From ajay.brar at GMAIL.COM Sun Aug 1 09:52:54 2004 From: ajay.brar at GMAIL.COM (Ajay Brar) Date: Sun, 1 Aug 2004 17:52:54 +1000 Subject: [PYTHON-CRYPTO] pcrypto on pocket pc Message-ID: <4450c49f04080100525fd30bb0@mail.gmail.com> hi! I would like to run the python cryptography toolkit on a pocket pc. i was wondering if anyone has done that before and if yes, how? is it the same as installing it on another machine - i would be using the python pocket pc package at sourceforge.net/projects/pythonce thanks cheers ajay From ajay.brar at GMAIL.COM Mon Aug 2 13:07:43 2004 From: ajay.brar at GMAIL.COM (Ajay Brar) Date: Mon, 2 Aug 2004 21:07:43 +1000 Subject: [PYTHON-CRYPTO] keystores Message-ID: <4450c49f0408020407420ab868@mail.gmail.com> hi! Is there any python module that implements a keystore? I am building an application that used PKI. I need to store the private keys and that where i need a keystore. Can someone help? thanks cheers ajay From ajay.brar at GMAIL.COM Tue Aug 3 17:19:50 2004 From: ajay.brar at GMAIL.COM (Ajay Brar) Date: Wed, 4 Aug 2004 01:19:50 +1000 Subject: [PYTHON-CRYPTO] Crypto.PublicKey.RSA.error: Plaintext too large Message-ID: <4450c49f04080308192422729f@mail.gmail.com> hi! I am getting an error - Crypto.PublicKey.RSA.error: Plaintext too large - when verifying the signature of a document. What i am doing is - the document and the signature are downloaded off the net, my verify script then connects to a server and obtains a public key. It then uses the public key to verify the signature. The whole thing works fine when i do the same thing in the interactive interpreter. Its only when i download the files and obtain the public key from the server and then verify, that i get the above error. any suggesstions...ideas??? cheers ajay From bugbee at SEANET.COM Tue Aug 3 21:39:18 2004 From: bugbee at SEANET.COM (Larry Bugbee) Date: Tue, 3 Aug 2004 21:39:18 +0200 Subject: [PYTHON-CRYPTO] RSA exponent Message-ID: I could use some help... When I generate a RSA key pair I use 65537 as the exponent. Later when I go to extract the exponent I get 50397185. In hex it's actually 00 00 00 03 01 00 01, but if I discard the 4 high order bytes, 01 00 01 evaluates to 65537. Perhaps you have a suggestion? Here is a minimalist version of my code. from M2Crypto import RSA X-Mozilla-Status: 8000 X-Mozilla-Status2: 00000000 key = RSA.gen_key(1024, 65537) print type(key.e) print len(key.e) for c in key.e: print ord(c), print e = 0 for c in key.e: # e = (e << 8) + ord(c) e = (e*256) + ord(c) print e I get the same results on both MacOSX and Win2000. - OSX 10.3.4, python 2.3, openssl 0.9.7b, M2Crypto 0.13 (with DSA patches) - Win2000, python 2.3.4, openssl 0.9.7b, M2Crypto 0.13 (no patches) OpenSSL is not the latest version, but I should be OK. Thanks, Larry From dberger at CS.UCR.EDU Wed Aug 4 00:42:30 2004 From: dberger at CS.UCR.EDU (Dan Berger) Date: Tue, 3 Aug 2004 15:42:30 -0700 Subject: [PYTHON-CRYPTO] RSA exponent Message-ID: <1091572950.3087.39.camel@walkabout.cs.ucr.edu> It's likely because OpenSSL (and the M2 wrapper) are returning an MPI - which has it's length as the first four bytes and remainder being the number in big-endian byte order. On Tue, 2004-08-03 at 21:39 +0200, Larry Bugbee wrote: > I could use some help... > > When I generate a RSA key pair I use 65537 as the exponent. Later when I go > to extract the exponent I get 50397185. In hex it's actually 00 00 00 03 01 > 00 01, but if I discard the 4 high order bytes, 01 00 01 evaluates to 65537. > Perhaps you have a suggestion? > > Here is a minimalist version of my code. > > from M2Crypto import RSA > key = RSA.gen_key(1024, 65537) > print type(key.e) > print len(key.e) > for c in key.e: > print ord(c), > print > e = 0 > for c in key.e: > # e = (e << 8) + ord(c) > e = (e*256) + ord(c) > print e > > I get the same results on both MacOSX and Win2000. > - OSX 10.3.4, python 2.3, openssl 0.9.7b, M2Crypto 0.13 (with DSA patches) > - Win2000, python 