp;if&nbsp;we&nbsp;had&nbsp;the&nbsp;resources,&nbsp;getting&nbsp;it&nbsp;right&nbsp;is&nbsp;tricky&nbsp;enough&nbsp;that&nbsp;we&nbsp;*shouldn&#39;t*&nbsp;try&nbsp;to&nbsp;make&nbsp;yet&nbsp;another&nbsp;implementation---especially&nbsp;not&nbsp;one&nbsp;that&#39;s&nbsp;Python-specific.&lt;/blockquote&gt;<br>
<br>
<br>
&lt;div&gt;&lt;br&gt;I&nbsp;think&nbsp;that&nbsp;asn1&nbsp;module&nbsp;serves&nbsp;the&nbsp;purpose&nbsp;of&nbsp;simplicity,&nbsp;because:&lt;br&gt;a)&nbsp;the&nbsp;code&nbsp;that&nbsp;uses&nbsp;it&nbsp;(PKCS#1/#5/#8)&nbsp;is&nbsp;more&nbsp;compact&nbsp;and&nbsp;readable&nbsp;(at&nbsp;least&nbsp;to&nbsp;me,&nbsp;and&nbsp;compared&nbsp;to&nbsp;what&nbsp;it&nbsp;would&nbsp;be&nbsp;w/o&nbsp;the&nbsp;asn1&nbsp;module),&nbsp;and&nbsp;more&nbsp;importantly&lt;br&gt;<br>
b)&nbsp;I&nbsp;consider&nbsp;PKCS#1/#5/#8&nbsp;fundamental&nbsp;for&nbsp;a&nbsp;base&nbsp;crypto&nbsp;library.&nbsp;I&nbsp;consider&nbsp;a&nbsp;library&nbsp;w/o&nbsp;them&nbsp;even&nbsp;harmful.&lt;br&gt;&lt;br&gt;Having&nbsp;said&nbsp;that,&nbsp;let&nbsp;me&nbsp;derail&nbsp;a&nbsp;bit&nbsp;to&nbsp;say&nbsp;that&nbsp;I&nbsp;agree&nbsp;that&nbsp;TLS&nbsp;doesn&#39;t&nbsp;belong&nbsp;into&nbsp;PyCrypto&nbsp;because&nbsp;it&nbsp;is&nbsp;way&nbsp;above&nbsp;than&nbsp;&quot;basic&nbsp;crypto&quot;.&nbsp;I&nbsp;never&nbsp;looked&nbsp;enough&nbsp;into&nbsp;CMS&nbsp;to&nbsp;have&nbsp;an&nbsp;opinion&nbsp;about&nbsp;it,&nbsp;but&nbsp;its&nbsp;RFC&nbsp;is&nbsp;shorter&nbsp;than&nbsp;PKCS1,&nbsp;so&nbsp;I&nbsp;don&#39;t&nbsp;have&nbsp;the&nbsp;feeling&nbsp;it&#39;s&nbsp;actually&nbsp;complicated.&lt;br&gt;<br>
<br>
<br>
I&nbsp;don&#39;t&nbsp;understand&nbsp;what&nbsp;&quot;PKCS&nbsp;implementation&quot;&nbsp;means&nbsp;though&nbsp;(in&nbsp;the&nbsp;same&nbsp;way&nbsp;I&nbsp;would&nbsp;not&nbsp;know&nbsp;what&nbsp;&quot;RFC&quot;&nbsp;implementation&nbsp;is).&nbsp;All&nbsp;PKCS&nbsp;standards&nbsp;vary&nbsp;in&nbsp;scope&nbsp;and&nbsp;use.&lt;br&gt;<br>
PKCS#1&nbsp;is&nbsp;just&nbsp;a&nbsp;standardized&nbsp;way&nbsp;to&nbsp;do&nbsp;RSA,&nbsp;because&nbsp;otherwise&nbsp;any&nbsp;<br>
program&nbsp;would&nbsp;do&nbsp;it&nbsp;differently&nbsp;and&nbsp;cryptography&nbsp;in&nbsp;<br>
application&nbsp;would&nbsp;be&nbsp;years&nbsp;behind&nbsp;(ElGamal&nbsp;anybody?).&nbsp;PKCS#5&nbsp;is&nbsp;a&nbsp;standardized&nbsp;way&nbsp;to&nbsp;<br>
derive&nbsp;keys&nbsp;from&nbsp;passwords.&nbsp;I&nbsp;believe&nbsp;they&nbsp;deserve&nbsp;to&nbsp;be&nbsp;in&nbsp;a&nbsp;basic&nbsp;crypto&nbsp;library,&nbsp;since&nbsp;I&nbsp;could&nbsp;not&nbsp;imagine&nbsp;working&nbsp;w/o&nbsp;them&nbsp;(they&nbsp;also&nbsp;turned&nbsp;into&nbsp;RFC&nbsp;for&nbsp;a&nbsp;reason).&lt;br&gt;<br>
Other&nbsp;PKCS&nbsp;specs&nbsp;don&#39;t&nbsp;because&nbsp;they&nbsp;are&nbsp;focused&nbsp;on&nbsp;very&nbsp;specific&nbsp;use&nbsp;cases&nbsp;(PKCS#11,&nbsp;for&nbsp;secure&nbsp;tokens)&nbsp;or&nbsp;are&nbsp;total&nbsp;crap&nbsp;(PKCS#12).&lt;br&gt;&lt;br&gt;In&nbsp;short,&nbsp;the&nbsp;expression&nbsp;&quot;CMS/TLS/PKCS&quot;&nbsp;you&nbsp;use&nbsp;all&nbsp;over&nbsp;your&nbsp;email&nbsp;is&nbsp;binding&nbsp;together&nbsp;too&nbsp;many&nbsp;unrelated&nbsp;things.&lt;br&gt;<br>
 <br>
