From dlitz at DLITZ.NET Tue Aug 4 03:56:08 2009 From: dlitz at DLITZ.NET (Dwayne C. Litzenberger) Date: Mon, 3 Aug 2009 21:56:08 -0400 Subject: [PYTHON-CRYPTO] ANN: PyCrypto 2.1.0 alpha 1 released Message-ID: <20090804015608.GA28008@rivest.dlitz.net> PyCrypto 2.1.0alpha1 has been released. Finally. You can get it from the git repository: $ git clone git://git.pycrypto.org:9419/crypto/pycrypto-2.x.git $ cd pycrypto-2.x $ git checkout v2.0.1alpha1 You can also browse the git repository on the web: http://gitweb.pycrypto.org/?p=crypto/pycrypto-2.x.git;a=summary Please test it and post your experiences to the PyCrypto mailing list: pycrypto at lists.dlitz.net and/or file bug reports on Launchpad: https://bugs.launchpad.net/pycrypto Here is a (non-exhaustive) list of changes between 2.0.1 and 2.1.0alpha1: * This version supports Python versions 2.1 through 2.6. * Clarified copyright status of much of the existing code by tracking down Andrew M. Kuchling, Barry A. Warsaw, Jeethu Rao, Joris Bontje, Mark Moraes, Paul Swartz, Robey Pointer, and Wim Lewis and getting their permission to clarify the license/public-domain status of their contributions. Many thanks to all involved! * Replaced the test suite with a new, comprehensive package (Crypto.SelfTest) that includes documentation about where its test vectors came from, or how they were derived. Use "python setup.py test" to run the tests after building. * API changes: - Added Crypto.version_info, which from now on will contain version information in a format similar to Python's sys.version_info. - Added a new random numbers API (Crypto.Random), and deprecated the old one (Crypto.Util.randpool.RandomPool), which was misused more often than not. The new API is used by invoking Crypto.Random.new() and then just reading from the file-like object that is returned. CAVEAT: To maintain the security of the PRNG, you must call Crypto.Random.atfork() in both the parent and the child processes whenever you use os.fork(). Otherwise, the parent and child will share copies of the same entropy pool, causing them to return the same results! This is a limitation of Python, which does not provide readily-accessible hooks to os.fork(). It's also a limitation caused by the failure of operating systems to provide sufficiently fast, trustworthy sources of cryptographically-strong random numbers. - Crypto.PublicKey now raises ValueError/TypeError/RuntimeError instead of the various custom "error" exceptions - Removed the IDEA and RC5 modules due to software patents. Debian has been doing this for a while - Added Crypto.Random.random, a strong version of the standard Python 'random' module. - Added Crypto.Util.Counter, providing fast counter implementations for use with CTR-mode ciphers. * Bug fixes: - Fixed padding bug in SHA256; this resulted in bad digests whenever (the number of bytes hashed) mod 64 == 55. - Fixed a 32-bit limitation on the length of messages the SHA256 module could hash. - AllOrNothing: Fixed padding bug in digest() - Fixed a bad behaviour of the XOR cipher module: It would silently truncate all keys to 32 bytes. Now it raises ValueError when the key is too long. - DSA: Added code to enforce FIPS 186-2 requirements on the size of the prime p - Fixed the winrandom module, which had been omitted from the build process, causing security problems for programs that misuse RandomPool. - Fixed infinite loop when attempting to generate RSA keys with an odd number of bits in the modulus. (Not that you should do that.) * Clarified the documentation for Crypto.Util.number.getRandomNumber. Confusingly, this function does NOT return N random bits; It returns a random N-bit number, i.e. a random number between 2**(N-1) and (2**N)-1. Note that getRandomNumber is for internal use only and may be renamed or removed in future releases. * Replaced RIPEMD.c with a new implementation (RIPEMD160.c) to alleviate copyright concerns. * Replaced the DES/DES3 modules with ones based on libtomcrypt-1.16 to alleviate copyright concerns. * Replaced Blowfish.c with a new implementation to alleviate copyright concerns. * Added a string-XOR implementation written in C (Crypto.Util.strxor) and used it to speed up Crypto.Hash.HMAC * Converted documentation to reStructured Text. * Added epydoc configuration Doc/epydoc-config * setup.py now emits a warning when building without GMP. * Added pct-speedtest.py to the source tree for doing performance testing on the new code. * Cleaned up the code in several places. Cheers! - Dwayne -- Dwayne C. Litzenberger Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7 From info at EGENIX.COM Tue Aug 4 21:58:57 2009 From: info at EGENIX.COM (eGenix Team: M.