search

wohaph / keyczar

Automatically exported from code.google.com/p/keyczar
0 stars 0 forks source link

Code Review Request: Python signed session encryption #88

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
This branch adds session encryption, attached signatures and signed session 
encryption to the Python version of Keyczar.  It is divided into several small 
commits for easier reviewing:

Make non-support for AES modes other than CBC more explicit: 
http://code.google.com/p/keyczar/source/detail?r=04a132c335fe9b578675c20a4b10370
56001c344

Add session encryption:
http://code.google.com/p/keyczar/source/detail?r=b472298d9f9d778500a9e05c6461fce
1451ae4b2

Small signing/verification refactoring, to make adding attached signatures easy:
http://code.google.com/p/keyczar/source/detail?r=0e92cd264637c35ab801a34c92e5148
36fea9130

Add attached signature support:
http://code.google.com/p/keyczar/source/detail?r=54a733fc1221c75f6a62ad77b4af157
46b5f6fef

Add signed session encryption:
http://code.google.com/p/keyczar/source/detail?r=59dc9f784fe4e864a726fb5ca4cfe65
f0a94fcb5

Original issue reported on code.google.com by swillden@google.com on 2 Dec 2011 at 5:34

GoogleCodeExporter commented 9 years ago 
Three more commits on this branch.  The third was the motivation; the first two 
were to make it easy to implement (nicely).

Renamed Encode and Decode to Base64WSEncode and Base64WSDecode, respectively:
http://code.google.com/p/keyczar/source/detail?r=d7e1f7ec8164561cdd5643790f55ff3
8a5071bf0

Made Base64 encoding optional for encryption and decryption, as it is for the 
other languages.  It still defaults to encoding during encryption and decoding 
during decryption, but this can be turned off with an argument now (thanks to 
rleftwich for this very clean approach):
http://code.google.com/p/keyczar/source/detail?r=d71d93c5cd062f2c9b680f924878b79
8fd1f42e9

With those in place, this fix to signed session encryption makes the Python 
implementation actually compatible with the Java and C++ versions.  It was 
incompatible because it was Base64 encoding before signing (because the Python 
code *always* encoded), and Java and C++ just sign the raw ciphertext:
http://code.google.com/p/keyczar/source/detail?r=974885e7bb7b59429adff5d54974fba
bf8ff178d

Original comment by swillden@google.com on 4 Dec 2011 at 5:47

GoogleCodeExporter commented 9 years ago 
One more commit.  This is just some small cleanups in response to a code review 
from rleftwich (thanks!):

http://code.google.com/p/keyczar/source/detail?r=db2b9c36d875bdf0c4e49ea0d76d294
8ec061560

Original comment by swillden@google.com on 4 Dec 2011 at 5:48

GoogleCodeExporter commented 9 years ago 
The change for this is done now.

Original comment by swillden@google.com on 31 Jan 2012 at 5:02