[python-crypto] Add AES to amkCrypto?

M.-A. Lemburg mal at lemburg.com
Wed Jan 31 22:58:33 CET 2001 

Bryan Olson wrote:
> 
> Marc-Andre Lemburg wrote:
> > The API designed by Andrew Kuchling is the defacto standard
> > for interfacing to crypto algorithms in Python. His pycrypt
> > library has been around for many years and suits the task very well.
> 
> > There's really no need to design yet another API...
> 
> I disagree.  The amkCrypto interface is terrible, and especially
> for block cipher modes of operation.  It defines a source-code
> template to wrap around every block cipher at compile time to
> provide the modes for that one cipher.

Huh ? The mode is a parameter of cipher constructors. What do you
mean with "source-code template" ?

mxCrypto (which is part of amkCrypto) does some switching on 
the mode parameter since OpenSSL has different APIs for each mode,
but this is not exposed at Python level.
 
> NIST is holding workshops on modes of operation, and will
> probably define new ones along with the AES.  Modes and
> ciphers should be interchangeable, and we should be able to
> write each in either Python or an extension (and have it work
> with the others of course).

I think this is what "PC Drew" (what's your real name, BTW ?)
had in mind with his higherlevel API.

An codec style interface would also be nice to have. Streams
could then easily be encoded and decoded on-the-fly.

> > As for integrating AES into amkCrypto, I think the best way is
> > to wait until OpenSLL has support for it and then integrate
> > that support into amkCrypto.
> 
> OpenSSL is centered on one cryptographic protocol.  I'd like
> to see the basic AES cipher, without any modes, in the
> standard Python distribution.  Recent changes in export law
> allow free software to include strong encryption.  We should
> also get SHA-256, SHA-384 and SHA-512 into the standard
> distribution.

OpenSSL is many things: its a collection of very fast cipher,
hash and public key algorithms as well as an implementation of 
various binary serialization standards for keys, certificates,
etc. plus some various other things.  The SSL implementation 
sits on top of these.

The goal of mxCrypto was to expose the lower-level parts of
OpenSSL to be able to implement other cryptograhpic protocols.

m2Crypto is aiming at exposing the higher level to Python.

Note that even though we could add a strong cipher to the
Python distribution, this would probably not do any good: some
countries do not allow to *import* and use strong cryptographic
code. Python would no longer be downloadable for people living
in these countries.

-- 
Marc-Andre Lemburg
______________________________________________________________________
Company:                                        http://www.egenix.com/
Consulting:                                    http://www.lemburg.com/
Python Pages:                           http://www.lemburg.com/python/

------------------------ Yahoo! Groups Sponsor ---------------------~-~>
eGroups is now Yahoo! Groups
Click here for more details
http://click.egroups.com/1/11231/1/_/22498/_/980979298/
---------------------------------------------------------------------_->

More information about the python-crypto mailing list