&lt;br&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;It&nbsp;would&nbsp;be&nbsp;better&nbsp;to&nbsp;pool&nbsp;our&nbsp;limited&nbsp;resources&nbsp;with&nbsp;other&nbsp;FOSS&nbsp;crypto&nbsp;developers&nbsp;to&nbsp;improve&nbsp;the&nbsp;existing&nbsp;implementations,&nbsp;or&nbsp;maybe&nbsp;to&nbsp;try&nbsp;to&nbsp;recruit&nbsp;them&nbsp;to&nbsp;work&nbsp;on&nbsp;a&nbsp;new&nbsp;project&nbsp;that&nbsp;would&nbsp;become&nbsp;the&nbsp;successor&nbsp;to&nbsp;the&nbsp;existing&nbsp;implementations.&nbsp; One&nbsp;more&nbsp;insecure,&nbsp;resource-starved&nbsp;FOSS&nbsp;CMS/TLS/PKCS&nbsp;implementation&nbsp;is&nbsp;not&nbsp;good&nbsp;for&nbsp;users.&lt;br&gt;<br>
<br>
<br>
&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
OpenSSL&nbsp;exists&nbsp;today,&nbsp;and&nbsp;there&nbsp;are&nbsp;several&nbsp;ways&nbsp;to&nbsp;use&nbsp;it&nbsp;from&nbsp;Python.&nbsp; The&nbsp;purpose&nbsp;of&nbsp;PyCrypto&nbsp;is&nbsp;not&nbsp;to&nbsp;reimplement&nbsp;everything&nbsp;that&nbsp;OpenSSL&nbsp;already&nbsp;does.&nbsp; What&nbsp;would&nbsp;be&nbsp;gained&nbsp;by&nbsp;doing&nbsp;that?&nbsp; If&nbsp;we&nbsp;just&nbsp;wanted&nbsp;to&nbsp;make&nbsp;a&nbsp;nicer,&nbsp;more&nbsp;Pythonic&nbsp;API&nbsp;for&nbsp;OpenSSL,&nbsp;we&nbsp;could&nbsp;just&nbsp;add&nbsp;OpenSSL&nbsp;as&nbsp;a&nbsp;dependency&nbsp;and&nbsp;be&nbsp;done&nbsp;with&nbsp;it.&nbsp; (Python&nbsp;itself&nbsp;already&nbsp;uses&nbsp;OpenSSL&nbsp;for&nbsp;hashlib,&nbsp;so&nbsp;it&#39;s&nbsp;not&nbsp;unprecedented.)&lt;br&gt;<br>
<br>
<br>
&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;A&nbsp;hard&nbsp;dependency&nbsp;on&nbsp;OpenSSL&nbsp;would&nbsp;make&nbsp;my&nbsp;life&nbsp;difficult&nbsp;for&nbsp;quite&nbsp;a&nbsp;few&nbsp;reasons:&lt;br&gt;*&nbsp;Its&nbsp;license&nbsp;is&nbsp;neither&nbsp;LGPL-like&nbsp;nor&nbsp;BSD-like&nbsp;and&nbsp;it&nbsp;forces&nbsp;one&nbsp;to&nbsp;advertise&nbsp;its&nbsp;presence&nbsp;(deserved&nbsp;credit,&nbsp;but&nbsp;awkward&nbsp;to&nbsp;do)&lt;br&gt;<br>
<br>
<br>
*&nbsp;It&nbsp;is&nbsp;cumbersome&nbsp;to&nbsp;cross-compile&lt;br&gt;*&nbsp;Its&nbsp;API&nbsp;is&nbsp;very&nbsp;complex&nbsp;and&nbsp;inconsistent&lt;br&gt;*&nbsp;It&nbsp;is&nbsp;difficult&nbsp;to&nbsp;predict&nbsp;if&nbsp;my&nbsp;target&nbsp;platform&nbsp;will&nbsp;have&nbsp;the&nbsp;openssl&nbsp;library,&nbsp;and&nbsp;if&nbsp;it&nbsp;does,&nbsp;which&nbsp;version&nbsp;of&nbsp;it&lt;br&gt;*&nbsp;It&nbsp;is&nbsp;rather&nbsp;Windows-unfriendly&nbsp;(not&nbsp;that&nbsp;pycrypto&nbsp;itself&nbsp;is&nbsp;much&nbsp;different&nbsp;though...)&lt;br&gt;<br>
<br>
<br>
*&nbsp;Finally,&nbsp;I&nbsp;don&#39;t&nbsp;like&nbsp;to&nbsp;put&nbsp;all&nbsp;eggs&nbsp;in&nbsp;the&nbsp;same&nbsp;basket.&nbsp;Today,&nbsp;a&nbsp;bug&nbsp;in&nbsp;OpenSSL&nbsp;can&nbsp;easily&nbsp;cause&nbsp;unpredictable&nbsp;chain&nbsp;reactions&nbsp;because&nbsp;it&nbsp;is&nbsp;used&nbsp;too&nbsp;much&nbsp;by&nbsp;too&nbsp;many&nbsp;people&nbsp;[7]&nbsp;(in&nbsp;other&nbsp;projects,&nbsp;I&nbsp;prefer&nbsp;other&nbsp;TLS&nbsp;libraries&nbsp;also&nbsp;for&nbsp;that&nbsp;reason).&nbsp;Put&nbsp;differently,&nbsp;I&nbsp;am&nbsp;all&nbsp;for&nbsp;some&nbsp;level&nbsp;of&nbsp;ecosystem&nbsp;diversity&nbsp;when&nbsp;it&nbsp;comes&nbsp;to&nbsp;security.&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;The&nbsp;reason&nbsp;I&nbsp;started&nbsp;using&nbsp;PyCrypto&nbsp;is&nbsp;that&nbsp;nothing&nbsp;better&nbsp;existed&nbsp;for&nbsp;python&nbsp;(e.g.&nbsp;like&nbsp;BouncyCastle&nbsp;for&nbsp;Java,&nbsp;Crypto++&nbsp;for&nbsp;C++,&nbsp;or&nbsp;.NET&nbsp;crypto&nbsp;services),&nbsp;apart&nbsp;from&nbsp;odd&nbsp;wrappers&nbsp;to&nbsp;C&nbsp;libraries&nbsp;(if&nbsp;I&nbsp;wanted&nbsp;that,&nbsp;I&nbsp;would&nbsp;stick&nbsp;to&nbsp;C++)&nbsp;which&nbsp;also&nbsp;increased&nbsp;my&nbsp;list&nbsp;of&nbsp;external&nbsp;dependencies&nbsp;(being&nbsp;self-contained&nbsp;is&nbsp;also&nbsp;very&nbsp;valuable).&lt;br&gt;<br>
