From paul.l.kehrer at gmail.com Sat Apr 11 04:03:56 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Fri, 10 Apr 2015 22:03:56 -0400 Subject: [Cryptography-dev] PyCA cryptography 0.8.2 release Message-ID: PyCA cryptography 0.8.2 has been released to PyPI.? Changelog: * Fixed a race condition when initializing the OpenSSL or CommonCrypto backends in a multi-threaded scenario. -Paul Kehrer (reaperhulk) -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul.l.kehrer at gmail.com Tue Apr 14 16:23:17 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Tue, 14 Apr 2015 10:23:17 -0400 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support Message-ID: Recently we've had several situations where our project's Python 3.2 support blocks us from using libraries we'd like to consume (idna, characteristic, etc). Donald opened an issue (https://github.com/pyca/cryptography/issues/1809) with some evidence that we're performing significant contortions to support a version no one uses. I propose that we drop support for Python 3.2 in the next release and move forward with Python 2.6 (deprecated but no timeline for removal), Python 2.7, and 3.3+ support. I've put in a PR (https://github.com/pyca/cryptography/pull/1846) to note this in the changelog and update our travis configuration. If there are no substantial objections in the next few days we can merge and then update jenkins to reflect this as well. -Paul Kehrer -------------- next part -------------- An HTML attachment was scrubbed... URL: From terrycwk1994 at gmail.com Tue Apr 14 16:27:10 2015 From: terrycwk1994 at gmail.com (Terry Chia) Date: Tue, 14 Apr 2015 14:27:10 +0000 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: References: Message-ID: FWIW I'm fully in support of this as it doesn't seem like we'll be dropping support for any major platforms and 3.2 use is basically nil at this point. On Tue, 14 Apr 2015 at 10:23 pm Paul Kehrer wrote: > Recently we've had several situations where our project's Python 3.2 > support blocks us from using libraries we'd like to consume (idna, > characteristic, etc). Donald opened an issue ( > https://github.com/pyca/cryptography/issues/1809) with some evidence that > we're performing significant contortions to support a version no one uses. > I propose that we drop support for Python 3.2 in the next release and move > forward with Python 2.6 (deprecated but no timeline for removal), Python > 2.7, and 3.3+ support. > > I've put in a PR (https://github.com/pyca/cryptography/pull/1846) to note > this in the changelog and update our travis configuration. If there are no > substantial objections in the next few days we can merge and then update > jenkins to reflect this as well. > > -Paul Kehrer > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From _ at lvh.io Tue Apr 14 16:49:03 2015 From: _ at lvh.io (Laurens Van Houtven) Date: Tue, 14 Apr 2015 10:49:03 -0400 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: References: Message-ID: I for one support any and all efforts that reduce the number of supported Python 3.x versions ;-) On Tue, Apr 14, 2015 at 10:27 AM, Terry Chia wrote: > FWIW I'm fully in support of this as it doesn't seem like we'll be > dropping support for any major platforms and 3.2 use is basically nil at > this point. > On Tue, 14 Apr 2015 at 10:23 pm Paul Kehrer > wrote: > >> Recently we've had several situations where our project's Python 3.2 >> support blocks us from using libraries we'd like to consume (idna, >> characteristic, etc). Donald opened an issue ( >> https://github.com/pyca/cryptography/issues/1809) with some evidence >> that we're performing significant contortions to support a version no one >> uses. I propose that we drop support for Python 3.2 in the next release and >> move forward with Python 2.6 (deprecated but no timeline for removal), >> Python 2.7, and 3.3+ support. >> >> I've put in a PR (https://github.com/pyca/cryptography/pull/1846) to >> note this in the changelog and update our travis configuration. If there >> are no substantial objections in the next few days we can merge and then >> update jenkins to reflect this as well. >> >> -Paul Kehrer >> >> >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev at python.org >> https://mail.python.org/mailman/listinfo/cryptography-dev >> > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.gaynor at gmail.com Tue Apr 14 17:22:03 2015 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Tue, 14 Apr 2015 11:22:03 -0400 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: References: Message-ID: Have we confirmed that all important downstreams (pyOpenSSL, Twisted, eventually Fabric/Paramiko, urllib3/requests) have dropped 3.2? Alex On Tue, Apr 14, 2015 at 