-A. Lemburg) Date: Tue, 4 Aug 2009 21:58:57 +0200 Subject: [PYTHON-CRYPTO] ANN: eGenix pyOpenSSL Distribution 0.9.0-0.9.8k now also in .egg format Message-ID: <4A789301.6030500@egenix.com> ________________________________________________________________________ ANNOUNCING eGenix.com pyOpenSSL Distribution Version 0.9.0-0.9.8k An easy to install and use repackaged distribution of the pyOpenSSL Python interface for OpenSSL - available on Windows, Mac OS X and Unix platforms This announcement is also available on our web-site for online reading: http://www.egenix.com/company/news/eGenix-pyOpenSSL-Distribution-0.9.0-0.9.8k-1-Update.html ________________________________________________________________________ INTRODUCTION The eGenix.com pyOpenSSL Distribution includes everything you need to get started with SSL in Python. It comes with an easy to use installer that includes the most recent OpenSSL library versions in pre-compiled form. pyOpenSSL is an open-source Python add-on (http://pyopenssl.sf.net/) that allows writing SSL aware networking applications as well as certificate management tools. OpenSSL is an open-source implementation of the SSL protocol (http://www.openssl.org/). For more information, please see the product page: http://www.egenix.com/products/python/pyOpenSSL/ ________________________________________________________________________ NEWS Due to popular demand, we've added .egg file versions for Windows and Linux to the available download options. This should make things easier for people using e.g. zc.buildout and other egg-file based installers. As always, binaries include both pyOpenSSL and the necessary OpenSSL libraries. ________________________________________________________________________ DOWNLOADS The download archives and instructions for installing the package can be found at: http://www.egenix.com/products/python/pyOpenSSL/ ________________________________________________________________________ UPGRADING Before installing this version of pyOpenSSL, please make sure that you uninstall any previously installed pyOpenSSL version. Otherwise, you could end up not using the included OpenSSL libs. _______________________________________________________________________ SUPPORT Commercial support for these packages is available from eGenix.com. Please see http://www.egenix.com/services/support/ for details about our support offerings. Enjoy, -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Aug 04 2009) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ From heikki at OSAFOUNDATION.ORG Tue Aug 11 06:21:55 2009 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Mon, 10 Aug 2009 21:21:55 -0700 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.20 Message-ID: <4A80F1E3.6010102@osafoundation.org> M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. Smartcards supported with the Engine interface. This is the 0.20 release. Download links and bug filing instructions on the homepage at http://chandlerproject.org/Projects/MeTooCrypto. Changelog: - Deprecated M2Crypto.PGP subpackage since nobody seems to be using it nor is it being maintained (if you do use it, please let me know) - Added fedora_setup.sh to help work around differences on Fedora Core -based distributions (RedHat, CentOS, ...); thanks to Miloslav Trmac - Added X509.load_request_bio and load_request_string, by Hartmut Goebel and Pavel Shramov - Added alias X509.Request.set_subject for set_subject_name to match X509.X509, by Pavel Shramov - OBJ_* wrappers did not work properly with OpenSSL 0.9.8a and earlier, fix by Pavel Shramov - Added ASN1_UTCTIME.get_datetime and set_datetime, by Pavel Shramov - Fixed obj_obj2txt, which returned nonsense, fix by Barney Stratford - m2urllib did not close sockets properly, fix by Miloslav Trmac - Allow SSL peer certificate to have subjectAltName without dNSName and use commonName for hostname check, fix by Miloslav Trmac - threading_locking_callback did not block on a lock when the lock was held by another thread, by Miloslav Trmac - Allow more blocking OpenSSL functions to run without GIL, by Miloslav Trmac - Fixed httpslib to send only the path+query+fragment part of the URL when using CONNECT proxy, by James Bowes - SSLServer.__init__ now takes optional bind_and_activate parameter and initializes by calling SocketServer.BaseServer.__init__, which are Python 2.6 compatibility fixes, by Christian - ftpslib now works with Python 2.6, by Theodore A. Roth - httpslib.ProxyHTTPSConnection needs to cast port into integer, by John M. Schanck - Added support for RSASSA-PSS signing and verifying, by Chris Collis - Added support for disabling padding when using RSA encryption, by Chris Collis - ASN1_INTEGERs can now be larger than fits in an int, for example to support X509 certificates with large serial numbers, patch by Mikhail Vorozhtsov and testcase by Barry G. - Reverted a change done in 0.17 to m2urllib2 which changed urls to include host when it should stay as it was - httpslib no longer uses urllib; instead it uses urlparse for url parsing - SMIME.text_crlf and text_crlf_bio were always raising TypeError; fixed - EVP.load_key and load_key_bio fixed to raise EVP.EVPError and BIO.BIOError instead of str (str exceptions not allowed in Python 2.6 and later) - SSL.Session.load_session fixed to raise SSL.SSLError instead