&lt;br&gt;The&nbsp;only&nbsp;alternative&nbsp;is&nbsp;keyczar,&nbsp;which&nbsp;keeps&nbsp;too&nbsp;much&nbsp;stuff&nbsp;under&nbsp;the&nbsp;bonnet&nbsp;for&nbsp;what&nbsp;I&nbsp;need&nbsp;to&nbsp;do.&lt;br&gt;&lt;br&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
<br>
<br>
<br>
PyCrypto&nbsp;is&nbsp;used&nbsp;by&nbsp;a&nbsp;lot&nbsp;of&nbsp;folks&nbsp;who&nbsp;are&nbsp;either&nbsp;implementing&nbsp;recently-created&nbsp;protocols&nbsp;(i.e.&nbsp;*not*&nbsp;CMS/TLS/PKCS),&nbsp;or&nbsp;who&nbsp;are---rightly&nbsp;or&nbsp;wrongly---creating&nbsp;new&nbsp;protocols.&nbsp; One&nbsp;of&nbsp;my&nbsp;goals&nbsp;with&nbsp;PyCrypto&nbsp;has&nbsp;been&nbsp;to&nbsp;improve&nbsp;their&nbsp;chances&nbsp;of&nbsp;building&nbsp;something&nbsp;secure,&nbsp;and&nbsp;to&nbsp;me&nbsp;that&nbsp;means&nbsp;that&nbsp;I&nbsp;should&nbsp;steer&nbsp;people&nbsp;to&nbsp;simpler,&nbsp;easy-to-implement&nbsp;building&nbsp;blocks&nbsp;like&nbsp;OpenPGP&nbsp;and&nbsp;SSH,&nbsp;not&nbsp;complex,&nbsp;error-prone&nbsp;things&nbsp;like&nbsp;ASN.1/CMS/TLS/X.509/PKCS#12.&lt;br&gt;<br>
<br>
<br>
&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;I&nbsp;think&nbsp;a&nbsp;good&nbsp;deal&nbsp;of&nbsp;PyCrypto&nbsp;users&nbsp;fly&nbsp;under&nbsp;your&nbsp;radar&nbsp;(embedded&nbsp;SW,&nbsp;sys&nbsp;admin&nbsp;scripts,&nbsp;test&nbsp;frameworks,&nbsp;crypto&nbsp;workbenches).&nbsp;They&nbsp;don&#39;t&nbsp;develop&nbsp;new&nbsp;protocols,&nbsp;they&nbsp;just&nbsp;implement&nbsp;established&nbsp;ones&nbsp;(and&nbsp;not&nbsp;those&nbsp;web-oriented&nbsp;like&nbsp;OAuth).&lt;br&gt;<br>
<br>
&lt;br&gt;I&nbsp;would&nbsp;also&nbsp;not&nbsp;agree&nbsp;in&nbsp;putting&nbsp;the&nbsp;awful&nbsp;PKCS#12&nbsp;besides&nbsp;all&nbsp;the&nbsp;other&nbsp;protocols&nbsp;you&nbsp;list.&nbsp;If&nbsp;I&nbsp;want&nbsp;to&nbsp;do&nbsp;a&nbsp;PKI,&nbsp;there&nbsp;is&nbsp;no&nbsp;true&nbsp;alternative&nbsp;today&nbsp;to&nbsp;X.509,&nbsp;which&nbsp;-&nbsp;in&nbsp;its&nbsp;PKIX&nbsp;definition&nbsp;-&nbsp;is&nbsp;pretty&nbsp;straightforward&nbsp;actually.&nbsp;You&nbsp;cannot&nbsp;use&nbsp;neither&nbsp;OpenPGP&nbsp;nor&nbsp;SSH&nbsp;in&nbsp;that&nbsp;they&nbsp;adopt&nbsp;different&nbsp;security&nbsp;models&nbsp;(resp.&nbsp;web&nbsp;of&nbsp;trust&nbsp;and&nbsp;opportunistic&nbsp;authentication).&lt;br&gt;<br>
&lt;br&gt;Having&nbsp;said&nbsp;that,&nbsp;isn&#39;t&nbsp;the&nbsp;goal&nbsp;of&nbsp;&quot;steer[ing]&nbsp;people&nbsp;to&nbsp;simpler,&nbsp;easy-to-implement&nbsp;building&nbsp;blocks&quot;&nbsp;exactly&nbsp;the&nbsp;same&nbsp;as&nbsp;keyczar&nbsp;(or&nbsp;nacl,&nbsp;not&nbsp;sure&nbsp;if&nbsp;a&nbsp;wrapper&nbsp;exists&nbsp;for&nbsp;it&nbsp;laready)?&nbsp;Why&nbsp;does&nbsp;pycrypto&nbsp;exist&nbsp;then?&lt;br&gt;<br>
<br>
&lt;br&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
<br>