2.3.4, openssl 0.9.7b, M2Crypto 0.13 (no patches) > > OpenSSL is not the latest version, but I should be OK. > > Thanks, > > Larry -- ...Dan Berger [dberger at cs.ucr.edu] Department of Computer Science Surge Building, Room 357 University of California, Riverside http://www.cs.ucr.edu/~dberger "Man had always assumed that he was more intelligent than dolphins because he had achieved so much... the wheel, New York, wars, and so on, whilst all the dolphins had ever done was muck about in the water having a good time. But conversely the dolphins believed themselves to be more intelligent than man for precisely the same reasons." - Douglas Adams, The Hitchhiker's Guide to the Galaxy -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From bugbee at SEANET.COM Wed Aug 4 07:13:29 2004 From: bugbee at SEANET.COM (Larry Bugbee) Date: Tue, 3 Aug 2004 22:13:29 -0700 Subject: [PYTHON-CRYPTO] RSA exponent In-Reply-To: <1091572950.3087.39.camel@walkabout.cs.ucr.edu> References: <1091572950.3087.39.camel@walkabout.cs.ucr.edu> Message-ID: <05D241F4-E5D5-11D8-93D0-000393DB272E@seanet.com> Thanks Dan, that made things work a LOT better. It seems the 4-byte prefix applies only to elements extracted from the key objects and not to other binary strings such as hashes and signatures. Now for the two-bit rhetorical question. Why only the key elements? Shouldn't the key elements follow the same set of rules? Anyway, my thanks, Larry On Aug 3, 2004, at 3:42 PM, Dan Berger wrote: > It's likely because OpenSSL (and the M2 wrapper) are returning an MPI - > which has it's length as the first four bytes and remainder being the > number in big-endian byte order. > > On Tue, 2004-08-03 at 21:39 +0200, Larry Bugbee wrote: >> I could use some help... >> >> When I generate a RSA key pair I use 65537 as the exponent. Later >> when I go >> to extract the exponent I get 50397185. In hex it's actually 00 00 >> 00 03 01 >> 00 01, but if I discard the 4 high order bytes, 01 00 01 evaluates to >> 65537. >> Perhaps you have a suggestion? [snip] From dberger at CS.UCR.EDU Wed Aug 4 20:19:22 2004 From: dberger at CS.UCR.EDU (Dan Berger) Date: Wed, 4 Aug 2004 11:19:22 -0700 Subject: [PYTHON-CRYPTO] DSA signature verification trouble... Message-ID: <1091643562.3088.9.camel@walkabout.cs.ucr.edu> I thought this was a problem between my Python and C code, but it looks like either there's a problem in M2Crypto (possibly OpenSSL), or I'm missing something. Consider the following code: import M2Crypto import M2Crypto.DSA import M2Crypto.EVP ksk = M2Crypto.DSA.load_key("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem") signature = ksk.sign_asn1("foobar") ksk.verify_asn1(signature, "foobar") Traceback (most recent call last): File "", line 1, in ? File "/usr/lib/python2.2/site-packages/M2Crypto/DSA.py", line 132, in verify_asn1 M2Crypto.DSA.DSAError: too long Feeding a signature produced by sign_asn1 directly into verify_asn1 fails. Anyone have any suggestions? By the way - doing this: import M2Crypto import M2Crypto.DSA import M2Crypto.EVP ksk = M2Crypto.DSA.load_key("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem") signature = ksk.sign("foobar") ksk.verify("foobar", signature[0], signature[1]) returns success, which suggests it's a problem with the asn1 encode/decode "stuff." -- ...Dan Berger [dberger at cs.ucr.edu] Department of Computer Science Surge Building, Room 357 University of California, Riverside http://www.cs.ucr.edu/~dberger "I like naked women. I'm a bloke. I'm supposed to like them. We're born like that. We like naked women as soon as we're pulled out of one. Halfway down the birth canal we're already enjoying the view!" - Steve, Coupling: "Inferno" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From dberger at CS.UCR.EDU Wed Aug 4 20:51:22 2004 From: dberger at CS.UCR.EDU (Dan Berger) Date: Wed, 4 Aug 2004 11:51:22 -0700 Subject: [PYTHON-CRYPTO] DSA signature verification trouble... In-Reply-To: <1091643562.3088.9.camel@walkabout.cs.ucr.edu> References: <1091643562.3088.9.camel@walkabout.cs.ucr.edu> Message-ID: <1091645481.3088.13.camel@walkabout.cs.ucr.edu> Ok - I'm pretty sure this is in the python layer somewhere - the following C code works (reports success for both signing and verifying): #include #include #include #include int main() { DSA *key; unsigned char *digest = "foobar"; int len = strlen(digest); unsigned char sig[256]; unsigned int siglen; key = DSA_new(); PEM_read_DSAPrivateKey( fopen("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem", "r"), &key, NULL, NULL); if (key == NULL) { printf("read key failed\n"); exit(-1); } printf ("sign: %d\n", DSA_sign(0, digest, len, sig, &siglen, key)); printf ("verify: %d\n", DSA_verify(0, digest, len, sig, siglen, key)); } On Wed, 2004-08-04 at 11:19 -0700, Dan Berger wrote: > I thought this was a problem between my Python and C code, but it looks > like either there's a problem in M2Crypto (possibly OpenSSL), or I'm > missing something. Consider the following code: > > import M2Crypto > import M2Crypto.DSA > import M2Crypto.EVP > ksk = M2Crypto.DSA.load_key("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem") > signature = ksk.sign_asn1("foobar") > ksk.verify_asn1(signature, "foobar") > > Traceback (most recent call last): > File "", line 1, in ? > File "/usr/lib/python2.2/site-packages/M2Crypto/DSA.py", line 132, in verify_asn1 > M2Crypto.DSA.DSAError: too long > > Feeding a signature produced by sign_asn1 directly into verify_asn1 > fails. Anyone have any suggestions? > > By the way - doing this: > > import M2Crypto > import M2Crypto.DSA > import M2Crypto.EVP > ksk = M2Crypto.DSA.load_key("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem") > signature = ksk.sign("foobar") > ksk.verify("foobar", signature[0], signature[1]) > > returns success, which suggests it's a problem with the asn1 encode/decode "stuff." > > -- > > ...Dan Berger [dberger at cs.ucr.edu] > Department of Computer Science > Surge Building, Room 357 > University of California, Riverside > http://www.cs.ucr.edu/~dberger > > "I like naked women. I'm a bloke. I'm supposed to like them. We're > born like that. We like naked women as soon as we're pulled out of > one. Halfway down the birth canal we're already enjoying the view!" > > - Steve, Coupling: "Inferno" -- ...Dan Berger [dberger at cs.ucr.edu] Department of Computer Science Surge Building, Room 357 University of California, Riverside http://www.cs.ucr.edu/~dberger "Americans may be undereducated, lazy, and disorganized, but they do one thing better than any people on the face of the earth, and that is watch television. The average eight-year old American has absorbed more about media technology than a goddamn film student in most other countries. You can tell lies to them and they'll never know. But if you try to lie to them with the camera, they'll crucify you." - Cy Ogle, "Interface" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From dberger at CS.UCR.EDU Wed Aug 4 21:16:08 2004 From: dberger at CS.UCR.EDU (Dan Berger) Date: Wed, 4 Aug 2004 12:16:08 -0700 Subject: [PYTHON-CRYPTO] DSA signature verification trouble... In-Reply-To: <1091643562.3088.9.camel@walkabout.cs.ucr.edu> References: <1091643562.3088.9.camel@walkabout.cs.ucr.edu> Message-ID: <1091646968.3088.15.camel@walkabout.cs.ucr.edu> Doh! Never mind - the arguments were reversed. Don't I feel silly. On Wed, 2004-08-04 at 11:19 -0700, Dan Berger wrote: > I thought this was a problem between my Python and C code, but it looks > like either there's a problem in M2Crypto (possibly OpenSSL), or I'm > missing something. Consider the following code: > > import M2Crypto > import M2Crypto.DSA > import M2Crypto.EVP > ksk = M2Crypto.DSA.load_key("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem") > signature = ksk.sign_asn1("foobar") > ksk.verify_asn1(signature, "foobar") > > Traceback (most recent call last): > File "", line 1, in ? > File "/usr/lib/python2.2/site-packages/M2Crypto/DSA.py", line 