Gregory P. Smith <greg@krypto.org> wrote:
I don't like the attempt to overload the hash function API. Encryption and decryption should not be done using a digest() method. That makes no sense. They are stream APIs with a constant mapping of bytes in to bytes out rather than a hash function that always outputs a constant number of bytes.
Sure, I could see the stream API, as well, but I think the hashlib methods actually work pretty well for this, too. Certainly for the digital signature portion.
I wouldn't put signing functions in hashlib itself but any common EVP wrapping code under could be shared. Before doing that I really suggest someone fleshes out the API and limits its scope to avoid feature creep.
Yes, the right thing to do is to generate a separate module and put it up in PyPI. See how it goes. Further consolidation could be left to the future. Bill