I&nbsp;want&nbsp;to&nbsp;avoid&nbsp;turning&nbsp;PyCrypto&nbsp;into&nbsp;something&nbsp;that&nbsp;treats&nbsp;CMS/TLS/PKCS&nbsp;as&nbsp;the&nbsp;gold&nbsp;standard&nbsp;and&nbsp;everything&nbsp;else&nbsp;as&nbsp;a&nbsp;second-class&nbsp;citizen.&nbsp; There&nbsp;have&nbsp;already&nbsp;been&nbsp;a&nbsp;few&nbsp;cases&nbsp;of&nbsp;that&nbsp;(for&nbsp;example,&nbsp;the&nbsp;&quot;oid&quot;&nbsp;attribute&nbsp;here,&nbsp;and&nbsp;the&nbsp;&quot;pkcs&quot;&nbsp;parameter&nbsp;to&nbsp;RSA.exportKey),&nbsp;and&nbsp;I&nbsp;see&nbsp;those&nbsp;things&nbsp;as&nbsp;oversights&nbsp;that&nbsp;need&nbsp;to&nbsp;be&nbsp;fixed,&nbsp;not&nbsp;things&nbsp;that&nbsp;I&nbsp;want&nbsp;to&nbsp;entrench&nbsp;further.&lt;br&gt;<br>
<br>
&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;Just&nbsp;to&nbsp;clear&nbsp;things&nbsp;up,&nbsp;the&nbsp;primary&nbsp;reason&nbsp;I&nbsp;added&nbsp;&quot;oid&quot;&nbsp;was&nbsp;to&nbsp;allow&nbsp;one&nbsp;to&nbsp;pass&nbsp;a&nbsp;hash&nbsp;instance&nbsp;to&nbsp;PKCS115_SigScheme.sign()&nbsp;and&nbsp;have&nbsp;the&nbsp;method&nbsp;to&nbsp;automatically&nbsp;pick&nbsp;the&nbsp;correct&nbsp;OID.&nbsp;Having&nbsp;&quot;oid&quot;&nbsp;as&nbsp;attribute&nbsp;of&nbsp;the&nbsp;hash&nbsp;object&nbsp;seemed&nbsp;to&nbsp;me&nbsp;pretty&nbsp;natural&nbsp;(and&nbsp;neutral)&nbsp;choice.&nbsp;I&nbsp;considered&nbsp;the&nbsp;dictionary&nbsp;with&nbsp;hash&nbsp;names,&nbsp;and&nbsp;I&nbsp;was&nbsp;not&nbsp;thrilled&nbsp;by&nbsp;its&nbsp;elegance,&nbsp;but&nbsp;beauty&nbsp;is&nbsp;in&nbsp;the&nbsp;eye&nbsp;of&nbsp;the&nbsp;beholder.&nbsp;It&nbsp;was&nbsp;truly&nbsp;for&nbsp;practical&nbsp;convenience&nbsp;of&nbsp;the&nbsp;library&nbsp;user;&nbsp;no&nbsp;surreptitious&nbsp;plans&nbsp;to&nbsp;have&nbsp;evil&nbsp;asn.1&nbsp;take&nbsp;over.&nbsp;;-)&lt;br&gt;<br>
<br>
&lt;br&gt;The&nbsp;&quot;pkcs&quot;&nbsp;parameter&nbsp;came&nbsp;up&nbsp;because&nbsp;PKCS/DER&nbsp;*is*&nbsp;the&nbsp;gold&nbsp;standard&nbsp;for&nbsp;exporting&nbsp;an&nbsp;RSA&nbsp;key.&nbsp;PGP&nbsp;key&nbsp;format&nbsp;exists&nbsp;simply&nbsp;because&nbsp;it&nbsp;was&nbsp;designed&nbsp;at&nbsp;the&nbsp;dawn&nbsp;of&nbsp;time.&nbsp;SSH&nbsp;key&nbsp;format&nbsp;is&nbsp;application&nbsp;specific&nbsp;(to&nbsp;say,&nbsp;is&nbsp;there&nbsp;even&nbsp;a&nbsp;spec&nbsp;for&nbsp;v1?).&lt;br&gt;<br>
<br>
Any&nbsp;other&nbsp;key&nbsp;format&nbsp;is&nbsp;truly&nbsp;boutique&nbsp;variety.&lt;br&gt; &lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
I&nbsp;see&nbsp;that&nbsp;you&#39;ve&nbsp;been&nbsp;building&nbsp;a&nbsp;PKCS#8&nbsp;implementation&nbsp;in&nbsp;your&nbsp;fork&nbsp;of&nbsp;the&nbsp;PyCrypto&nbsp;repo.&nbsp; I&nbsp;can&nbsp;only&nbsp;assume&nbsp;that&nbsp;you&nbsp;eventually&nbsp;plan&nbsp;to&nbsp;build&nbsp;a&nbsp;PKCS#7/CMS&nbsp;implementation,&nbsp;too.&nbsp; That&#39;s&nbsp;fine,&nbsp;but&nbsp;seeing&nbsp;things&nbsp;like&nbsp;`algos&nbsp;=&nbsp;{&nbsp;&#39;PBKDF2WithHMAC-SHA1AndDES-EDE3-CBC&#39;&nbsp;:&nbsp;_PBES2_Factory(_PBKDF2_Factory(),&nbsp;_DES_EDE3_CBC_Factory())&nbsp;}`&nbsp;convinces&nbsp;me&nbsp;that&nbsp;it&#39;s&nbsp;beyond&nbsp;the&nbsp;scope&nbsp;of&nbsp;what&nbsp;I&nbsp;want&nbsp;to&nbsp;include&nbsp;in&nbsp;PyCrypto,&nbsp;unless&nbsp;it&nbsp;were&nbsp;in&nbsp;a&nbsp;well-isolated&nbsp;subdirectory&nbsp;that&nbsp;could&nbsp;be&nbsp;easily&nbsp;split&nbsp;into&nbsp;a&nbsp;separate&nbsp;package&nbsp;if&nbsp;the&nbsp;maintenance&nbsp;became&nbsp;too&nbsp;burdensome&nbsp;for&nbsp;me.&nbsp; At&nbsp;a&nbsp;minimum,&nbsp;we&#39;d&nbsp;need&nbsp;to&nbsp;agree&nbsp;that&nbsp;the&nbsp;string&nbsp;&quot;X.509&quot;&nbsp;doesn&#39;t&nbsp;belong&nbsp;in&nbsp;the&nbsp;module&nbsp;that&nbsp;implements&nbsp;the&nbsp;raw&nbsp;RSA&nbsp;primitive.&lt;br&gt;<br>
