search

Legrandin / pycryptodome

A self-contained cryptographic library for Python
https://www.pycryptodome.org
Other
2.79k stars 499 forks source link

Implement a high level authenticated symmetric function #57

Open tuxxy opened 7 years ago

tuxxy commented 7 years ago

Alright, so I know that PyCryptodome is a package of low-level cryptographic primitives, but this is my favorite cryptographic library by far to use. Often times I wish there was a high level AES function that used CBC mode with HMAC. The Cryptography.io package implements the Fernet spec and this makes me wonder why we don't do this as well or at least offer a high level implementation of one of these algorithms (like GCM for authenticated encryption).

I believe it would help boost adoption of this library. I'm willing to build the implementation of it if this is something that the maintainers would find useful. Of course, this sort of detracts away from the PyCrypto side of this library, but maybe it's time we added something like this?

If not, I think I will just build a python package that implements a few of these algorithms.

frispete commented 7 years ago

Often times I wish there was a high level AES function that used CBC mode with HMAC.

What's wrong with GCM? Or OCB, if you can cope the the license?

The Cryptography.io package implements the Fernet spec and this makes me wonder why we don't do this as well or at least offer a high level implementation of one of these algorithms (like GCM for authenticated encryption).

Well, again, GCM is available. Have you looked at Fernet? Isn't all this padding and manual HMACing pretty old fashioned, compared to using a proper AEAD mode?

The only true addition is the timestamp handling, but in the weakest possible way: an inclined user can just ignore the timestamp test....

I've considered Fernet in a project, but quickly ran into issues (can't handle streaming modes...).

I believe it would help boost adoption of this library. I'm willing to build the implementation of it if this is something that the maintainers would find useful. Of course, this sort of detracts away from the PyCrypto side of this library, but maybe it's time we added something like this?

Given the reasons above, I don't think, it's adequate for this project (but it's up to Helder to decide).

If not, I think I will just build a python package that implements a few of these algorithms.

What nowadays constitutes a suitable symmetrical encryption scheme is probably based on AES (128) in GCM mode, and Argon2 as KDF, if needed. Apart from timestamp handling and test code, I have done something already, that I can upload in a new project, if you're willing to send PRs... :wink:

tuxxy commented 7 years ago

I think we could probably avoid implementing the KDF part and just implement a fairly simple way to do AES-256 in GCM mode. We'd expect the user to provide a properly derived key, in that case.

tuxxy commented 7 years ago

So, I went ahead and implemented something that does what I am talking about: https://github.com/tuxxy/pycryptex/blob/master/cryptex/cryptex.py

It uses AES in GCM mode and passes in a timestamp as associated data which forces the decryption function to at least obey the ttl which can be ignored (up to the dev) with Fernet.

If no one wants to add anything like this into PyCryptodome (which is fair), then I plan on adding more implementations of these algorithms with PyCryptodome.