10:49 AM, Laurens Van Houtven <_ at lvh.io> wrote: > I for one support any and all efforts that reduce the number of supported > Python 3.x versions ;-) > > On Tue, Apr 14, 2015 at 10:27 AM, Terry Chia > wrote: > >> FWIW I'm fully in support of this as it doesn't seem like we'll be >> dropping support for any major platforms and 3.2 use is basically nil at >> this point. >> On Tue, 14 Apr 2015 at 10:23 pm Paul Kehrer >> wrote: >> >>> Recently we've had several situations where our project's Python 3.2 >>> support blocks us from using libraries we'd like to consume (idna, >>> characteristic, etc). Donald opened an issue ( >>> https://github.com/pyca/cryptography/issues/1809) with some evidence >>> that we're performing significant contortions to support a version no one >>> uses. I propose that we drop support for Python 3.2 in the next release and >>> move forward with Python 2.6 (deprecated but no timeline for removal), >>> Python 2.7, and 3.3+ support. >>> >>> I've put in a PR (https://github.com/pyca/cryptography/pull/1846) to >>> note this in the changelog and update our travis configuration. If there >>> are no substantial objections in the next few days we can merge and then >>> update jenkins to reflect this as well. >>> >>> -Paul Kehrer >>> >>> >>> _______________________________________________ >>> Cryptography-dev mailing list >>> Cryptography-dev at python.org >>> https://mail.python.org/mailman/listinfo/cryptography-dev >>> >> >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev at python.org >> https://mail.python.org/mailman/listinfo/cryptography-dev >> >> > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From hs at ox.cx Tue Apr 14 18:54:00 2015 From: hs at ox.cx (Hynek Schlawack) Date: Tue, 14 Apr 2015 12:54:00 -0400 Subject: [Cryptography-dev] [ANN] pyOpenSSL 0.15 Message-ID: <0820C766-7EEF-4763-BD5F-745839BB12E0@ox.cx> Greetings fellow Pythoneers, I'm happy to announce that pyOpenSSL 0.15 is now available. pyOpenSSL is a set of Python bindings for OpenSSL. It includes some low-level cryptography APIs but is primarily focused on providing an API for using the TLS protocol from Python. Check out the PyPI page () for downloads. *** This is the last release under the stewardship of Jean-Paul Calderone and the maintainership is now taken over by the Python Cryptography Authority (PyCA) which has been developing the C-bindings for pyOpenSSL for a while (aka cryptography). We?d like to thank him for his great work over the past years and hope to be able to keep moving the project into a direction that will make him only slightly sad. *** The highlights of this release include: - Support to ECDHE, - NPN and ALPN support, - ?many bug fixes! It?s worth pointing out that OpenSSL functions generally work on *byte strings* because they mirror OpenSSL APIs and OpenSSL is not Unicode-aware. Passing Unicode strings tends to accidentally work due do implicit decodes on Python 2 but they emit a DeprecationWarning now. Please note that DeprecationWarnings are silenced by default on Python 2.7. See the ChangeLog at for more details! On behalf of PyCA, Hynek Schlawack From hs at ox.cx Wed Apr 15 01:06:21 2015 From: hs at ox.cx (Hynek Schlawack) Date: Tue, 14 Apr 2015 19:06:21 -0400 Subject: [Cryptography-dev] [ANN] pyOpenSSL 0.15*.1* In-Reply-To: <0820C766-7EEF-4763-BD5F-745839BB12E0@ox.cx> References: <0820C766-7EEF-4763-BD5F-745839BB12E0@ox.cx> Message-ID: Hello again, since releasing software is so much fun, 0.15.1 is out on PyPI too. It fixes a small regression that shouldn?t affect you in practice but breaks the Twisted test suite. See https://github.com/pyca/pyopenssl/pull/225 for details. Brown baggily yours, ?h On 14 Apr 2015, at 12:54, Hynek Schlawack wrote: > Greetings fellow Pythoneers, > > I'm happy to announce that pyOpenSSL 0.15 is now available. > > pyOpenSSL is a set of Python bindings for OpenSSL. It includes some > low-level cryptography APIs but is primarily focused on providing an > API for using the TLS protocol from Python. > > Check out the PyPI page () for > downloads. > > *** > > This is the last release under the stewardship of Jean-Paul Calderone > and the maintainership is now taken over by the Python Cryptography > Authority (PyCA) which has been developing the C-bindings for > pyOpenSSL for a while (aka cryptography). > > We?d like to thank him for his great work over the past years and > hope to be able to keep moving the project into a direction that will > make him only slightly sad. > > *** > > The highlights of this release include: > > - Support to ECDHE, > - NPN and ALPN support, > - ?many bug fixes! > > It?s worth pointing out that OpenSSL functions generally work on > *byte strings* because they mirror OpenSSL