<br>
<br>
&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;It&nbsp;actually&nbsp;never&nbsp;crossed&nbsp;my&nbsp;mind&nbsp;to&nbsp;develop&nbsp;any&nbsp;PKCS#7/CMS&nbsp;code&nbsp;(as&nbsp;I&nbsp;say&nbsp;above,&nbsp;I&#39;ve&nbsp;never&nbsp;looked&nbsp;into&nbsp;it),&nbsp;but&nbsp;it&#39;s&nbsp;not&nbsp;clear&nbsp;to&nbsp;me&nbsp;why&nbsp;you&nbsp;despise&nbsp;it&nbsp;so&nbsp;much,&nbsp;apart&nbsp;from&nbsp;being&nbsp;ASN.1&nbsp;encoded?&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;The&nbsp;thing&nbsp;is,&nbsp;I&nbsp;see&nbsp;PKCS#8&nbsp;as&nbsp;belonging&nbsp;more&nbsp;with&nbsp;primitives.&lt;br&gt;&lt;br&gt;Two&nbsp;of&nbsp;the&nbsp;biggest&nbsp;limitations&nbsp;of&nbsp;PyCrypto&nbsp;were&nbsp;(and&nbsp;up&nbsp;to&nbsp;a&nbsp;point,&nbsp;still&nbsp;are)&nbsp;interoperability&nbsp;with&nbsp;other&nbsp;systems&nbsp;and&nbsp;basic&nbsp;key&nbsp;management.&nbsp;The&nbsp;former&nbsp;brings&nbsp;value,&nbsp;the&nbsp;latter&nbsp;*must*&nbsp;be&nbsp;done&nbsp;right,&nbsp;because&nbsp;it&nbsp;is&nbsp;critical&nbsp;for&nbsp;security&nbsp;and&nbsp;it&nbsp;is&nbsp;often&nbsp;overlooked&nbsp;in&nbsp;favour&nbsp;of&nbsp;key&nbsp;lengths&nbsp;and&nbsp;algorithms-of-the-day.&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;In&nbsp;particular,&nbsp;the&nbsp;way&nbsp;keys&nbsp;are&nbsp;encoded&nbsp;(for&nbsp;exchange,&nbsp;storage,&nbsp;etc)&nbsp;plays&nbsp;a&nbsp;big&nbsp;role&nbsp;to&nbsp;both&nbsp;aspects;&nbsp;encoding&nbsp;needs&nbsp;to&nbsp;be&nbsp;agreed&nbsp;upon,&nbsp;secure,&nbsp;platform-independent,&nbsp;free&nbsp;from&nbsp;misunderstandings&nbsp;and&nbsp;so&nbsp;on.&nbsp;I&nbsp;recall&nbsp;that&nbsp;in&nbsp;PyCrypto&nbsp;2.1&nbsp;pickling&nbsp;was&nbsp;the&nbsp;only&nbsp;way,&nbsp;and&nbsp;that&nbsp;was&nbsp;wrong&nbsp;on&nbsp;so&nbsp;many&nbsp;levels&nbsp;up&nbsp;to&nbsp;the&nbsp;point&nbsp;it&nbsp;was&nbsp;a&nbsp;security&nbsp;threat&nbsp;by&nbsp;itself.&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;I&nbsp;decided&nbsp;to&nbsp;spend&nbsp;a&nbsp;good&nbsp;deal&nbsp;of&nbsp;time&nbsp;at&nbsp;making&nbsp;key&nbsp;management&nbsp;(export/import)&nbsp;easier&nbsp;and&nbsp;more&nbsp;secure.&nbsp;I&nbsp;started&nbsp;with&nbsp;PKCS#1&nbsp;as&nbsp;the&nbsp;low&nbsp;hanging&nbsp;fruit,&nbsp;but&nbsp;it&nbsp;still&nbsp;only&nbsp;allowed&nbsp;storing&nbsp;private&nbsp;keys&nbsp;in&nbsp;the&nbsp;clear,&nbsp;which&nbsp;is&nbsp;pretty&nbsp;bad;&nbsp;it&nbsp;is&nbsp;good&nbsp;practice&nbsp;to&nbsp;have&nbsp;private&nbsp;keys&nbsp;always&nbsp;encrypted&nbsp;at&nbsp;least&nbsp;by&nbsp;a&nbsp;pass-phrase,&nbsp;especially&nbsp;if&nbsp;you&nbsp;plan&nbsp;to&nbsp;share&nbsp;them.&nbsp;PKCS#8&nbsp;is&nbsp;*the*&nbsp;standard&nbsp;for&nbsp;protecting&nbsp;private&nbsp;asym.&nbsp;keys,&nbsp;so&nbsp;to&nbsp;me&nbsp;is&nbsp;appropriate&nbsp;to&nbsp;have&nbsp;it&nbsp;in&nbsp;a&nbsp;core&nbsp;library,&nbsp;rather&nbsp;than&nbsp;an&nbsp;optional&nbsp;one.&lt;br&gt;<br>
<br>
&lt;br&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
