what python package for rsa algorithm

views:

124

answers:

+2 Q:

what python package for rsa algorithm

hey crypto experts,

looking to do RSA encryption on a short string in python. This is for a piece of user data that I want to store without staff (incl myself) being able to see it. The private key will be on a thumbdrive in my safety deposit box for when we get subpoenaed.

my question: is there a 'probably correct' python package for asymmetric-key RSA? Will I be safer to use a C library (if so which one).

+2 A:

PyCrypto

Barry Wark 2010-08-29 20:12:30

pycrypto doesn't take code from americans.

amwinter 2010-08-29 20:42:33

Did you want to contribute to it, or use it?

GregS 2010-08-29 21:00:38

@gregs I want it to be secure and borrow C code from proven projects

amwinter 2010-08-29 21:10:44

@amwinter: no can tell you for sure it is secure, that you'll have to decide that for yourself. PyCrypto has a track record, so perhaps that will satisfy you.

GregS 2010-08-29 21:19:19

Wow, this is a truely sad day for Stackoverflow. Two rather good crypto libraries have been out-voted by pycrypto, which is one of the worst library in existence. (I.e. pycrypto suffers from incompletness, lack of paddings and a horrible interface)

Accipitridae 2010-09-07 22:08:37

@Accipitridae No, this is a great day for Stackoverflow. The purpose of the site is to build all of our knowledge. You seem to know quite a bit about crypto. Please enlighten us about the advantages and disadvantages of each package (a separate answer is probably most appropriate).

Barry Wark 2010-09-07 23:22:16

@Barry Wark, a library that does not use any padding scheme for RSA in 2010 should already scare anyone away. For an attack against DSA if used as described by the authors see this http://stackoverflow.com/questions/2729468/dsa-module-in-python/2751268#2751268. Stackoverflow can point to relevant material, but itself doesn't build the knowledge of the reader. There are too many answers that are just plain guesses.

Accipitridae 2010-09-14 18:22:52

you guys sound smart, I'm switching my answer to gpg

amwinter 2010-10-04 02:10:31

+1 A:

pycryptopp

unutbu 2010-08-29 21:22:40

+1 A:

Encryption of short strings with RSA can be problematic. There are certain pieces of data you can encrypt with RSA that reveal details about your private key. In your case it will probably be fine since it will be obscure enough your staff won't figure it out. But in the general case, with a knowledgeable and/or well-funded adversary, you do not want to use RSA to directly encrypt data if you want that data to be kept secret.

I would recommend just using gnupg instead. It's solved all those problems for you.

Omnifarious 2010-08-30 01:07:30

are you talking about common modulus attack?

amwinter 2010-08-30 04:27:56

@amwinter - If the value is too small and the exponent is also small (which is generally the case) then it's possible to trivially take the root of the result to get the original message. That doesn't reveal anything about the private key, but it does render the encryption useless. There is another attack that does reveal information about the private key, but I can't remember its name, so you might be right. There is also a chosen plaintext attack on signing, which is why you always sign hashes.

Omnifarious 2010-08-30 04:35:52

@amwinter - I looked it up. I'm actually talking about attacks related to low encryption exponents. One way of solving the low encryption exponent problem is to send messages shorter than the maximum size and pad them with lots of random data, which is exactly what gnupg does when it encrypts the symmetric key used for doing the actual encryption.

Omnifarious 2010-08-30 04:44:38

@amwinter: Just use the standard PKCS#1 padding.

GregS 2010-08-30 11:24:35

@GregS - The 'standard PKCS#1 padding` is really complicated. Just use a tool that does it already.

Omnifarious 2010-08-30 11:28:55

ansaurus

tags:

views:

answers:

what python package for rsa algorithm

related questions