[PYTHON-CRYPTO] PEP-272 (API for Secret-Key Encryption Algorithms)
Andy Dustman
andy at DUSTMAN.NET
Fri Dec 14 16:42:02 CET 2001
BTW, I think the list setting Reply-To: to go back to the original
sender is obnoxious. It may actually be more obnoxious than setting
Reply-To: to go to the list.
On Fri, 2001-12-14 at 07:14, Janusz A. Urbanowicz wrote:
> Andy Dustman wrote/napisał[a]/schrieb:
> > Should we have a general API rule that only encrypt() or decrypt() may
> > be called on a cipher instance, and if the other is called then a) you
> > get an exception or b) undefined results?
>
> I have though on this issue and the result was as following: any given
> copher is a subclass of class Cipher which has three public methods - the
> constructor, encrypt() and decrypt(). The key is supplied to __init__() when
> instantiating the class and you later use the object to enrypt with the
> key. Seemed pretty straightforward to me.
It is, for most ciphers. But not for IDEA: The key schedule has to be
initialized differently depending on whether or not you want to encrypt
or decrypt.
I think amk's solution of computing both key schedules would be okay,
except that I seem to remember that IDEA's decryption key schedule takes
a lot longer to compute than for encryption.
Also, for any cipher mode which maintains an IV, encrypt() and decrypt()
really will be mutually-exclusive for a given instance. ECB is the only
supported mode that doesn't use an IV. (BTW, the PGP mode needs an IV as
well, but the PEP doesn't reflect this.)
--
Andy Dustman PGP: 0x930B8AB6
@ .net http://dustman.net/andy
You can have my keys when you pry them from my dead, cold neurons.
More information about the python-crypto
mailing list