You&#39;ve&nbsp;done&nbsp;a&nbsp;lot&nbsp;of&nbsp;good&nbsp;work&nbsp;and&nbsp;I&nbsp;appreciate&nbsp;your&nbsp;contributions,&nbsp;but&nbsp;IMHO&nbsp;you&#39;re&nbsp;embedding&nbsp;the&nbsp;PKCS&nbsp;stuff&nbsp;too&nbsp;deeply&nbsp;into&nbsp;the&nbsp;core&nbsp;of&nbsp;PyCrypto&nbsp;when&nbsp;I&#39;d&nbsp;prefer&nbsp;to&nbsp;see&nbsp;it&nbsp;in&nbsp;separate&nbsp;subdirectory,&nbsp;or&nbsp;even&nbsp;a&nbsp;separate&nbsp;library.&nbsp; This&nbsp;is&nbsp;partly&nbsp;my&nbsp;fault:&nbsp;I&nbsp;was&nbsp;a&nbsp;bit&nbsp;too&nbsp;anxious&nbsp;to&nbsp;merge&nbsp;the&nbsp;PKCS#1&nbsp;stuff&nbsp;after&nbsp;being&nbsp;absent&nbsp;for&nbsp;a&nbsp;while,&nbsp;so&nbsp;I&nbsp;didn&#39;t&nbsp;pay&nbsp;close&nbsp;enough&nbsp;attention&nbsp;to&nbsp;the&nbsp;API&nbsp;changes&nbsp;(even&nbsp;though&nbsp;the&nbsp;API&nbsp;is&nbsp;really&nbsp;what&nbsp;differentiates&nbsp;PyCrypto&nbsp;from&nbsp;other&nbsp;libraries).&nbsp; In&nbsp;the&nbsp;future,&nbsp;I&#39;m&nbsp;going&nbsp;to&nbsp;try&nbsp;to&nbsp;be&nbsp;more&nbsp;picky&nbsp;upfront&nbsp;about&nbsp;the&nbsp;API,&nbsp;to&nbsp;avoid&nbsp;backpedaling&nbsp;like&nbsp;I&#39;m&nbsp;doing&nbsp;right&nbsp;now&nbsp;with&nbsp;the&nbsp;.oid&nbsp;stuff.&lt;br&gt;<br>
<br>
<br>
&lt;/blockquote&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
As&nbsp;I&nbsp;see&nbsp;it,&nbsp;the&nbsp;PKCS1&nbsp;stuff&nbsp;probably&nbsp;should&nbsp;have&nbsp;been&nbsp;consolidated&nbsp;into&nbsp;something&nbsp;like&nbsp;Crypto.Protocol.PKCS1.&nbsp; Going&nbsp;forward,&nbsp;the&nbsp;PKCS8&nbsp;stuff&nbsp;should&nbsp;probably&nbsp;go&nbsp;into&nbsp;something&nbsp;like&nbsp;Crypto.Protocol.PKCS8,&nbsp;and&nbsp;a&nbsp;future&nbsp;OpenPGP&nbsp;package&nbsp;could&nbsp;go&nbsp;into&nbsp;Crypto.Protocol.OpenPGP.&nbsp; RSA.importKey&nbsp;and&nbsp;RSA.exportKey&nbsp;should&nbsp;probably&nbsp;be&nbsp;deprecated&nbsp;and&nbsp;moved&nbsp;into&nbsp;the&nbsp;PKCS1&nbsp;and&nbsp;PKCS8&nbsp;packages,&nbsp;respectively.&lt;br&gt;<br>
<br>
<br>
<br>
<br>
&lt;br&gt;<br>
The&nbsp;exact&nbsp;names&nbsp;of&nbsp;the&nbsp;subtrees&nbsp;are&nbsp;debatable,&nbsp;but&nbsp;the&nbsp;idea&nbsp;is&nbsp;create&nbsp;a&nbsp;clear&nbsp;separation&nbsp;between&nbsp;the&nbsp;primitives&nbsp;and&nbsp;the&nbsp;protocols&nbsp;that&nbsp;use&nbsp;them,&nbsp;rather&nbsp;than&nbsp;mixing&nbsp;them&nbsp;all&nbsp;together.&nbsp; This&nbsp;is&nbsp;particularly&nbsp;important&nbsp;for&nbsp;the&nbsp;hash&nbsp;modules,&nbsp;since&nbsp;those&nbsp;could&nbsp;eventually&nbsp;become&nbsp;thin&nbsp;wrappers&nbsp;around&nbsp;the&nbsp;standard&nbsp;hashlib&nbsp;library---I&nbsp;doubt&nbsp;that&nbsp;would&nbsp;ever&nbsp;happen&nbsp;if&nbsp;we&nbsp;insisted&nbsp;on&nbsp;attaching&nbsp;extraneous&nbsp;things&nbsp;like&nbsp;OIDs&nbsp;to&nbsp;them.&lt;br&gt;<br>
<br>
<br>
&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;Don&#39;t&nbsp;worry,&nbsp;I&nbsp;am&nbsp;happy&nbsp;to&nbsp;be&nbsp;told&nbsp;&quot;move&nbsp;this&nbsp;stuff&nbsp;elsewhere&quot;&nbsp;or&nbsp;even&nbsp;better&nbsp;&quot;this&nbsp;stuff&nbsp;is&nbsp;crap,&nbsp;get&nbsp;it&nbsp;out&nbsp;of&nbsp;my&nbsp;way,&nbsp;you&nbsp;dumbass&quot;&nbsp;when&nbsp;I&nbsp;am&nbsp;proposing&nbsp;some&nbsp;changes.&lt;br&gt;Getting&nbsp;stuck&nbsp;to&nbsp;half-baked&nbsp;APIs&nbsp;is&nbsp;a&nbsp;major&nbsp;pain;&nbsp;they&nbsp;always&nbsp;need&nbsp;careful&nbsp;attention&nbsp;and&nbsp;vetting.