[Python-3000] 3.0 crypto

Bill Janssen janssen at parc.com
Sat Sep 8 21:39:25 CEST 2007


> >> Why do you say that doing the work is not a problem? I see it as
> >> a major problem.
> > 
> > I'm willing to either do the work myself, or have someone else from the
> > secops team at OLPC do it.
> 
> It's not something that a single person can well do. You will also need
> to design APIs, and that traditionally involves the community. If you
> create something ad-hoc, I would request that this first gets
> field-proven for a few years before being included in the standard
> distribution. Then, it would face competition to existing such
> solutions.

We're already linking against the OpenSSL EVP libraries for hashlib
(and against the OpenSSL SSL libraries for the SSL support).  It
wouldn't be hard to expose the EVP functions a bit more, essentially
as hash functions that return long (and reversible) hashes:

   encryptor = opensslevp.encryptor("AES-256-CBC", ...maybe some options...)
   encryptor.update(...some plaintext...)
   ...
   cipertext = encryptor.digest()
   ...
   decryptor = opensslevp.decryptor("AES-256-CBC", ...maybe some options...)
   decryptor.update(cipertext)
   plaintext = decryptor.digest()

Take a look at the docs for EVP_EncryptInit_ex.

The crypto would stay in the OpenSSL library; this would just be more
hashing on top of it.

I'd sure like to have this so I could write a Python decryptor for my
PalmOS password keeper (a program called Strip) which I could run on
my iPhone.  (The iPhone Python has SSL support.)

Bill


More information about the Python-3000 mailing list