[PYTHON-CRYPTO] PEP-272 (API for Secret-Key Encryption Algorithms)
Andy Dustman
andy at DUSTMAN.NET
Thu Dec 13 23:38:45 CET 2001
Here's a sticky bit for PEP-272: There is at least one cipher out there
(IDEA) which uses a different key schedule for decryption than it does
for encryption.
If new() sets up the key schedule, then it will need a keyword argument
(decrypt=1) so it can know how to build the key schedule. But then, both
encrypt() and decrypt() cannot work on the same instance; only the
method for which the key schedule is set up for will work properly, and
the other will return undefined trash. OTOH, it may be worthwhile, in
cases like these, to retain the knowledge of which key schedule was
created, and if the wrong method is called, raise an exception.
As an alternative, the key schedule set up could be delayed until the
first encrypt() or decrypt(), which means storing the key in the cipher
instance and recognizing that key set up has not been done on the first
method call.
Should we have a general API rule that only encrypt() or decrypt() may
be called on a cipher instance, and if the other is called then a) you
get an exception or b) undefined results?
Any preferences?
--
Andy Dustman PGP: 0x930B8AB6
@ .net http://dustman.net/andy
You can have my keys when you pry them from my dead, cold neurons.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20011213/ca536aa9/attachment.pgp>
More information about the python-crypto
mailing list