132, in verify_asn1 > M2Crypto.DSA.DSAError: too long > > Feeding a signature produced by sign_asn1 directly into verify_asn1 > fails. Anyone have any suggestions? > > By the way - doing this: > > import M2Crypto > import M2Crypto.DSA > import M2Crypto.EVP > ksk = M2Crypto.DSA.load_key("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem") > signature = ksk.sign("foobar") > ksk.verify("foobar", signature[0], signature[1]) > > returns success, which suggests it's a problem with the asn1 encode/decode "stuff." > > -- > > ...Dan Berger [dberger at cs.ucr.edu] > Department of Computer Science > Surge Building, Room 357 > University of California, Riverside > http://www.cs.ucr.edu/~dberger > > "I like naked women. I'm a bloke. I'm supposed to like them. We're > born like that. We like naked women as soon as we're pulled out of > one. Halfway down the birth canal we're already enjoying the view!" > > - Steve, Coupling: "Inferno" -- ...Dan Berger [dberger at cs.ucr.edu] Department of Computer Science Surge Building, Room 357 University of California, Riverside http://www.cs.ucr.edu/~dberger "No boom?" "No boom." "No boom *today*. Boom tomorrow. There's *always* a boom tomorrow." "What?" "Look, somebody's got to have some damn perspective around here. Boom, sooner or later. *BOOM*!" - Garibaldi, Sinclair, and Ivanova, Babylon 5: "Grail" -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: From bugbee at SEANET.COM Thu Aug 5 09:22:16 2004 From: bugbee at SEANET.COM (Larry Bugbee) Date: Thu, 5 Aug 2004 09:22:16 +0200 Subject: [PYTHON-CRYPTO] keystores Message-ID: I have not used the keystore myself, but you may want to consider xmlsec and pyxmlsec. See... http://www.aleksey.com/xmlsec/ http://pyxmlsec.labs.libre-entreprise.org/ From ajay.brar at GMAIL.COM Sun Aug 8 06:06:56 2004 From: ajay.brar at GMAIL.COM (Ajay Brar) Date: Sun, 8 Aug 2004 14:06:56 +1000 Subject: [PYTHON-CRYPTO] secure authentication and session management Message-ID: <4450c49f040807210628e5d6e7@mail.gmail.com> hi! I'd like to get your opinion on the security of my authentication and session management scheme. the user enters their username and password and i compare the hash of both the username and password with values stored in an encrypted file. if the comparison is successful i create the session. the session is simply like what php does, a temp file with a random string as its name. the file stored things like username, page accessed etc. the string itself (filename) is stored as a cookie on the client side. Each time the client accesses a page, i check if the cookie exists, get the filename and see if such a file exists with. if not the user is directed to the login page. the cookie is timed so that it expires after 1hr. the whole exchange takes place over SSL any thoughts on the security of such a scheme and potential ways of breaking it. thanks cheers From mhubb at OKCAREERTECH.ORG Wed Aug 11 04:46:47 2004 From: mhubb at OKCAREERTECH.ORG (Matt Hubbard) Date: Tue, 10 Aug 2004 21:46:47 -0500 Subject: [PYTHON-CRYPTO] Multiple Certs Possible? Message-ID: <200408102146.47190.mhubb@okcareertech.org> Hello, Is it possible to use a different server certificate for each virtual host within a single instance of Zope? This would be similar to the SSL directives within an Apache VirtualHost directive. Do I need to run a separate instance of Zope for each domain requiring it's own cert? Matt Hubbard From ngps at POST1.COM Wed Aug 11 18:47:04 2004 From: ngps at POST1.COM (Ng Pheng Siong) Date: Thu, 12 Aug 2004 00:47:04 +0800 Subject: [PYTHON-CRYPTO] Multiple Certs Possible? In-Reply-To: <200408102146.47190.mhubb@okcareertech.org> References: <200408102146.47190.mhubb@okcareertech.org> Message-ID: <20040811164704.GA528@vista.netmemetic.com> On Tue, Aug 10, 2004 at 09:46:47PM -0500, Matt Hubbard wrote: > Is it possible to use a different server certificate for each virtual host > within a single instance of Zope? This would