[Cryptography-dev] Low level API for Symmetric Encryption
Donald Stufft
donald at stufft.io
Thu Aug 8 04:25:31 CEST 2013
On Aug 7, 2013, at 10:02 PM, Paul Kehrer <paul.l.kehrer at gmail.com> wrote:
> On Wed, Aug 7, 2013 at 8:24 PM, Donald Stufft <donald at stufft.io> wrote:
>>
>> Are there any methods like this for Block Ciphers? We'd need to figure
>> something like that out of course if there were and obviously it'd be
>> nice to keep a composition style API throughout the library.
>>
>
> The method I mentioned takes a block cipher as an argument to
> determine what (if any) encryption is applied to the (incidentally
> asymmetric) key. It's more common for an EVP_MD object to be passed in
> to another function though.
>
>>
>> In my mind the bulk of the logic would live in the MODE() class and the
>> cipher class would primarily be for setting cipher/key size. As far as I
>> know OpenSSL doesn't really change the API between different cipher
>> or key size, just modes.
>>
>
> Yeah, that's my experience as well.
>
>
> In your original email you mentioned padding, but the thread hasn't
> discussed it yet. With the API we're pitching now if we wanted to
> include padding I suppose it could look something like:
>
> padding = cryptography.primitives.padding.pkcs7()
>
> cipher = CBC(AES(),iv,padding)
>
> You could specify a different padding object (ansi x.923, etc) or
> leave it default and modes that don't require padding (GCM, CCM, XTS)
> would not have the parameter.
Speaking of the Padding made me wonder if we're overloading the constructor of the mode too much, i'm not sure though because wether or not you want padding is dependent on the mode.
Maybe we want::
cipher = BlockCipher(AES(key), CBC(iv), PKCS7())
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20130807/5276f14e/attachment-0001.pgp>
More information about the Cryptography-dev
mailing list