[Cryptography-dev] Low level API for Symmetric Encryption
Paul Kehrer
paul.l.kehrer at gmail.com
Thu Aug 8 04:02:44 CEST 2013
On Wed, Aug 7, 2013 at 8:24 PM, Donald Stufft <donald at stufft.io> wrote:
>
> Are there any methods like this for Block Ciphers? We'd need to figure
> something like that out of course if there were and obviously it'd be
> nice to keep a composition style API throughout the library.
>
The method I mentioned takes a block cipher as an argument to
determine what (if any) encryption is applied to the (incidentally
asymmetric) key. It's more common for an EVP_MD object to be passed in
to another function though.
>
> In my mind the bulk of the logic would live in the MODE() class and the
> cipher class would primarily be for setting cipher/key size. As far as I
> know OpenSSL doesn't really change the API between different cipher
> or key size, just modes.
>
Yeah, that's my experience as well.
In your original email you mentioned padding, but the thread hasn't
discussed it yet. With the API we're pitching now if we wanted to
include padding I suppose it could look something like:
padding = cryptography.primitives.padding.pkcs7()
cipher = CBC(AES(),iv,padding)
You could specify a different padding object (ansi x.923, etc) or
leave it default and modes that don't require padding (GCM, CCM, XTS)
would not have the parameter.
More information about the Cryptography-dev
mailing list