APIs and OpenSSL is not > Unicode-aware. Passing Unicode strings tends to accidentally work due > do implicit decodes on Python 2 but they emit a DeprecationWarning > now. Please note that DeprecationWarnings are silenced by default on > Python 2.7. > > See the ChangeLog at > for more > details! > > On behalf of PyCA, > Hynek Schlawack > -- > https://mail.python.org/mailman/listinfo/python-announce-list > > Support the Python Software Foundation: > http://www.python.org/psf/donations/ From glyph at twistedmatrix.com Wed Apr 15 06:07:32 2015 From: glyph at twistedmatrix.com (Glyph) Date: Wed, 15 Apr 2015 00:07:32 -0400 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: References: Message-ID: <63FE0118-EEFD-49FE-9EFB-48814AB114E5@twistedmatrix.com> Is there a way to answer this question as a query against PyPI metadata? It seems like the information ought to be there, in some form... -g > On Apr 14, 2015, at 11:22, Alex Gaynor wrote: > > Have we confirmed that all important downstreams (pyOpenSSL, Twisted, eventually Fabric/Paramiko, urllib3/requests) have dropped 3.2? > > Alex > > On Tue, Apr 14, 2015 at 10:49 AM, Laurens Van Houtven <_ at lvh.io > wrote: > I for one support any and all efforts that reduce the number of supported Python 3.x versions ;-) > > On Tue, Apr 14, 2015 at 10:27 AM, Terry Chia > wrote: > FWIW I'm fully in support of this as it doesn't seem like we'll be dropping support for any major platforms and 3.2 use is basically nil at this point. > On Tue, 14 Apr 2015 at 10:23 pm Paul Kehrer > wrote: > Recently we've had several situations where our project's Python 3.2 support blocks us from using libraries we'd like to consume (idna, characteristic, etc). Donald opened an issue (https://github.com/pyca/cryptography/issues/1809 ) with some evidence that we're performing significant contortions to support a version no one uses. I propose that we drop support for Python 3.2 in the next release and move forward with Python 2.6 (deprecated but no timeline for removal), Python 2.7, and 3.3+ support. > > I've put in a PR (https://github.com/pyca/cryptography/pull/1846 ) to note this in the changelog and update our travis configuration. If there are no substantial objections in the next few days we can merge and then update jenkins to reflect this as well. > > -Paul Kehrer > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > > > > -- > "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: 125F 5C67 DFE9 4084 > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From cory at lukasa.co.uk Wed Apr 15 09:37:23 2015 From: cory at lukasa.co.uk (Cory Benfield) Date: Wed, 15 Apr 2015 08:37:23 +0100 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: <63FE0118-EEFD-49FE-9EFB-48814AB114E5@twistedmatrix.com> References: <63FE0118-EEFD-49FE-9EFB-48814AB114E5@twistedmatrix.com> Message-ID: On 15 April 2015 at 05:07, Glyph wrote: > Is there a way to answer this question as a query against PyPI metadata? It > seems like the information ought to be there, in some form... > > -g IME a lot of projects don't keep their PyPI metadata up-to-date. I already responded to Paul on Twitter, but requests abandoned 3.2 a long time ago. urllib3 nominally supports it, but I don't think we'd need much convincing to drop 3.2 support really. From donald at stufft.io Wed Apr 15 10:06:52 2015 From: donald at stufft.io (Donald Stufft) Date: Wed, 15 Apr 2015 04:06:52 -0400 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: References: <63FE0118-EEFD-49FE-9EFB-48814AB114E5@twistedmatrix.com> Message-ID: <0B01CA4A-1306-48C6-960C-ECE898308B3D@stufft.io> > On Apr 15, 2015, at 3:37 AM, Cory Benfield wrote: > > On 15 April 2015 at 05:07, Glyph wrote: >> Is there a way to answer this question as a query against PyPI metadata? It >> seems like the information ought to be there, in some form... >> >> -g > > IME a lot of projects don't keep their PyPI metadata up-to-date. > > I already responded to Paul on Twitter, but requests abandoned 3.2 a > long time ago. urllib3 nominally supports it, but I don't think we'd > need much convincing to drop 3.2 support really. lol whoops, pip supports 3.2, requests still works on 3.2 though! --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: From cory at lukasa.co.uk Wed Apr 15 10:58:57 2015 From: cory at lukasa.co.uk (Cory Benfield) Date: Wed, 15 Apr 2015 09:58:57 +0100 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: <0B01CA4A-1306-48C6-960C-ECE898308B3D@stufft.io> References: <63FE0118-EEFD-49FE-9EFB-48814AB114E5@twistedmatrix.com> <0B01CA4A-1306-48C6-960C-ECE898308B3D@stufft.io> Message-ID: On 15 April 2015 at 09:06, Donald Stufft wrote: > lol whoops, pip supports 3.2, requests still works on 3.2 though! Heh, yeah: we