[Cryptography-dev] Low level API for Symmetric Encryption
Donald Stufft
donald at stufft.io
Thu Aug 8 03:24:44 CEST 2013
On Aug 7, 2013, at 9:15 PM, Paul Kehrer <paul.l.kehrer at gmail.com> wrote:
> That sounds workable.
>
> A few more questions around Jean-Paul's proposal then...
>
> Are people comfortable significantly changing the standard conventions
> for instantiation of block ciphers? I'm not aware of any major crypto
> APIs that currently build via mode(cipher()), although that might just
> be my ignorance.
I think it will be ok. I'm no aware of any that do it this way either, but I
think it ends up being a nicely pythonic interface.
>
> Since the underlying library is still OpenSSL this means constructs
> like CBC(AES(key_size=256), iv) will result in a BlockCipherMode
> object that holds an EVP_CIPHER, correct? For methods that can take an
> EVP_CIPHER (such as PEM_write_bio_RSAPrivateKey) you would need to
> pass in that BlockCipherMode object then.
Are there any methods like this for Block Ciphers? We'd need to figure
something like that out of course if there were and obviously it'd be
nice to keep a composition style API throughout the library.
>
> The AES() object itself would be used primarily for setting the key,
> getting the block size of the cipher, and being passed as a parameter
> into the mode constructor. It could not have an EVP_CIPHER since that
> implies a chosen mode.
In my mind the bulk of the logic would live in the MODE() class and the
cipher class would primarily be for setting cipher/key size. As far as I
know OpenSSL doesn't really change the API between different cipher
or key size, just modes.
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20130807/2c4b2453/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20130807/2c4b2453/attachment.pgp>
More information about the Cryptography-dev
mailing list