&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;However,&nbsp;the&nbsp;meaning&nbsp;of&nbsp;&quot;protocol&quot;&nbsp;is&nbsp;rather&nbsp;wide.&nbsp;I&nbsp;am&nbsp;afraid&nbsp;that&nbsp;stuffing&nbsp;everything&nbsp;under&nbsp;Crypto.Protocol&nbsp;leads&nbsp;to&nbsp;major&nbsp;confusion.&lt;br&gt; &lt;br&gt;I&nbsp;did&nbsp;some&nbsp;thinking&nbsp;before&nbsp;proposing&nbsp;RSA&nbsp;changes&nbsp;(some&nbsp;ended&nbsp;up&nbsp;on&nbsp;the&nbsp;ML&nbsp;[5]),&nbsp;and&nbsp;I&nbsp;still&nbsp;believe&nbsp;today&nbsp;that:&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;*&nbsp;Crypto.Signature&nbsp;is&nbsp;a&nbsp;good&nbsp;place&nbsp;for&nbsp;PKCS#1&nbsp;signature&nbsp;routines.&nbsp;Signatures&nbsp;are&nbsp;protocols,&nbsp;but&nbsp;they&nbsp;are&nbsp;so&nbsp;important&nbsp;that&nbsp;it&#39;s&nbsp;debatable&nbsp;they&nbsp;should&nbsp;end&nbsp;up&nbsp;in&nbsp;the&nbsp;generic&nbsp;&quot;bucket&quot;&nbsp;that&nbsp;Crypto.Protocol&nbsp;is.&nbsp;Additionally,&nbsp;Crypto.Signature&nbsp;resembles&nbsp;the&nbsp;JCA&nbsp;and&nbsp;BouncyCastle&nbsp;style.&lt;br&gt;<br>
<br>
<br>
*&nbsp;Crypto.Cipher&nbsp;is&nbsp;a&nbsp;good&nbsp;place&nbsp;for&nbsp;PKCS#1&nbsp;encryption&nbsp;routines.&nbsp;&quot;Cipher&quot;&nbsp;is&nbsp;any&nbsp;protocol&nbsp;that&nbsp;performs&nbsp;a&nbsp;keyed&nbsp;transformation&nbsp;aimed&nbsp;at&nbsp;confidentiality.&nbsp;Again&nbsp;it&nbsp;is&nbsp;somewhat&nbsp;similar&nbsp;to&nbsp;JCA.&lt;br&gt;*&nbsp;PKCS#1&nbsp;data&nbsp;structures&nbsp;(e.g.&nbsp;RSAPublicKey,&nbsp;RSAPrivateKey,&nbsp;etc)&nbsp;and&nbsp;unencrypted&nbsp;PEM&nbsp;are&nbsp;more&nbsp;encodings&nbsp;than&nbsp;protocols&nbsp;because&nbsp;they&nbsp;don&#39;t&nbsp;achieve&nbsp;any&nbsp;security&nbsp;objective&nbsp;(see&nbsp;definition&nbsp;of&nbsp;&quot;(cryptographic)&nbsp;protocol&quot;&nbsp;1.55&nbsp;in&nbsp;HAC&nbsp;[6]).&nbsp;I&nbsp;proposed&nbsp;them&nbsp;in&nbsp;Crypto.PublicKey.RSA&nbsp;simply&nbsp;because&nbsp;they&nbsp;are&nbsp;basic&nbsp;actions&nbsp;you&nbsp;can&nbsp;perform&nbsp;with&nbsp;a&nbsp;key,&nbsp;and&nbsp;I&nbsp;could&nbsp;get&nbsp;nice&nbsp;one-liners&nbsp;with&nbsp;them.&nbsp;JCA&nbsp;also&nbsp;had&nbsp;something&nbsp;similar&nbsp;(getEncoded).&nbsp;They&nbsp;could&nbsp;have&nbsp;also&nbsp;belonged&nbsp;to&nbsp;another&nbsp;new&nbsp;module&nbsp;(e.g.&nbsp;Crypto.IO?)&nbsp;but&nbsp;I&nbsp;would&nbsp;be&nbsp;wary&nbsp;of&nbsp;having&nbsp;them&nbsp;in&nbsp;something&nbsp;so&nbsp;generic&nbsp;of&nbsp;Crypto.Protocol.&lt;br&gt;<br>
<br>
<br>
&lt;br&gt;Put&nbsp;differently,&nbsp;I&nbsp;don&#39;t&nbsp;think&nbsp;it&nbsp;adds&nbsp;value&nbsp;to&nbsp;have&nbsp;a&nbsp;PKCS1&nbsp;module,&nbsp;just&nbsp;because&nbsp;all&nbsp;the&nbsp;above&nbsp;things&nbsp;are&nbsp;defined&nbsp;in&nbsp;one&nbsp;standard&nbsp;called&nbsp;PKCS#1.&nbsp;What&nbsp;makes&nbsp;one&#39;s&nbsp;code&nbsp;cleaner&nbsp;and&nbsp;easier&nbsp;to&nbsp;understand&nbsp;should&nbsp;be&nbsp;the&nbsp;key&nbsp;factor.&lt;br&gt;<br>
<br>
&lt;br&gt;Now,&nbsp;I&nbsp;agree&nbsp;PKCS#8&nbsp;and&nbsp;Encrypted&nbsp;PEM&nbsp;could&nbsp;be&nbsp;seen&nbsp;as&nbsp;protocols,&nbsp;but&nbsp;something&nbsp;like&nbsp;Crypto.IO&nbsp;is&nbsp;more&nbsp;self-explanatory&nbsp;than&nbsp;Crypto.Protocol.I&nbsp;am&nbsp;not&nbsp;thrilled&nbsp;by&nbsp;PublicKey.PKCS8&nbsp;either.&lt;br&gt;<br>
&lt;br&gt;&lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