don't support 3.2 but we do support pip, so as long as it works well enough for you then that's fine by me. That said, 3.2 is bad and people using it should feel bad. From jean-paul at clusterhq.com Wed Apr 15 20:02:48 2015 From: jean-paul at clusterhq.com (Jean-Paul Calderone) Date: Wed, 15 Apr 2015 14:02:48 -0400 Subject: [Cryptography-dev] [ANN] pyOpenSSL 0.15 In-Reply-To: <0820C766-7EEF-4763-BD5F-745839BB12E0@ox.cx> References: <0820C766-7EEF-4763-BD5F-745839BB12E0@ox.cx> Message-ID: On Tue, Apr 14, 2015 at 12:54 PM, Hynek Schlawack wrote: > Greetings fellow Pythoneers, > > I'm happy to announce that pyOpenSSL 0.15 is now available. > > Congrats on getting the release out, Hynek. Thanks once again for stepping in to take over the lead role on the pyOpenSSL project. Thanks also to all of the PyCA folks at the PyCon sprints on Monday to prepare for this release. Jean-Paul -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.gaynor at gmail.com Wed Apr 15 20:10:08 2015 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Wed, 15 Apr 2015 14:10:08 -0400 Subject: [Cryptography-dev] [ANN] pyOpenSSL 0.15 In-Reply-To: References: <0820C766-7EEF-4763-BD5F-745839BB12E0@ox.cx> Message-ID: Thank you for your years of maintenance of pyOpenSSL! Alex On Wed, Apr 15, 2015 at 2:02 PM, Jean-Paul Calderone < jean-paul at clusterhq.com> wrote: > On Tue, Apr 14, 2015 at 12:54 PM, Hynek Schlawack wrote: > >> Greetings fellow Pythoneers, >> >> I'm happy to announce that pyOpenSSL 0.15 is now available. >> >> > Congrats on getting the release out, Hynek. Thanks once again for > stepping in to take over the lead role on the pyOpenSSL project. Thanks > also to all of the PyCA folks at the PyCon sprints on Monday to prepare for > this release. > > Jean-Paul > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From glyph at twistedmatrix.com Thu Apr 16 05:09:06 2015 From: glyph at twistedmatrix.com (Glyph) Date: Wed, 15 Apr 2015 23:09:06 -0400 Subject: [Cryptography-dev] [ANN] pyOpenSSL 0.15 In-Reply-To: References: <0820C766-7EEF-4763-BD5F-745839BB12E0@ox.cx> Message-ID: Thank you very much to Jean-Paul and Hynek for getting out this most recent release! (And thanks to Hynek for my opportunity to contribute my first patch to pyOpenSSL ;-)). -glyph > On Apr 15, 2015, at 14:10, Alex Gaynor wrote: > > Thank you for your years of maintenance of pyOpenSSL! > > Alex > > On Wed, Apr 15, 2015 at 2:02 PM, Jean-Paul Calderone > wrote: > On Tue, Apr 14, 2015 at 12:54 PM, Hynek Schlawack > wrote: > Greetings fellow Pythoneers, > > I'm happy to announce that pyOpenSSL 0.15 is now available. > > > Congrats on getting the release out, Hynek. Thanks once again for stepping in to take over the lead role on the pyOpenSSL project. Thanks also to all of the PyCA folks at the PyCon sprints on Monday to prepare for this release. > > Jean-Paul > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > > > > -- > "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: 125F 5C67 DFE9 4084 > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.gaynor at gmail.com Sat Apr 18 21:52:21 2015 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Sat, 18 Apr 2015 15:52:21 -0400 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: References: <63FE0118-EEFD-49FE-9EFB-48814AB114E5@twistedmatrix.com> <0B01CA4A-1306-48C6-960C-ECE898308B3D@stufft.io> Message-ID: For those not following the issue, Donald posted some graphs: https://github.com/pyca/cryptography/pull/1846#issuecomment-94195717 Basically, no one uses this, it's old and burdensome, I'm now also +1 on dropping. Paramiko still supports 3.2 though, so I sent bitprophet a message to confirm if it's a problem for him. That said, I'm planning on merging this as soon as Paul updates it with the last issue (;-)), and we can revert if it turns out it'll be a giant issue for paramiko. Cheers, Alex On Wed, Apr 15, 2015 at 4:58 AM, Cory Benfield wrote: > On 15 April 2015 at 09:06, Donald Stufft wrote: > > lol whoops, pip supports 3.2, requests still works on 3.2 though! > > Heh, yeah: we don't support 3.2 but we do support pip, so as long as > it works well enough for you then that's fine by me. > > That said, 3.2 is bad and people using it should feel bad. > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From donald at stufft.io Sat Apr 18 21:57:49 2015 From: donald at stufft.io (Donald Stufft) Date: Sat, 18 Apr 2015 15:57:49 -0400 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: References: <63FE0118-EEFD-49FE-9EFB-48814AB114E5@twistedmatrix.com> <0B01CA4A-1306-48C6-960C-ECE898308B3D@stufft.io> Message-ID: <7077ADBC-EFE5-448D-AE00-0E87FEEA2C1B@stufft.io> If Jeff wants it I can generate graphs for paramiko as well. > On Apr 18, 2015, at 3:52 