From heikki at OSAFOUNDATION.ORG Fri Feb 2 20:04:01 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Fri, 2 Feb 2007 11:04:01 -0800 Subject: [PYTHON-CRYPTO] Building M2Crypto-0.17 on MacOS X In-Reply-To: References: <45B4FD32.1090202@osafoundation.org> <02D9FC0D-1F50-4973-9322-3C0D0A65EA72@paljak.pri.ee> <45B50ACB.7010308@osafoundation.org> Message-ID: <45C38B21.1070905@osafoundation.org> Marc Hedlund wrote: > This (building M2Crypto-0.17 Universal on MacOS X) was a big pain, so > here are my notes on it: Thanks, I included these in the INSTALL file. > I'm happy to contribute a built, zipped mpkg installer (statically > linked) if that's desirable. I (or you, it is a wiki after all) can put a link from the M2Crypto homepage if you can host the file somewhere. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From westerveg at YAHOO.NO Sat Feb 3 11:35:16 2007 From: westerveg at YAHOO.NO (Vegar Westerlund) Date: Sat, 3 Feb 2007 11:35:16 +0100 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.17 In-Reply-To: <458A1987.2060900@osafoundation.org> Message-ID: <20070203103516.GB8857@stud.ntnu.no> Heikki Toivonen: > M2Crypto is the most complete Python wrapper for OpenSSL. Will this version be included in any of the upcoming versions of debian or ubuntu? The version current on my ubuntu edgy release is 0.13. And debian etch has 0.16. -- Vegar Westerlund From marc at PRECIPICE.ORG Sat Feb 3 13:16:21 2007 From: marc at PRECIPICE.ORG (Marc Hedlund) Date: Sat, 3 Feb 2007 06:16:21 -0600 Subject: [PYTHON-CRYPTO] Building M2Crypto-0.17 on MacOS X In-Reply-To: <45C38B21.1070905@osafoundation.org> References: <45B4FD32.1090202@osafoundation.org> <02D9FC0D-1F50-4973-9322-3C0D0A65EA72@paljak.pri.ee> <45B50ACB.7010308@osafoundation.org> <45C38B21.1070905@osafoundation.org> Message-ID: On Fri, 2 Feb 2007, Heikki Toivonen wrote: >> I'm happy to contribute a built, zipped mpkg installer (statically >> linked) if that's desirable. > > I (or you, it is a wiki after all) can put a link from the M2Crypto > homepage if you can host the file somewhere. Done. I was going to be paranoid about the security of that, but on the other hand, accepting builds via email wouldn't be much better. :) The real solution is a Universal build_libs target in the OpenSSL Makefile. That would cut my build notes from 29 steps to 9 steps. I'll head over to the OpenSSL list and argue for that. Thanks again. -M From edgar.marco at NEXTHINK.COM Mon Feb 5 10:44:53 2007 From: edgar.marco at NEXTHINK.COM (Edgar Marco Florensa) Date: Mon, 5 Feb 2007 10:44:53 +0100 Subject: [PYTHON-CRYPTO] Blowfish decryption problem Message-ID: <003601c7490a$49dadfd0$ab00a8c0@Edgar> Hi all, I have a problem trying to decrypt Blowfish-encrypted data. I'll try to explain as much as possible all the details, hoping anyone in this list can help me. I am doing some tests, and I encrypt data (actually a C struct) with Eric Young's implementation of Blowfish in C, using the cfb mode. I send this data over an Ethernet network, and I capture it on the wire using Wireshark. My problem is basically that when I try to decrypt this captured data using PyCrypto in Python 2.4, I don't get the expected results. For decrypting, I generate a Blowfish object, with the key and the IV used for encryption. I decrypt data, and after I unpack it using the function unpack included in the struct module. I've tried both with big endian and little endian modes. I'm quite new both in cryptography and in Python, so I guess I'm doing something wrong. I've detected something which makes no sense for me. Maybe it can help to detect my problem. When I encrypt the data (the struct), the first 8 bytes are two UINT 32. In the plain data the first one is changing, but the second one (bytes 5 to 8) is always the same. In the encrypted data, these bytes (5 to 8) are also always the same (I consider this normal, since the first 8 bytes use the key and the IV for being encrypted). However, if I encrypt the same plain data using PyCrypto, the bytes 5 to 8 of the encrypted