be similar to the SSL > directives within an Apache VirtualHost directive. Not possible with VHM's name-based virtual hosting. Recall HTTPS is HTTP-over-SSL. Here's what mod_ssl's FAQ has to say about this: Why can't I use SSL with name-based/non-IP-based virtual hosts? [L] The reason is very technical. Actually it's some sort of a chicken and egg problem: The SSL protocol layer stays below the HTTP protocol layer and encapsulates HTTP. When an SSL connection (HTTPS) is established Apache/mod_ssl has to negotiate the SSL protocol parameters with the client. For this mod_ssl has to consult the configuration of the virtual server (for instance it has to look for the cipher suite, the server certificate, etc.). But in order to dispatch to the correct virtual server Apache has to know the Host HTTP header field. For this the HTTP request header has to be read. This cannot be done before the SSL handshake is finished. But the information is already needed at the SSL handshake phase. Bingo! (Of course, "chicken and egg" isn't a problem. The egg came first. ;-) > Do I need to run a > separate instance of Zope for each domain requiring it's own cert? Yes. -- Ng Pheng Siong http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog From heikki at OSAFOUNDATION.ORG Fri Aug 13 20:43:09 2004 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 13 Aug 2004 11:43:09 -0700 Subject: [PYTHON-CRYPTO] [Fwd: Twisted+M2Crypto patch] Message-ID: <411D0BBD.8070009@osafoundation.org> I wrote a patch to integrate M2Crypto into Twisted, modeling it after the existing SSL code in Twisted. Turns out the Twisted folks don't like their existing code, and therefore like my patch even less, meaning it won't be accepted into the Twisted codebase as is. While they figure out what the architecture should be for plugging in other SSL implementations to Twisted I thought I'd share this patch here in case anyone found it useful. Also, there is one nasty hack in my patch and it would be really nice to hear if someone would be able to figure out a better way - look at abstract.py. -------- Original Message -------- Subject: [Twisted-Python] Twisted+M2Crypto patch Date: Wed, 11 Aug 2004 12:49:24 -0700 I've been working on integrating M2Crypto to Twisted. M2Crypto is a Python wrapper for OpenSSL. Twisted already integrates with PyOpenSSL, which is another Python wrapper for OpenSSL. However, PyOpenSSL has been dormant for a couple of years (although I have heard there might be a a rewrite in the making). M2Crypto has been under continuous development, and wraps more of OpenSSL. Additional point why I have been working on this is that Chandler project started using M2Crypto before choosing to use Twisted, and we are/will be relying on more and more M2Crypto functionality and it does not make sense to have two OpenSSL wrappers in one application. So, now I have a patch that let's you choose which of these OpenSSL wrappers you want to use with Twisted. By default PyOpenSSL will be selected. If you set 'useM2' attribute to true on the SSL context factory (for example twisted.internet.ssl.ClientContextFactory(useM2=True)), then M2Crypto will be used. I have tested using Twisted's echoclient_ssl.py/echoserv_ssl.py example files (http://twistedmatrix.com/documents/current/examples/), as well as imap and smtp using samples from here: http://wiki.osafoundation.org/twiki/bin/view/Chandler/TwistedHome. I've also read imap email using Chandler (http://wiki.osafoundation.org/twiki/bin/view/Chandler/WebHome) with this code. They rely on the patch that was submitted by OSAF's Brian Kirsch earlier. I have tested on systems that have both M2Crypto and PyOpenSSL installed, or only one but not the other. Test OSes have been Windows XP and Debian (unstable). There is one nasty hack in the patch which I have not yet ironed out: the changes in abstract.py. If I take those out, I cannot connect to an smtp server, and connection to a newly started server won't work the