PM, Alex Gaynor wrote: > > For those not following the issue, Donald posted some graphs: > https://github.com/pyca/cryptography/pull/1846#issuecomment-94195717 > > Basically, no one uses this, it's old and burdensome, I'm now also +1 on dropping. > > Paramiko still supports 3.2 though, so I sent bitprophet a message to confirm if it's a problem for him. That said, I'm planning on merging this as soon as Paul updates it with the last issue (;-)), and we can revert if it turns out it'll be a giant issue for paramiko. > > Cheers, > Alex > > On Wed, Apr 15, 2015 at 4:58 AM, Cory Benfield > wrote: > On 15 April 2015 at 09:06, Donald Stufft > wrote: > > lol whoops, pip supports 3.2, requests still works on 3.2 though! > > Heh, yeah: we don't support 3.2 but we do support pip, so as long as > it works well enough for you then that's fine by me. > > That said, 3.2 is bad and people using it should feel bad. > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > > > -- > "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: 125F 5C67 DFE9 4084 > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev --- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: Message signed with OpenPGP using GPGMail URL: From alex.gaynor at gmail.com Sat Apr 18 22:00:17 2015 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Sat, 18 Apr 2015 16:00:17 -0400 Subject: [Cryptography-dev] pyca/cryptography python 3.2 support In-Reply-To: <7077ADBC-EFE5-448D-AE00-0E87FEEA2C1B@stufft.io> References: <63FE0118-EEFD-49FE-9EFB-48814AB114E5@twistedmatrix.com> <0B01CA4A-1306-48C6-960C-ECE898308B3D@stufft.io> <7077ADBC-EFE5-448D-AE00-0E87FEEA2C1B@stufft.io> Message-ID: I'll wait to see what he says first. Alex On Sat, Apr 18, 2015 at 3:57 PM, Donald Stufft wrote: > If Jeff wants it I can generate graphs for paramiko as well. > > > On Apr 18, 2015, at 3:52 PM, Alex Gaynor wrote: > > For those not following the issue, Donald posted some graphs: > https://github.com/pyca/cryptography/pull/1846#issuecomment-94195717 > > Basically, no one uses this, it's old and burdensome, I'm now also +1 on > dropping. > > Paramiko still supports 3.2 though, so I sent bitprophet a message to > confirm if it's a problem for him. That said, I'm planning on merging this > as soon as Paul updates it with the last issue (;-)), and we can revert if > it turns out it'll be a giant issue for paramiko. > > Cheers, > Alex > > On Wed, Apr 15, 2015 at 4:58 AM, Cory Benfield wrote: > >> On 15 April 2015 at 09:06, Donald Stufft wrote: >> > lol whoops, pip supports 3.2, requests still works on 3.2 though! >> >> Heh, yeah: we don't support 3.2 but we do support pip, so as long as >> it works well enough for you then that's fine by me. >> >> That said, 3.2 is bad and people using it should feel bad. >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev at python.org >> https://mail.python.org/mailman/listinfo/cryptography-dev >> > > > > -- > "I disapprove of what you say, but I will defend to the death your right > to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: 125F 5C67 DFE9 4084 > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > > --- > Donald Stufft > PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From olivier.sallou at irisa.fr Tue Apr 21 09:07:41 2015 From: olivier.sallou at irisa.fr (Olivier Sallou) Date: Tue, 21 Apr 2015 09:07:41 +0200 Subject: [Cryptography-dev] ecdsa key x/y coordinates Message-ID: <5535F73D.1090908@irisa.fr> Hi, I load an ecdsa private key in my program: secret = load_pem_private_key(content_file.read().encode('utf-8'), password=None, backend=default_backend()) That's fine.... I need now to get the x and y coordinates of my ecdsa key to share it with an other program. Is there any way to get it ? I do not find in API the way to do so. Thanks Olivier -- gpg key id: 4096R/326D8438 (keyring.debian.org) Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 From alex.gaynor at gmail.com Tue Apr 21 13:08:19 2015 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Tue, 21 Apr 2015 07:08:19 -0400 Subject: [Cryptography-dev] ecdsa key x/y coordinates In-Reply-To: <5535F73D.1090908@irisa.fr> References: <5535F73D.1090908@irisa.fr> Message-ID: Hi Olivier, You can use the private_numbers() method: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKeyWithNumbers.private_numbers To get an EllipticCurvePrivateNumbers which has x and y attributes. Alex On Tue, Apr 21, 2015 at 3:07 AM, Olivier Sallou wrote: > Hi, > I load an ecdsa private key in my program: > > secret = > load_pem_private_key(content_file.read().encode('utf-8'), > password=None, > backend=default_backend()) > > That's fine.... > > I need now to get the x and y coordinates of my ecdsa key to share it > with an other program. Is