data change if the first four bytes change. I'm always restarting the encrypting/decrypting object after encrypting/decrypting a struct. I guess this difference in encrypting the data has something to do with the fact of being unable to decrypt the data I capture. Any solutions or ideas why is this happening? Regards, Edgar Marco -------------- next part -------------- An HTML attachment was scrubbed... URL: From heikki at OSAFOUNDATION.ORG Mon Feb 5 18:50:18 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Mon, 5 Feb 2007 09:50:18 -0800 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.17 In-Reply-To: <20070203103516.GB8857@stud.ntnu.no> References: <20070203103516.GB8857@stud.ntnu.no> Message-ID: <45C76E5A.7080902@osafoundation.org> Vegar Westerlund wrote: > Will this version be included in any of the upcoming versions of debian > or ubuntu? > > The version current on my ubuntu edgy release is 0.13. And debian etch > has 0.16. I don't know, you'd have to ask the Debian and Ubuntu package maintainer(s). -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: From jlj.haskins at GMAIL.COM Mon Feb 12 21:59:57 2007 From: jlj.haskins at GMAIL.COM (Haskins Family) Date: Mon, 12 Feb 2007 15:59:57 -0500 Subject: [PYTHON-CRYPTO] M2Crypto 0.17 Windows build with Python2.5 Message-ID: <2af029e80702121259k7cf917fcsc434c0b633d1746b@mail.gmail.com> Are there any plans for a Windows build with Python-2.5 and OpenSSL-0.9.8d? -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.wied at GMAIL.COM Thu Feb 15 20:39:25 2007 From: alex.wied at GMAIL.COM (Alex) Date: Thu, 15 Feb 2007 20:39:25 +0100 Subject: [PYTHON-CRYPTO] Question using an AES decryption Message-ID: Greetings, first off this is library is awesome stuff! I would like to encrypt some text with AES. Following the DES example in the Crypto manual I have the following piece of code: -------------- # Encrypt some text with 256bit AES from Crypto.Cipher import * plain="this is some textXXXXXXXXXXXXXXX" # make text len multiple of 16 obj = AES.new('1234567812345678', AES.MODE_CBC, 'bbbbbbbbaaaaaaaa') print "Before encryption: ", plain ciph = obj.encrypt(plain) print "After decryption: ", ciph print "After decryption: ", obj.decrypt(ciph) -------------- Here's the result I'm getting: -------------- Before encryption: this is some textXXXXXXXXXXXXXXX After encryption: ??9Œ†?{.'P?W? t”?e?V??B?x•?Q?– After decryption: ‚?n???YPžt‘?D??tXXXXXXXXXXXXXXX -------------- The decryption doesn't work as expected, I'm not receiving my original text. I guess I'm passing the wrong parameters to instantiate my AES ojbject... Any ideas? Thanks in advance for your help. Alex From sascha-ml-cryptography-python-crypto at SILBE.ORG Thu Feb 15 21:31:49 2007 From: sascha-ml-cryptography-python-crypto at SILBE.ORG (Sascha Silbe) Date: Thu, 15 Feb 2007 21:31:49 +0100 Subject: [PYTHON-CRYPTO] Question using an AES decryption In-Reply-To: References: Message-ID: <20070215203149.GA11098@cube.sascha.silbe.org> On Thu, Feb 15, 2007 at 08:39:02PM +0100, Alex wrote: > obj = AES.new('1234567812345678', AES.MODE_CBC, 'bbbbbbbbaaaaaaaa') With Cipher Block Chaining (CBC), each block gets XORed to the previous block. The first one against the Initialisation Vector (IV), of course. > print "Before encryption: ", plain > ciph = obj.encrypt(plain) After this instruction, you've modified the state of obj to use instead of the IV. > print "After decryption: ", ciph > print "After decryption: ", obj.decrypt(ciph) If you use two independent instances, it works fine: === Begin x.py === # Encrypt some text with 256bit AES from Crypto.Cipher import * plain="this is some textXXXXXXXXXXXXXXX" # make text len multiple of 16 obj1 = AES.new('1234567812345678', AES.MODE_CBC, 'bbbbbbbbaaaaaaaa') obj2 = AES.new('1234567812345678', AES.MODE_CBC, 'bbbbbbbbaaaaaaaa') print "Before encryption: ", `plain` ciph = obj1.encrypt(plain) print "After decryption: ", `ciph` print "After decryption: ", `obj2.decrypt(ciph)` === End x.py === === Begin screenshot === Before encryption: 