Verifying the integrity/lineage of a file
Peter Pearson
pkpearson at nowhere.invalid
Sat Sep 1 13:43:58 EDT 2018
On Fri, 31 Aug 2018 12:51:58 -0600, Malcolm Greene <python at bdurham.com> wrote:
> Thanks for the replies! I'm going to investigate the use of
> python-gnupg which is a Python wrapper for the GPG command line
> utility. This library is based on gpg.py written by Andrew Kuchling.
> I'm all ears if f anyone has any alternative recommendations or
> python-gnupg tips to share. BTW: Target clients are running under
> Windows and Linux.
Writing your own crypto software is fraught with peril, and that
includes using existing libraries. If you don't expect your system
to get serious attention from a competent adversary, then fine, go
ahead. No ... not even that. If you're _quite_confident_ that
your system will never get serious attention ... go ahead. But
if you think your system might someday be attacked by an adversary
who will exploit insufficiently unguessable nonces, or accidental nonce
re-use, or swap-space images of your executing code, or side channels,
or any of the other hundreds of issues that have left the history
of cryptography so entertainingly littered with the bodies of brilliant
aspirants, . . . then use a much-studied, time-tested product.
Don't take my word for it (retired cryptologist), ask any reputable
cryptologist. Or ask on the sci.crypt newsgroup; they need some
traffic.
--
To email me, substitute nowhere->runbox, invalid->com.
More information about the Python-list
mailing list