there any way to get it ? I do not find in API > the way to do so. > > Thanks > > Olivier > > -- > > gpg key id: 4096R/326D8438 (keyring.debian.org) > Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerryguitarist at gmail.com Tue Apr 28 19:46:31 2015 From: jerryguitarist at gmail.com (Eeshan Garg) Date: Tue, 28 Apr 2015 23:16:31 +0530 Subject: [Cryptography-dev] Need advice on how to get started contributing to pyca/cryptography Message-ID: Hello! I really want to contribute to pyca/cryptography. I already have a development environment setup and I have run the tests. At the PyCon sprints I worked on , and I also submitted a PR for it , but it was decided that we won't be moving forward with what I was working on. It would mean a lot to me if someone could give me some guidance and help me find something to work on and get started. :-) Thanks, Eeshan Garg -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul.l.kehrer at gmail.com Tue Apr 28 23:43:16 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Tue, 28 Apr 2015 16:43:16 -0500 Subject: [Cryptography-dev] Need advice on how to get started contributing to pyca/cryptography In-Reply-To: References: Message-ID: Hey Eeshan, good to hear from you again. Take a look at https://github.com/pyca/cryptography/issues/1870 and https://github.com/pyca/cryptography/issues/1863. The latter is more challenging and requires some discussion so starting with 1870 might be a good idea. -Paul On Tue, Apr 28, 2015 at 12:46 PM, Eeshan Garg wrote: > Hello! > > I really want to contribute to pyca/cryptography. I already have a > development environment setup and I have run the tests. At the PyCon sprints > I worked on , and I also > submitted a PR for it , but > it was decided that we won't be moving forward with what I was working on. > > It would mean a lot to me if someone could give me some guidance and help me > find something to work on and get started. :-) > > Thanks, > Eeshan Garg > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > From jerryguitarist at gmail.com Wed Apr 29 05:58:20 2015 From: jerryguitarist at gmail.com (Eeshan Garg) Date: Wed, 29 Apr 2015 09:28:20 +0530 Subject: [Cryptography-dev] Need advice on how to get started contributing to pyca/cryptography In-Reply-To: References: Message-ID: Hey Paul! I am working on the first one right now and I'll submit a PR for it soon! I'll ask on IRC or on the mailing list if I have any questions. :-) Thanks & regards, Eeshan Garg On Wed, Apr 29, 2015 at 3:13 AM, Paul Kehrer wrote: > Hey Eeshan, good to hear from you again. Take a look at > https://github.com/pyca/cryptography/issues/1870 and > https://github.com/pyca/cryptography/issues/1863. The latter is more > challenging and requires some discussion so starting with 1870 might > be a good idea. > > -Paul > > On Tue, Apr 28, 2015 at 12:46 PM, Eeshan Garg > wrote: > > Hello! > > > > I really want to contribute to pyca/cryptography. I already have a > > development environment setup and I have run the tests. At the PyCon > sprints > > I worked on , and I > also > > submitted a PR for it , > but > > it was decided that we won't be moving forward with what I was working > on. > > > > It would mean a lot to me if someone could give me some guidance and > help me > > find something to work on and get started. :-) > > > > Thanks, > > Eeshan Garg > > > > _______________________________________________ > > Cryptography-dev mailing list > > Cryptography-dev at python.org > > https://mail.python.org/mailman/listinfo/cryptography-dev > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jerryguitarist at gmail.com Wed Apr 29 16:34:24 2015 From: jerryguitarist at gmail.com (Eeshan Garg) Date: Wed, 29 Apr 2015 20:04:24 +0530 Subject: [Cryptography-dev] Need advice on how to get started contributing to pyca/cryptography In-Reply-To: References: Message-ID: Hi! So I submitted two pull requests for < https://github.com/pyca/cryptography/issues/1870>. And both have them have been merged and the issue has been closed. :-) I have a couple of questions. So, you said that < https://github.com/pyca/cryptography/issues/1863> is challenging and requires some discussion; in the meantime, is there anything I should read or go through (code or documentation) before working on this issue? Also, is it necessary to leave a comment on an issue indicating that you are working on it or plan on working on it? :-) Thanks & regards, Eeshan Garg On Wed, Apr 29, 2015 at 9:28 AM, Eeshan Garg wrote: > Hey Paul! > > I am working on the first one right now and I'll submit a PR for it soon! > I'll ask on IRC or on the mailing list if I have any questions. :-) > > Thanks & regards, > Eeshan Garg > > On Wed, Apr 29, 2015 at 3:13 AM, Paul