[Cryptography-dev] Low level API for Symmetric Encryption
Donald Stufft
donald at stufft.io
Thu Aug 8 01:12:46 CEST 2013
On Aug 7, 2013, at 6:32 PM, Jean-Paul Calderone <jean-paul at hybridcluster.com> wrote:
> On 08/07/2013 06:16 PM, Donald Stufft wrote:
>> So to kick things off I'd like to get AES-GCM exposed and figured it could be a good way to start the ball rolling for figuring out how we want to expose symmetric ciphers at the low level API.
>>
>> I'm thinking cryptography.primitives.aes which has classes named like AES128GCM, AES256CBC, etc. The obvious naming scheme being AlgorithmKeysizeMode.
>>
>>
>
> GCM (CBC, etc) is a mode of operation that is applicable to arbitrary
> block ciphers.
>
> Why should it be tied to "AES128"? Why wouldn't you GCM(AES128())? If
> you're talking about primitives, AES128 is more primitive than GCM on
> AES128. And GCM isn't specific to AES, so I don't see
> cryptography.primitives.aes as the proper home for it.
>
> I hope these aren't questions with highly obvious answers.
As far as I know (and I could be wrong? I don't know OpenSSL guts that well) OpenSSL doesn't do composition like that, in order to get AES-128-GCM you pass that in.
Is there a way to access openssl where you're composing GCM with AES128? If not I think we'd be stuck do some sort of "combine variables of the classes AES128 and GCM to make the name AES-128-GCM to pass into openssl" thing which doesn't feel particularly clean to me?
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20130807/151dba28/attachment.pgp>
More information about the Cryptography-dev
mailing list