mattrunchey
commented
4 years ago Actually, it looks like pycryptodome is a drop-in replacement. Also, we don't actually have Crypto listed as a required package for normal use and instead just call out in the readme to install it if you wish to use that encryption.
It looks like we can install the direct overlay and use the same functions, or install pycryptodomex to use the new API (functions would be under Cryptodome instead of Crypto) - https://github.com/Legrandin/pycryptodome
We actually already use that package in our testing suites, but the README is outdated.
It seems to have trouble installing on my system, and the project has been dead for quite a while and is exploitable. We should pick a new crypto library to use. https://github.com/dlitz/pycrypto/issues/287
It doesn't appear that we actually use it very heavily -- it's mentioned in working with encrypted device data (https://github.com/iotile/coretools/blob/3df8511941b7f22b0d255db7358f19e8b001a9b0/README.md#working-with-encrypted-device-data) and present in a single import (https://github.com/iotile/coretools/blob/8050a048b4048a82914f0f980e791e32dc6d0db4/iotilecore/iotile/core/hw/auth/env_auth_provider.py#L175) so moving over should be easy.