Kehrer > wrote: > >> Hey Eeshan, good to hear from you again. Take a look at >> https://github.com/pyca/cryptography/issues/1870 and >> https://github.com/pyca/cryptography/issues/1863. The latter is more >> challenging and requires some discussion so starting with 1870 might >> be a good idea. >> >> -Paul >> >> On Tue, Apr 28, 2015 at 12:46 PM, Eeshan Garg >> wrote: >> > Hello! >> > >> > I really want to contribute to pyca/cryptography. I already have a >> > development environment setup and I have run the tests. At the PyCon >> sprints >> > I worked on , and I >> also >> > submitted a PR for it , >> but >> > it was decided that we won't be moving forward with what I was working >> on. >> > >> > It would mean a lot to me if someone could give me some guidance and >> help me >> > find something to work on and get started. :-) >> > >> > Thanks, >> > Eeshan Garg >> > >> > _______________________________________________ >> > Cryptography-dev mailing list >> > Cryptography-dev at python.org >> > https://mail.python.org/mailman/listinfo/cryptography-dev >> > >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev at python.org >> https://mail.python.org/mailman/listinfo/cryptography-dev >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From paul.l.kehrer at gmail.com Thu Apr 30 18:11:09 2015 From: paul.l.kehrer at gmail.com (Paul Kehrer) Date: Thu, 30 Apr 2015 11:11:09 -0500 Subject: [Cryptography-dev] Need advice on how to get started contributing to pyca/cryptography In-Reply-To: References: Message-ID: Take a look at 1863 and 1864 for some discussion about what needs to be bound. It looks like a first pass might be excluding any of the OCSP methods listed in 1863. You'll also want to verify that the items listed aren't already bound. On April 29, 2015 at 9:34:38 AM, Eeshan Garg (jerryguitarist at gmail.com) wrote: Hi! So I submitted two pull requests for . And both have them have been merged and the issue has been closed. :-) I have a couple of questions. So, you said that is challenging and requires some discussion; in the meantime, is there anything I should read or go through (code or documentation) before working on this issue? Also, is it necessary to leave a comment on an issue indicating that you are working on it or plan on working on it? :-) Thanks & regards, Eeshan Garg ? On Wed, Apr 29, 2015 at 9:28 AM, Eeshan Garg wrote: Hey Paul! I am working on the first one right now and I'll submit a PR for it soon! I'll ask on IRC or on the mailing list if I have any questions. :-) Thanks & regards, Eeshan Garg On Wed, Apr 29, 2015 at 3:13 AM, Paul Kehrer wrote: Hey Eeshan, good to hear from you again. Take a look at https://github.com/pyca/cryptography/issues/1870 and https://github.com/pyca/cryptography/issues/1863. The latter is more challenging and requires some discussion so starting with 1870 might be a good idea. -Paul On Tue, Apr 28, 2015 at 12:46 PM, Eeshan Garg wrote: > Hello! > > I really want to contribute to pyca/cryptography. I already have a > development environment setup and I have run the tests. At the PyCon sprints > I worked on , and I also > submitted a PR for it , but > it was decided that we won't be moving forward with what I was working on. > > It would mean a lot to me if someone could give me some guidance and help me > find something to work on and get started. :-) > > Thanks, > Eeshan Garg > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > _______________________________________________ Cryptography-dev mailing list Cryptography-dev at python.org https://mail.python.org/mailman/listinfo/cryptography-dev _______________________________________________ Cryptography-dev mailing list Cryptography-dev at python.org https://mail.python.org/mailman/listinfo/cryptography-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From erik.trauschke at gmail.com Thu Apr 30 23:44:32 2015 From: erik.trauschke at gmail.com (Erik Trauschke) Date: Thu, 30 Apr 2015 14:44:32 -0700 Subject: [Cryptography-dev] Concern over x509 interface design Message-ID: Hi all, First of all I'd like to express how happy I am about this unified approach to crypto mechanisms in Python and how active this project is. I'm currently in the process of migrating a project from M2Crypto to cryptography which will require a few additional things which are not in the code yet but which I plan to add (and contribute to the project). I'm a bit concerned about the interface decisions for things like the Certificate() class in that it doesn't seem to lead in a direction that I will easily be able to instantiate Certifcate objects in the future. I'd think that it should be possible to do this: c = x509.Certificate() c.issuer = issuer_object or c.set_issuer(issuer_object) ... At