[Cryptography-dev] "Streaming" APIs

Donald Stufft donald at stufft.io
Sat Sep 14 22:05:58 CEST 2013 

If we created an encryption context object we could do

BlockCipher.encryptor() = EncryptionContext()  # Has the .update() + .finalize() api
BlockCipher.iter_encrypti() = Iter based API, uses BlockCipher.encryptor() internally
BlockCipher.encrypt() = solid string only based API, uses iter_encrypt() internally

I had thought about this but I ended up not bothering because the mental overhead
of giving users an EncryptionContext didn't see worth it over just passing a list.


On Sep 14, 2013, at 3:59 PM, Alex Gaynor <alex.gaynor at gmail.com> wrote:

> I guess my other concern is that: Say you have 3 strings you want to put into an encrypted blob, there's no longer a way to do that without constructing a list or something encrypt([a, b, c]) works, but seems unnatural.
> 
> Alex
> 
> 
> On Sat, Sep 14, 2013 at 12:58 PM, Donald Stufft <donald at stufft.io> wrote:
> Yea I wasn't a huge fan of the name, I stole it from iterkeys() and I couldn't think of anything better :[
> 
> On Sep 14, 2013, at 3:27 PM, Alex Gaynor <alex.gaynor at gmail.com> wrote:
> 
>> So I've thoguht about this some, I think the idea of using iterables in the API makes a ton of sense, but somehow the `x` and `iter_x` names don't sit right with me, does anyone have any better suggestions?
>> 
>> Alex
>> 
>> 
>> On Wed, Sep 11, 2013 at 7:19 PM, Donald Stufft <donald at stufft.io> wrote:
>> So one thing that's really handy to do with encryption is to be able to (de|en)crypt things without needing to load the entire thing into memory. Currently we support this in the encrypt API by doing:
>> 
>> cipher = BlockCipher()
>> 
>> enciphered = cipher.encrypt(block1)
>> enciphered += cipher.encrypt(block2)
>> enciphered += cipher.encrypt(block3)
>> enciphered += cipher.finalize()
>> 
>> We needed to do this because we need to be able to call finalize() before the encryption is "done".
>> 
>> When I was messing with padding I ended up with an API that (for padding) got around the need for an explicit finalize step but instead it required passing the entire data stream into the function. However it supports generators/iterators so you can still efficiently process large datasets.
>> 
>> This api looks something like
>> 
>> padder = Padding()
>> 
>> padded1 = "".join(padder.pad("1234"))
>> padded2 = "".join(padder.pad(c for c in "1234"))
>> 
>> However the downside of this API is that You need to call "".join() to get actual strings or you need to do some ugly hacks inside of the pad() function so it returns a string if given a string and returns a generator if given a generator.
>> 
>> A third option is similar to dictionaries on Python 2.x where you have something like iterpad() and pad(). This could work for encryption as well so we'd have iter_encrypt(), iter_decrypt(), encrypt() and decrypt().
>> 
>> So I guess the question is how do we want to handle these streaming sorts of APIs?
>> 
>> 1) Thing.action() + Thing.finalize()
>> 2a) "".join(Thing.action(iterator))
>> 2b) Thing.action(terator OR string) - Magic return types
>> 3) Thing.action and Thing.iter_action
>> 4) ????
>> 
>> -----------------
>> Donald Stufft
>> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
>> 
>> 
>> _______________________________________________
>> Cryptography-dev mailing list
>> Cryptography-dev at python.org
>> https://mail.python.org/mailman/listinfo/cryptography-dev
>> 
>> 
>> 
>> 
>> -- 
>> "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
>> "The people's good is the highest law." -- Cicero
>> GPG Key fingerprint: 125F 5C67 DFE9 4084
>> _______________________________________________
>> Cryptography-dev mailing list
>> Cryptography-dev at python.org
>> https://mail.python.org/mailman/listinfo/cryptography-dev
> 
> 
> -----------------
> Donald Stufft
> PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
> 
> 
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
> 
> 
> 
> 
> -- 
> "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
> "The people's good is the highest law." -- Cicero
> GPG Key fingerprint: 125F 5C67 DFE9 4084
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev at python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev


-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20130914/bc097012/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20130914/bc097012/attachment.sig>

More information about the Cryptography-dev mailing list