[PYTHON-CRYPTO] PEP-272 Deficiencies - Comments
Paul at CRYPTORIGHTS.ORG
Mon Dec 17 03:44:38 CET 2001
At 10:12 PM +0100 12/16/01, Janusz A. Urbanowicz wrote:
>> At 3:54 PM -0700 12/15/01, Jason R. Mastaler wrote:
>> >phr-pycrypt at nightsong.com writes:
>> >> Is a draft copy of PEP 272 actually available somewhere?
>> This api has several problems:
>> 1) I agree with Janusz A. Urbanowicz's earlier note that symmetric
>> encryption should be a class. The initialization can give it the
>> key. Note that it may later need to be reinitialized, so a
>> set_key(key) method should also be available and the initialization
>> should be optional (but raise an exception on
>>use when no
>> key is available)
>I don't like it very much. This breaks the OO design view - any instance of
>CIpher is a cipher with a particular key. If you want to change the key,
>yopu create a new instacne of the class.
Hum,,, generally I like the idea. There are times when a algorithm
gets "rekeyed". Changing keys on an exisitng IPsec security
association is an example. Seem like you could just assign a new
instance. So .... good idea, I'll leave out set_key.
>If there is absolutely a must of some set_key method, it should return a new
>instance of the class, not reset the live object.
Ok. Better to have less methods ... I like your definition of that
an instance is bound to a key.
>> 2) The modes of operation should not be parameters. The modes create
>> new algorithms types. It's easy to spin out new mode algorithms with
>> a mode "wrapper" class.
>Agreed. I thought of it that way: there are three base classes: Cipher for
>symmetric key, Encryptor for pubkey and Hash for hashes. Any given cipher
>algorithm is a subclass of Cipher etc. A variation of algorithm is a subclass
>of base cipher. So it would be that 3DES-CBC is a subclass of 3DES, which is a
>subclass of DES which is a subclass of Cipher.
Public key can provide both encryption and signature functions. If
you follow the instance bound to a key notion, then you need classes
for public encryption, public decryption, public signature and
public signature validation.
More information about the python-crypto