[PYTHON-CRYPTO] Implementing XML-RPC public key auth with minimal dependencies

[Heikki Toivonen]

Daniel Clark wrote:
> We are having a discussion on the bcfg2-devel mailing list [1] about
> the best way to introduce public key authentication into the software.
> 
> A big consideration for us is minimizing client dependencies - ideally
> all we want to have as dependencies are a Python 2.5 install with
> OpenSSL compiled in statically, and the Bcfg2 distribution itself (on
> some platforms, we may also try using cx-freeze to remove the Python
> requirement).

Like you have noted, you can't do it with stdlib unless you are willing
to implement most of the stuff yourself. I definitely recommend NOT
doing this, due to it being notoriously difficult to get everything done
correctly. Better use stuff that already works.

If you want to go with minimal dependencies, I would recommend TLS Lite
(http://trevp.net/tlslite/). It has a pure Python implementation of SSL
3.0 and TLS 1.0. It can also use other cryptographic libraries to speed
things up if they are present (m2crypto etc.). Depending on your needs,
the pure Python implementation may be too slow for you. If that is the
case, you may want to go directly to some other library.

If TLS Lite speed is an issue, I would recommend you to check out
M2Crypto (I am the maintainer of that) or pyOpenSSL-extended. Both are
wrappers for OpenSSL. I believe the former wraps more of OpenSSL, but it
does require SWIG to build, which pyOpenSSL-extended does not.

-- 
  Heikki Toivonen


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20070301/a3748e2d/attachment.pgp>