[Python-ideas] adding digital signature and encryption "hashes" to hashlib?

Bill Janssen janssen at parc.com
Mon Sep 21 17:43:49 CEST 2009

CTO <debatem1 at gmail.com> wrote:

> > I know it seems that way at first glance, but in fact they are strongly
> > related.  There's a reason all three (and nothing else) are exported
> > through OpenSSL's EVP API.
> >
> > Bill
> Don't get me wrong, I like the basic idea you're advancing, and in
> use hashes and crypto are frequently seen together,

Yes, that's the relationship I was thinking of.  But from a broader
philosophical view, a ciphertext can be thought of as a hash of a
plaintext, too.  A reversible hash.

> IMO, adding public key crypto routines to hashlib seems almost
> guaranteed to increase that confusion.

Well, that could be.  Perhaps the packaging "insight" I had wasn't
inspired :-).  I was thinking that from the crypto-ignorant point of
view, they seem quite similar.  A SHA256 hash can be seen as a digital
"signature" (or I've heard it called a "fingerprint") of a sequence of
bytes, just as with a public-key signature.  Sure, what's going on is
different, but from a utility point of view, it's much the same.  This
is why people post md5 checksums of downloadable packages -- it's a


More information about the Python-ideas mailing list