'this is some textXXXXXXXXXXXXXXX' After decryption: "\x81\xb89\x8c\x86\xbe{.'P\xc3\x04W\xc4\tt\x94\xe6e\xe4V\xf1\xa4\x1bB\x90x\x95\xb9Q\xda\x96" After decryption: 'this is some textXXXXXXXXXXXXXXX' === End x.py === CU Sascha -- http://sascha.silbe.org/ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available URL: From latitia.haskins at GMAIL.COM Wed Feb 28 15:45:05 2007 From: latitia.haskins at GMAIL.COM (Latitia Haskins) Date: Wed, 28 Feb 2007 09:45:05 -0500 Subject: [PYTHON-CRYPTO] Execute connect_ssl() twice to connect - is this right? Message-ID: Hi all, I would like to verify some behavior that I observe in my code when I connect a client and server using M2Crypto. I am finding that I have to execute the connect_ssl() method twice in order for a connection to be made between the client and server. Is this right or am I doing something wrong? Thanks for any information that anyone can give me. Latitia #----------- server ---------------- >>> import M2Crypto >>> ss = M2Crypto.SSL.ssl_dispatcher() >>> ss.ssl_ctx = M2Crypto.SSL.Context('tlsv1') >>> ss.ssl_ctx.set_cipher_list('ADH-AES128-SHA') >>> ss.ssl_ctx.set_tmp_dh('dhparam.pem') >>> ss.ssl_ctx.set_tmp_dh_callback() >>> ss.ssl_ctx.set_info_callback() >>> ss.create_socket(ss.ssl_ctx) >>> ss.set_reuse_addr() >>> ss.socket.setblocking(0) >>> ss.bind(('server.home.com', 8888)) >>> ss.listen(5) >>> sa = ss.socket.accept() LOOP: SSL accept: before/accept initialization <<< s.connect_ssl() DONE HERE >>> LOOP: SSL accept: SSLv3 read client hello A LOOP: SSL accept: SSLv3 write server hello A LOOP: SSL accept: SSLv3 write key exchange A LOOP: SSL accept: SSLv3 write server done A LOOP: SSL accept: SSLv3 flush data <<< s.connect_ssl() DONE HERE >>> LOOP: SSL accept: SSLv3 read client key exchange A LOOP: SSL accept: SSLv3 read finished A LOOP: SSL accept: SSLv3 write change cipher spec A LOOP: SSL accept: SSLv3 write finished A LOOP: SSL accept: SSLv3 flush data INFO: SSL accept: SSL negotiation finished successfully >>> #--------- client ------------------------------- >>> import M2Crypto >>> import socket >>> sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) >>> ctx = M2Crypto.SSL.Context('tlsv1') >>> ctx.set_cipher_list('ADH-AES128-SHA') >>> ctx.set_tmp_dh('dhparam.pem') >>> ctx.set_tmp_dh_callback() >>> ctx.set_info_callback() >>> s = M2Crypto.SSL.Connection(ctx, sock) >>> s.addr=('server.home.com', 8888) >>> s.socket.connect(s.addr) >>> s.setup_ssl() >>> s.set_connect_state() >>> s.setblocking(0) >>> s.connect_ssl() LOOP: SSL connect: before/connect initialization LOOP: SSL connect: SSLv3 write client hello A INFO: SSL connect: SSLv3 read server hello A 0 >>> >>> s.connect_ssl() LOOP: SSL connect: SSLv3 read server hello A LOOP: SSL connect: SSLv3 read server key exchange A LOOP: SSL connect: SSLv3 read server done A LOOP: SSL connect: SSLv3 write client key exchange A LOOP: SSL connect: SSLv3 write change cipher spec A LOOP: SSL connect: SSLv3 write finished A LOOP: SSL connect: SSLv3 flush data INFO: SSL connect: SSLv3 read finished A 0 >>> -------------- next part -------------- An HTML attachment was scrubbed... URL: From heikki at OSAFOUNDATION.ORG Wed Feb 28 22:15:11 2007 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Wed, 28 Feb 2007 13:15:11 -0800 Subject: [PYTHON-CRYPTO] Execute connect_ssl() twice to connect - is this right? In-Reply-To: References: Message-ID: <45E5F0DF.1050303@osafoundation.org> Latitia Haskins wrote: > I would like to verify some behavior that I observe in my code when I > connect a client and server using M2Crypto. I am finding that I have to I find your code very strange, and the server code does not work for me at all. I would advice you to take a look at the test_ssl.py file for some guaranteed to work client samples. After that take a look at the demos for some more samples, including server samples, but keep in mind that the demos may no longer work. -- Heikki Toivonen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 254 bytes Desc: OpenPGP digital signature URL: