2

I'm using pycrypto to encrypt files that will be stored in the cloud. I expect the user to enter a password to decrypt files, but encryption shouldn't require a password (to allow the script to be run by cron). So therefore I've been looking at public key encryption using RSA under the PKCS1_OAEP cipher.

I can see how to encrypt a file using pycrypto, but is there a pre-existing method to perform authenticated encryption, or am I expected to implement that myself? There's a parameter to pass a hashing algorithm to Crypto.Cipher.PKCS1_OAEP.new(), but will this be used to sign encrypted data?

Similarly to verify before decryption, is this all built into the decrypt() method?

Note: I don't have any particular attachment to pycrypto - if another python crypto library provides an authenticated encryption scheme, please suggest that instead.

Thanks

Andrew
  • 43
  • 1
  • 4
  • Maybe I'll just switch to python-gnupg: http://packages.python.org/python-gnupg/#using-signing-and-encryption-together – Andrew Jan 23 '13 at 16:09

1 Answers1

0

PGP (python-gnupg) really sounds like the way you want to go.

Public key crypto is messy because the actual asymmetric cipher is only used to encrypt a one-time session key, which is then used with symmetric crypto (e.g. AES) to encrypt your files. Managing all of that manually would be a headache. But PGP already has all of the details worked out, you just have to call the appropriate functions.

Plus, you have pre-built CLI tools (gpg) to allow you to work with messages outside your app.

tylerl
  • 82,225
  • 25
  • 148
  • 226