[pycrypto] Pycrypto question.

Tue May 4 13:00:39 CST 2010

Hi jd,

some time ago I wrote a small module which provided me with a API that suited me better than that of PyCrypto.
I attached a slightly modified version of it. I also added a short example to the end of it. I hope you can find the 
information you want in there.

Concerning the documentation: I agree, it could be improved. I think you were looking for this [1].

Concerning the import of externally generated keys: I think this came up before on the list or bug tracker.
AFAIK, it is not directly supported by PyCrypto. However, you can create a key pair from a tuple of numbers
(for example the public and private exponent and the modulus). This is done with construct function [2].
You just have to find a way to get to those numbers of your externally generated keys.

I probably should also point out that the usage of RandomPool is strongly discouraged [3] and that there is a Random 
module in PyCrypto-2.1 that you should use instead.

sincerely yours
//Lorenz

[1] http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.pubkey.pubkey-class.html
[2] http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html
[3] http://lists.dlitz.net/pipermail/pycrypto/2008q3/000000.html

On 05/04/2010 07:04 PM, jd wrote:
> Thanks for the response.(Sorry ..for late response. Somehow this went in to my spam folder.)
>
> Yes, I indeed want to use private key to encrypt (oops.. sign) and decrypt (verify) using public/private key pairs.
>
>
> Would anyone point to the example usage/pseudo code that I can try out.
>
> Didnt find method details over here.
> http://www.dlitz.net/software/pycrypto/apidoc/Crypto.PublicKey.RSA-module.html
>
> I am assuming that the intent is clear from the example.
> Some Text ===>  Encrypt (optionally) sign (using private key) ===>  encrypted message
> encrypted message ==>  (optionally) Verify and decrypt (using public key) ==>  original message (Some Text)
>
> Also, would appreciate if instead of generating keys as in sample program, is there a way to use publick/private keys used by ssh-keygen -t rsa.
>
> Help is much appreciated.
> Thanks
>
>
>
>
> /Jd
>
>
> --- On Sun, 5/2/10, Lorenz Quack<don at amberfisharts.com>  wrote:
>
>> From: Lorenz Quack<don at amberfisharts.com>
>> Subject: Re: [pycrypto] Pycrypto question.
>> To: "PyCrypto discussion list"<pycrypto at lists.dlitz.net>
>> Date: Sunday, May 2, 2010, 1:52 PM
>> On 05/02/2010 10:36 PM, Glenn
>> Linderman wrote:
>>> On 5/2/2010 1:13 PM, Lorenz Quack wrote:
>>>> Hi Jd,
>>>>
>>>> On 05/02/2010 10:02 PM, jd wrote:
>>>>
>>>>> Hi everyone,
>>>>>
>>>>> I am trying to implement a simple pub/private
>> key scheme. Want to encrypt bunch of things and decrypt it
>> using public
>>>>> key (which will be distributed).
>>>>>
>>>> You seem to have some misconceptions about how
>> public key cryptography works.
>>>> I suggest you (re-)read up on it. Wikipedia will
>> probably cover the basics.
>>>> For starters, by definition you use the *public*
>> key for encrypt and the privat one for decryption.
>>>>
>>>
>>> Indeed, Wikipedia has an article. And in the first
>> paragraph [1] they
>>> describe one use case for encrypting by public key,
>> and decrypting by
>>> private key, and another use case for encrypting by
>> private key, and
>>> decrypting by public key. It might be appropriate to
>> figure out what use
>>> case the OP has before declaring definitions for a
>> particular use case.
>>> Now as far as what the APIs are called, that might be
>> a different story :)
>>>
>>> [1] *Public-key cryptography* is a cryptographic
>>> <http://en.wikipedia.org/wiki/Cryptography>  approach
>> which involves the
>>> use of asymmetric key algorithms instead of or in
>> addition to symmetric
>>> key algorithms<http://en.wikipedia.org/wiki/Symmetric_key_algorithm>.
>>> Unlike symmetric key algorithms, it does not require a
>> secure
>>> <http://en.wikipedia.org/wiki/Secure_channel>  initial
>> exchange
>>> <http://en.wikipedia.org/wiki/Key_exchange>  of one or
>> more secret keys
>>> <http://en.wikipedia.org/wiki/Secret_key>  to both
>> sender and receiver.
>>> The asymmetric key algorithms are used to create a
>> mathematically
>>> related key pair: a secret private key and a published
>> public key. Use
>>> of these keys allows protection of the authenticity
>>> <http://en.wikipedia.org/wiki/Authenticity>  of a
>> message by creating a
>>> digital signature<http://en.wikipedia.org/wiki/Digital_signature>  of
>> a
>>> message using the private key, which can be verified
>> using the public
>>> key. It also allows protection of the confidentiality
>>> <http://en.wikipedia.org/wiki/Confidentiality>  and
>> integrity
>>> <http://en.wikipedia.org/wiki/Integrity>  of a
>> message, by public key
>>> encryption<http://en.wikipedia.org/wiki/Encryption>, encrypting
>> the
>>> message using the public key, which can only be
>> decrypted using the
>>> private key.
>>>
>>
>> Granted "definition" may have been a poor choice of word.
>> But AFAIK the use case of "encrypting" via the private key
>> is generally called signing.
>> So I assumed that the OP had the wrong idea about how the
>> scheme is used because he didn't
>> use the generally accept terminology. If that was
>> presumptuous I hereby apologize.
>>
>> So, to come back to the OPs question:
>> if you use a RSA key to encrypt a message like you did in
>> your example internally it uses the public
>> part of the key pair for encryption. you would then have to
>> use the private part to decypt it.
>> If on the other hand you really want to encrypt with the
>> private part and decrypt with the public part
>> then know that this is usually refered to as signing and
>> verifying (verification?).
>> There is also and API for this in PyCrypto.
>>
>> Hope this is clearer and more helpful than my last
>> message.
>>
>> have a nice day
>> //Lorenz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: crypt.py
Type: text/x-python
Size: 3969 bytes
Desc: not available
Url : http://lists.dlitz.net/pipermail/pycrypto/attachments/20100504/d5ad8e25/attachment.py 