first time. Any help in figuring this out would be appreciated. Any review comments appreciated. And if you have any question, please let me know. -- Heikki Toivonen -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: m2-patches URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: file:///C|/DOCUME%7E1/HEIKKI/LOCALS%7E1/TEMP/nsmail-2.txt URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 249 bytes Desc: OpenPGP digital signature URL: From m.bizzarri at ICUBE.IT Wed Aug 18 09:47:59 2004 From: m.bizzarri at ICUBE.IT (Marco Bizzarri) Date: Wed, 18 Aug 2004 09:47:59 +0200 Subject: [PYTHON-CRYPTO] Info on using the AuthCookie in M2Crypto Message-ID: <412309AF.9080007@icube.it> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all. I'm trying to integrate M2Crypto AuthCookies in a Zope application. Up to now, I've been successful in integrating the AuthCookie. Here is the code. For those of you which could ask, it is a modified version of CookieCrumbler. I hope the formatting will not be such an issue... ~ def modifyRequest(self, REQUEST, RESPONSE): ~ if REQUEST.cookies.has_key(self.auth_cookie) and REQUEST.cookies.has_key('wscookie'): ~ cookie_str = REQUEST.cookies[self.auth_cookie] ~ assert cookie_jar.isGoodCookieString('Set-Cookie: _M2AUTH_="%s";' % cookie_str) ~ expiry, data, digest = unmix3(cookie_str) ~ REQUEST.environ['REMOTE_USER'] = data ~ return ATTEMPT_RESUME ~ if REQUEST.environ.has_key('REMOTE_USER'): ~ data = REQUEST.environ['REMOTE_USER'] ~ expiry = time() + 1800 ~ cookie = cookie_jar.makeCookie(expiry=expiry, data=data) ~ RESPONSE.setCookie(self.auth_cookie, cookie.value(), ~ path=self.getCookiePath(), ~ expires=cookie.expiry()) ~ return ATTEMPT_LOGIN ~ return ATTEMPT_NONE Now, my questions are regarding how much the AuthCookie are pyhton cookies. Digging into the code, I can see they use the a Cookie (actually, a SmartCookie) inside. However, the SmartCookie interface is not available. Therefore, if you want a cookie sent only on a secure connection, you have to access the _cookie field. Of course this is possible, but I feel it should be better integrated inside the AuthCookie class... Just a few thought for discussions, however. I think M2Crypto is a great python package. Regards Marco -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBIwmvXhfyAQQVoaIRAkHNAJ9vI7u3Gzw5INxik0iTNKb8umzlRQCfcjPK 9B8V/jXTJtOjwNceAS+BHlM= =wHxJ -----END PGP SIGNATURE----- From ngps at NETMEMETIC.COM Thu Aug 19 17:43:19 2004 From: ngps at NETMEMETIC.COM (Ng Pheng Siong) Date: Thu, 19 Aug 2004 23:43:19 +0800 Subject: [PYTHON-CRYPTO] Info on using the AuthCookie in M2Crypto In-Reply-To: <412309AF.9080007@icube.it> References: <412309AF.9080007@icube.it> Message-ID: <20040819154319.GA338@vista.netmemetic.com> On Wed, Aug 18, 2004 at 09:47:59AM +0200, Marco Bizzarri wrote: > Now, my questions are regarding how much the AuthCookie are pyhton > cookies. Digging into the code, I can see they use the a Cookie > (actually, a SmartCookie) inside. > > However, the SmartCookie interface is not available. Therefore, if you > want a cookie sent only on a secure connection, you have to access the > _cookie field. Of course this is possible, but I feel it should be > better integrated inside the AuthCookie class... I was checking out Webware when I wrote AuthCookies. Webware (at that time about v0.6) has its own cookie implementation, also based on SmartCookie, IIRC, but with more methods. Because I wasn't sure how to make them all play nicely, I did not attempt to provide a public interface to AuthCookie's underlying cookie implementation. (At least, this is how I remember it. ;-) Do feel free to add public methods to AuthCookie. TIA for your patch! ;-) > Just a few thought for discussions, however. I think M2Crypto is a great > python package. Thanks. Cheers. -- Ng Pheng Siong http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control http://sandbox.rulemaker.net/ngps -+- M2Crypto, ZServerSSL for Zope, Blog