[Python-3000] 3.0 crypto
Bill Janssen
janssen at parc.com
Sat Sep 8 21:39:25 CEST 2007
> >> Why do you say that doing the work is not a problem? I see it as
> >> a major problem.
> >
> > I'm willing to either do the work myself, or have someone else from the
> > secops team at OLPC do it.
>
> It's not something that a single person can well do. You will also need
> to design APIs, and that traditionally involves the community. If you
> create something ad-hoc, I would request that this first gets
> field-proven for a few years before being included in the standard
> distribution. Then, it would face competition to existing such
> solutions.
We're already linking against the OpenSSL EVP libraries for hashlib
(and against the OpenSSL SSL libraries for the SSL support). It
wouldn't be hard to expose the EVP functions a bit more, essentially
as hash functions that return long (and reversible) hashes:
encryptor = opensslevp.encryptor("AES-256-CBC", ...maybe some options...)
encryptor.update(...some plaintext...)
...
cipertext = encryptor.digest()
...
decryptor = opensslevp.decryptor("AES-256-CBC", ...maybe some options...)
decryptor.update(cipertext)
plaintext = decryptor.digest()
Take a look at the docs for EVP_EncryptInit_ex.
The crypto would stay in the OpenSSL library; this would just be more
hashing on top of it.
I'd sure like to have this so I could write a Python decryptor for my
PalmOS password keeper (a program called Strip) which I could run on
my iPhone. (The iPhone Python has SSL support.)
Bill
More information about the Python-3000
mailing list