[PYTHON-CRYPTO] PEP-272 Deficiencies - Comments

Mon Dec 17 03:44:38 CET 2001

At 10:12 PM +0100 12/16/01, Janusz A. Urbanowicz wrote:
>Paul wrote/napisa?[a]/schrieb:
>>  At 3:54 PM -0700 12/15/01, Jason R. Mastaler wrote:
>>  >phr-pycrypt at nightsong.com writes:
>>  >
>>  >>  Is a draft copy of PEP 272 actually available somewhere?
>>  >
>>  >http://python.sourceforge.net/peps/pep-0272.html
>>  This api has several problems:
>>  1) I agree with Janusz A. Urbanowicz's earlier note that symmetric
>>  encryption should be a class.  The initialization can give it the
>>  key.  Note that it may later need to be reinitialized, so a
>>        set_key(key)  method should also be available and the initialization
>>                      should be optional (but raise an exception on
>>use when no
>>                      key is available)
>I don't like it very much. This breaks the OO design view - any instance of
>CIpher is a cipher with a particular key. If you want to change the key,
>yopu create a new instacne of the class.

Hum,,, generally I like the idea.  There are times when a algorithm
gets "rekeyed".  Changing keys on an exisitng IPsec security
association is an example.  Seem like you could just assign a new
instance.   So .... good idea, I'll leave out set_key.

>If there is absolutely a must of some set_key method, it should return a new
>instance of the class, not reset the live object.

Ok.  Better to have less methods ... I like your definition of that
an instance is bound to a key.

>>  2) The modes of operation should not be parameters. The modes create
>>  new algorithms types.  It's easy to spin out new mode algorithms with
>>  a mode "wrapper" class.
>Agreed. I thought of it that way: there are three base classes: Cipher for
>symmetric key, Encryptor for pubkey and Hash for hashes. Any given cipher
>algorithm is a subclass of Cipher etc. A variation of algorithm is a subclass
>of base cipher. So it would be that 3DES-CBC is a subclass of 3DES, which is a
>subclass of DES which is a subclass of Cipher.

Public key can provide both encryption and signature functions.  If
you follow the instance bound to a key notion, then you need classes
for public encryption,  public decryption, public signature and
public signature validation.




More information about the python-crypto mailing list