of str - SMIME.load_pkcs7, load_pkcs7_bio, smime_load_pkcs7, smime_load_pkcs7_bio, text_crlf, text_crlf_bio fixed to raise BIO.BIOError, SMIME.PKCS7_Error and SMIME.SMIME_Error as appropriate instead of str - Added FIPS mode to unit tests, and used FIPS-compliant key sizes in other tests, by Miloslav Trmac. Note that tests run much slower because of this! - Unit tests cover 80% of the code -- Heikki Toivonen - http://heikkitoivonen.net From luca at KEUL.IT Mon Aug 24 10:38:48 2009 From: luca at KEUL.IT (Luca Fabbri) Date: Mon, 24 Aug 2009 10:38:48 +0200 Subject: [PYTHON-CRYPTO] Usage of python-crypto (or M2Crypto?) for read p7m signed files Message-ID: <27308d500908240138x59804042waec8a241ae8aeec1@mail.gmail.com> I'm looking the web to find a way to access content on .p7m digital signed files. I really had problems to find how to do this, event looking at google... What I need is NOT sign files, or verify signed files, but only be able to extract PDF, DOC file inside. Can someone tell me if python-crypto is the way, or use M2Crypto? Also can be usefull for me to know how to get examples about this. Thanks all! -- -- luca From mads at KIILERICH.COM Mon Aug 24 10:58:52 2009 From: mads at KIILERICH.COM (Mads Kiilerich) Date: Mon, 24 Aug 2009 10:58:52 +0200 Subject: [PYTHON-CRYPTO] Usage of python-crypto (or M2Crypto?) for read p7m signed files In-Reply-To: <27308d500908240138x59804042waec8a241ae8aeec1@mail.gmail.com> References: <27308d500908240138x59804042waec8a241ae8aeec1@mail.gmail.com> Message-ID: <4A92564C.9040403@kiilerich.com> On 08/24/2009 10:38 AM, Luca Fabbri wrote: > I'm looking the web to find a way to access content on .p7m digital > signed files. > > I really had problems to find how to do this, event looking at > google... What I need is NOT sign files, or verify signed files, but > only be able to extract PDF, DOC file inside. > > Can someone tell me if python-crypto is the way, or use M2Crypto? > python-crypto currently mostly contains low-level crypto stuff. Higher level applications of crypto in protocols must be found elsewhere. M2crypto might be a better alternative for S/MIME. > Also can be usefull for me to know how to get examples about this. > http://www.google.com/search?q=m2crypto+s%2Fmime seems to give good answers /Mads From heikki at OSAFOUNDATION.ORG Fri Aug 28 01:42:16 2009 From: heikki at OSAFOUNDATION.ORG (Heikki Toivonen) Date: Thu, 27 Aug 2009 16:42:16 -0700 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.20.1 Message-ID: <4A9719D8.9070908@osafoundation.org> M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL functionality to implement clients and servers; HTTPS extensions to Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing AuthCookies for web session management; FTP/TLS client and server; S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME messenger for Zope. Smartcards supported with the Engine interface. This is the 0.20.1 release. Download links and bug filing instructions on the homepage at http://chandlerproject.org/Projects/MeTooCrypto. Changelog: - Fix regression in httpslib.ProxyHTTPSConnection, by Miloslav Trmac -- Heikki Toivonen - http://heikkitoivonen.net From miserlou at GMAIL.COM Fri Aug 28 01:44:30 2009 From: miserlou at GMAIL.COM (Rich Jones) Date: Thu, 27 Aug 2009 19:44:30 -0400 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.20.1 In-Reply-To: <4A9719D8.9070908@osafoundation.org> References: <4A9719D8.9070908@osafoundation.org> Message-ID: Can you say a bit more about the 'regression' ? R On Thu, Aug 27, 2009 at 7:42 PM, Heikki Toivonen wrote: > M2Crypto is the most complete Python wrapper for OpenSSL featuring RSA, > DSA, DH, HMACs, message digests, symmetric ciphers (including AES); SSL > functionality to implement clients and servers; HTTPS extensions to > Python's httplib, urllib, and xmlrpclib; unforgeable HMAC'ing > AuthCookies for web session management; FTP/TLS client and server; > S/MIME; ZServerSSL: A HTTPS server for Zope and ZSmime: An S/MIME > messenger for Zope. Smartcards supported with the Engine interface. > > This is the 0.20.1 release. Download links and bug filing instructions > on the homepage at > http://chandlerproject.org/Projects/MeTooCrypto. > > Changelog: > - Fix regression in httpslib.ProxyHTTPSConnection, by Miloslav Trmac > > -- > Heikki Toivonen - http://heikkitoivonen.net > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hjtoi at COMCAST.NET Fri Aug 28 01:48:44 2009 From: hjtoi at COMCAST.NET (Heikki Toivonen) Date: Thu, 27 Aug 2009 16:48:44 -0700 Subject: [PYTHON-CRYPTO] ANN: M2Crypto 0.20.1 In-Reply-To: References: <4A9719D8.9070908@osafoundation.org> Message-ID: <4A971B5C.2020602@comcast.net> > Can you say a bit more about the 'regression' ? I botched a fix to httplib which resulted in undefined local variable. If you haven't hit that undefined variable, you probably won't need the 0.20.1 release. Sorry for not providing more details in the announcement. -- Heikki Toivonen - http://heikkitoivonen.net