[PYTHON-CRYPTO] PEP-272 (API for Secret-Key Encryption Algorithms)

[M.-A. Lemburg]

Andy Dustman wrote:
>
> Here's a sticky bit for PEP-272: There is at least one cipher out there
> (IDEA) which uses a different key schedule for decryption than it does
> for encryption.
>
> If new() sets up the key schedule, then it will need a keyword argument
> (decrypt=1) so it can know how to build the key schedule. But then, both
> encrypt() and decrypt() cannot work on the same instance; only the
> method for which the key schedule is set up for will work properly, and
> the other will return undefined trash. OTOH, it may be worthwhile, in
> cases like these, to retain the knowledge of which key schedule was
> created, and if the wrong method is called, raise an exception.
>
> As an alternative, the key schedule set up could be delayed until the
> first encrypt() or decrypt(), which means storing the key in the cipher
> instance and recognizing that key set up has not been done on the first
> method call.
>
> Should we have a general API rule that only encrypt() or decrypt() may
> be called on a cipher instance, and if the other is called then a) you
> get an exception or b) undefined results?

I'd say b) since this depends on the cipher in question, i.e.
some ciphers may allow mixing the two while other give undefined
results.

--
Marc-Andre Lemburg
CEO eGenix.com Software GmbH
______________________________________________________________________
Consulting & Company:                           http://www.egenix.com/
Python Software:                        http://www.lemburg.com/python/