Deprecated CAT5, IDEA, Bowlfish algorithms

[krishnasarch]

Python version 3.10.5 PGPy version 0.5.4 cryptography version 37.0.2

import pgpy
from pgpy.constants import PubKeyAlgorithm, KeyFlags, HashAlgorithm, SymmetricKeyAlgorithm, CompressionAlgorithm

key = pgpy.PGPKey.new(PubKeyAlgorithm.RSAEncryptOrSign, 1024)

uid = pgpy.PGPUID.new('')

key.add_uid(uid, usage={KeyFlags.Sign, KeyFlags.EncryptCommunications, KeyFlags.EncryptStorage},
            hashes=[HashAlgorithm.SHA256, HashAlgorithm.SHA384, HashAlgorithm.SHA512, HashAlgorithm.SHA224],
            ciphers=[SymmetricKeyAlgorithm.AES256, SymmetricKeyAlgorithm.AES192, SymmetricKeyAlgorithm.AES128],
            compression=[CompressionAlgorithm.ZLIB, CompressionAlgorithm.BZ2, CompressionAlgorithm.ZIP, CompressionAlgorithm.Uncompressed])

PRIV_KEY = key 
PUB_KEY = key.pubkey

with open("hello.txt") as file:
    text = file.read()

encrypted_text = PUB_KEY.encrypt(pgpy.PGPMessage.new(text))

with open("out.txt", 'w') as file:
    file.write(str(encrypted_text))

Getting the desired output but there are Deprecation warnings in the terminal

/home/krishna/.local/lib/python3.10/site-packages/pgpy/constants.py:189: CryptographyDeprecationWarning: IDEA has been deprecated
  bs = {SymmetricKeyAlgorithm.IDEA: algorithms.IDEA,
/home/krishna/.local/lib/python3.10/site-packages/pgpy/constants.py:191: CryptographyDeprecationWarning: CAST5 has been deprecated
  SymmetricKeyAlgorithm.CAST5: algorithms.CAST5,
/home/krishna/.local/lib/python3.10/site-packages/pgpy/constants.py:192: CryptographyDeprecationWarning: Blowfish has been deprecated
  SymmetricKeyAlgorithm.Blowfish: algorithms.Blowfish,

According to Cryptography.io's Changelog of version 37.0.0 they've deprecated CAT5, IDEA, Bowlfish algorithms.

[bendavidnoam]

Will there be an upgrade to PGPy that gets rid use of these algorithms that are being deprecated by Cryptography?

[bendavidnoam]

@Commod0re now that this package is active again - will there be any movement toward dropping use of these deprecated algorithms from Cryptography?

[louis-burgiss]

Hi, Any update on this?

[bendavidnoam]

Any update here? This was not fixed with the 0.6.0 release.

[sshishov]

We are also waiting for the update

[ghost]

Warnings can be turned off. Please try the following code:

import warnings

warnings.filterwarnings('ignore', '.*deprecated.*',)

[sshishov]

@pic2debug , Unfortunately instead of fixing deprecation and see what is deprecating, you propose to just ignore all deprecation warnings?

On the fast-paced projects people usually do not ignore warnings but fix the deprecation instead to make sure that they are ready to the next upgrade when the package upgraded. These warnings are not harmful for the app, therefore why we should "hide" them?

But anyways, @pic2debug , thanks for you input, maybe for someone it will be useful!

[ckcollab]

This is my fix for now, not great, but at least it stops spamming output!

import warnings
from cryptography.utils import CryptographyDeprecationWarning

warnings.filterwarnings("ignore", category=CryptographyDeprecationWarning, module="pgpy")

[sshishov]

If this project is not maintained, then at some point in time we will have to switch to something else... After cryptography 45.0.0 these warning will become errors and the project will be unusable.

That's why we are trying to reach the maintainers to either fix the issue and release new version, or add someone from active people to maintainers.

NOTE: we are currently at cryptography==43.0.0 already ❗

[ronkorving]

To the SecurityInnovation team:

We understand that priorities change, that you can't keep maintaining something you yourselves may no longer use. Such is life. In a situation like that, please open the door for maintainers to apply so they can get the job done instead. Thank you.

[aserron]

@Commod0re I would like to contribute with a fix to this issue, can you indicate me how to proceed?