Again,&nbsp;sorry&nbsp;for&nbsp;the&nbsp;long&nbsp;message,&nbsp;but&nbsp;I&nbsp;wanted&nbsp;to&nbsp;explain&nbsp;my&nbsp;thinking&nbsp;as&nbsp;clearly&nbsp;as&nbsp;possible.&nbsp; Let&nbsp;me&nbsp;know&nbsp;what&nbsp;you&nbsp;think.&lt;br&gt;&lt;/blockquote&gt;&lt;div&gt;&lt;br&gt;Thanks&nbsp;for&nbsp;the&nbsp;time&nbsp;you&nbsp;spend&nbsp;to&nbsp;put&nbsp;it&nbsp;together&nbsp;actually.&lt;br&gt; &lt;/div&gt;&lt;blockquote&nbsp;class=&quot;gmail_quote&quot;&nbsp;style=&quot;margin:0pt&nbsp;0pt&nbsp;0pt&nbsp;0.8ex;border-left:1px&nbsp;solid&nbsp;rgb(204,204,204);padding-left:1ex&quot;&gt;<br>
<br>
<br>
<br>
Cheers,&lt;br&gt;<br>
-&nbsp;Dwayne&lt;br&gt;<br>
&lt;br&gt;<br>
[1]&nbsp;&lt;a&nbsp;href=&quot;https://bugs.launchpad.net/pycrypto/+bug/1119552&quot;&nbsp;target=&quot;_blank&quot;&gt;https://bugs.launchpad.net/&lt;u&gt;&lt;/u&gt;pycrypto/+bug/1119552&lt;/a&gt;&lt;span&gt;&lt;font&nbsp;color=&quot;#888888&quot;&gt;&lt;br&gt;<br>
&lt;br&gt;<br>
--&nbsp;&lt;br&gt;<br>
Dwayne&nbsp;C.&nbsp;Litzenberger&nbsp;&lt;&lt;a&nbsp;href=&quot;mailto:dlitz@dlitz.net&quot;&nbsp;target=&quot;_blank&quot;&gt;dlitz@dlitz.net&lt;/a&gt;&gt;&lt;br&gt;<br>
 OpenPGP:&nbsp;19E1&nbsp;1FE8&nbsp;B3CF&nbsp;F273&nbsp;ED17&nbsp; 4A24&nbsp;928C&nbsp;EC13&nbsp;39C2&nbsp;5CF7&lt;br&gt;<br>
______________________________&lt;u&gt;&lt;/u&gt;_________________&lt;br&gt;<br>
pycrypto&nbsp;mailing&nbsp;list&lt;br&gt;<br>
&lt;a&nbsp;href=&quot;mailto:pycrypto@lists.dlitz.net&quot;&nbsp;target=&quot;_blank&quot;&gt;pycrypto@lists.dlitz.net&lt;/a&gt;&lt;br&gt;<br>
&lt;a&nbsp;href=&quot;http://lists.dlitz.net/cgi-bin/mailman/listinfo/pycrypto&quot;&nbsp;target=&quot;_blank&quot;&gt;http://lists.dlitz.net/cgi-&lt;u&gt;&lt;/u&gt;bin/mailman/listinfo/pycrypto&lt;/a&gt;&lt;br&gt;<br>
&lt;/font&gt;&lt;/span&gt;&lt;/blockquote&gt;&lt;/div&gt;&lt;br&gt;[2]&nbsp;&lt;a&nbsp;href=&quot;http://luca.ntop.org/Teaching/Appunti/asn1.html&quot;&nbsp;target=&quot;_blank&quot;&gt;http://luca.ntop.org/Teaching/Appunti/asn1.html&lt;/a&gt;&lt;br&gt;[3]&nbsp;&lt;a&nbsp;href=&quot;http://stackoverflow.com/questions/4633611/what-are-the-key-differences-between-apache-thrift-google-protocol-buffers-mes&quot;&nbsp;target=&quot;_blank&quot;&gt;http://stackoverflow.com/questions/4633611/what-are-the-key-differences-between-apache-thrift-google-protocol-buffers-mes&lt;/a&gt;&lt;br&gt;<br>
<br>
[4]&nbsp;&lt;a&nbsp;href=&quot;http://www.cs.auckland.ac.nz/%7Epgut001/pubs/xmlsec.txt&quot;&nbsp;target=&quot;_blank&quot;&gt;http://www.cs.auckland.ac.nz/~pgut001/pubs/xmlsec.txt&lt;/a&gt;&lt;br&gt;<br>
[5]&nbsp;&lt;a&nbsp;href=&quot;http://lists.dlitz.net/pipermail/pycrypto/2011q1/000418.html&quot;&nbsp;target=&quot;_blank&quot;&gt;http://lists.dlitz.net/pipermail/pycrypto/2011q1/000418.html&lt;/a&gt;&lt;br&gt;<br>
[6]&nbsp;&lt;a&nbsp;href=&quot;http://cacr.uwaterloo.ca/hac/about/chap1.pdf&quot;&nbsp;target=&quot;_blank&quot;&gt;http://cacr.uwaterloo.ca/hac/about/chap1.pdf&lt;/a&gt;&lt;br&gt;[7]&nbsp;&lt;a&nbsp;href=&quot;http://www.schneier.com/blog/archives/2008/05/random_number_b.html&quot;&nbsp;target=&quot;_blank&quot;&gt;http://www.schneier.com/blog/archives/2008/05/random_number_b.html&lt;/a&gt;&nbsp;(Debian&nbsp;OpenSSL&nbsp;branch)&lt;br&gt;<br>
&lt;br&gt;<br>
<br>
&lt;br&gt;&lt;br&gt;<br>

</tt>
View Lorry Controller Status