the moment I don't see how the current architecture will allow that in the future. Even if I instantiate a _Certificate object from the backend (which I shouldn't have to) I would still have to pass an x509 object (talking about the OpenSSL backend here) to the constructor. I don't say that this is wrong but it should be at least a keyword argument. Since you are laying the ground work for an interface which probably shouldn't be changed all the time, it seems dangerous to have required arguments which are complicated for an user to pass. With a keyword argument you can have it work right now without writing additional code but in the future the object might be instantiated much easier without changing the interface incompatibly. But even then there is still the problem that the x509.Certificate class can not be instantiated by itself. I guess one could have a make_cert() function in x509.py which creates a proper cert for the user based on the selected backend. Or maybe another class which inherits from Certificate but I don't know how one would be able to associate it with the right backend. I know what you are trying to do with the abstract base classes, I'm just wondering if that creates an interface which is complicated to consume. I haven't found any information about what the final goal for the interface design is so maybe the current state is just the groundwork and you already have a plan in mind on how this all is supposed to be used once it's done. So please don't see this as criticism and more as a general question. Thanks Erik -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.gaynor at gmail.com Thu Apr 30 23:47:34 2015 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Thu, 30 Apr 2015 17:47:34 -0400 Subject: [Cryptography-dev] Concern over x509 interface design In-Reply-To: References: Message-ID: Hi Erik, So far we've been focussed on the "read-only" side, we haven't really discussed the "create a certificate" workflow. That said: IMO Certificate should always be immutable, when we get to creation, the API should either go through a distinct CertificateBuilder or make_cert() API. Alex On Thu, Apr 30, 2015 at 5:44 PM, Erik Trauschke wrote: > Hi all, > > First of all I'd like to express how happy I am about this unified > approach to crypto mechanisms in Python and how active this project is. > > I'm currently in the process of migrating a project from M2Crypto to > cryptography which will require a few additional things which are not in > the code yet but which I plan to add (and contribute to the project). > > I'm a bit concerned about the interface decisions for things like the > Certificate() class in that it doesn't seem to lead in a direction that I > will easily be able to instantiate Certifcate objects in the future. > I'd think that it should be possible to do this: > > c = x509.Certificate() > c.issuer = issuer_object > or > c.set_issuer(issuer_object) > ... > > At the moment I don't see how the current architecture will allow that in > the future. Even if I instantiate a _Certificate object from the backend > (which I shouldn't have to) I would still have to pass an x509 object > (talking about the OpenSSL backend here) to the constructor. I don't say > that this is wrong but it should be at least a keyword argument. Since you > are laying the ground work for an interface which probably shouldn't be > changed all the time, it seems dangerous to have required arguments which > are complicated for an user to pass. With a keyword argument you can have > it work right now without writing additional code but in the future the > object might be instantiated much easier without changing the interface > incompatibly. > > But even then there is still the problem that the x509.Certificate class > can not be instantiated by itself. I guess one could have a make_cert() > function in x509.py which creates a proper cert for the user based on the > selected backend. Or maybe another class which inherits from Certificate > but I don't know how one would be able to associate it with the right > backend. > I know what you are trying to do with the abstract base classes, I'm just > wondering if that creates an interface which is complicated to consume. > > I haven't found any information about what the final goal for the > interface design is so maybe the current state is just the groundwork and > you already have a plan in mind on how this all is supposed to be used once > it's done. So please don't see this as criticism and more as a general > question. > > Thanks > Erik > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: 125F 5C67 DFE9 4084 -------------- next part -------------- An HTML attachment was scrubbed... URL: