Comments on: Crypto Crap in Python http://www.jillesvangurp.com/2008/01/25/crypto-crap-in-python/ Yet another blog Thu, 20 Nov 2008 18:02:26 +0000 http://wordpress.org/?v=abc By: Jilles http://www.jillesvangurp.com/2008/01/25/crypto-crap-in-python/#comment-19801 Jilles Sat, 26 Jan 2008 09:26:25 +0000 http://blog.jillesvangurp.com/2008/01/25/crypto-crap-in-python/#comment-19801 Well Suraj, there's more to life than base64. The problem is that a RSA public key contains several data items that you need to parse once you decode the base64. No rocket science of course but non of the third party python crypto libraries I've tried come with those batteries included (pretty mind boggling since you will need to do this). Each and every one of those will have you dive into the RSA spec and figure out all by yourself what the internals of base64 encoded RSA public keys look like. And Greg, I'm aware of those modules. It would be pretty sad if there wasn't any dom and sax included indeed but there's a bit more to XML processing these days than working with those low level APIs. Personally I hate having to deal with DOM since it is such a clumsy API. If you're used to working with xml in other languages, python feels a little primitive. Regarding the various hash functions, those are useful of course but not enough for what I needed. Regarding http libraries, I'm not impressed with the included batteries. Take proxy handling for example. Simple problem: how to configure python such that it will use a http proxy but not for localhost. Neither urlib or urlib2 seem to get this right. It's all or nothing. Of course you can modify your dozens of calls to these module to include some logic to use or not use a proxy depending on the hostname. Just one little example. Maybe I'm spoiled, or maybe the included batteries are not that great. Well Suraj, there’s more to life than base64. The problem is that a RSA public key contains several data items that you need to parse once you decode the base64. No rocket science of course but non of the third party python crypto libraries I’ve tried come with those batteries included (pretty mind boggling since you will need to do this). Each and every one of those will have you dive into the RSA spec and figure out all by yourself what the internals of base64 encoded RSA public keys look like.

And Greg, I’m aware of those modules. It would be pretty sad if there wasn’t any dom and sax included indeed but there’s a bit more to XML processing these days than working with those low level APIs. Personally I hate having to deal with DOM since it is such a clumsy API. If you’re used to working with xml in other languages, python feels a little primitive. Regarding the various hash functions, those are useful of course but not enough for what I needed.

Regarding http libraries, I’m not impressed with the included batteries. Take proxy handling for example. Simple problem: how to configure python such that it will use a http proxy but not for localhost. Neither urlib or urlib2 seem to get this right. It’s all or nothing. Of course you can modify your dozens of calls to these module to include some logic to use or not use a proxy depending on the hostname. Just one little example.

Maybe I’m spoiled, or maybe the included batteries are not that great.

]]> By: Greg Jorgensen http://www.jillesvangurp.com/2008/01/25/crypto-crap-in-python/#comment-19800 Greg Jorgensen Fri, 25 Jan 2008 21:00:22 +0000 http://blog.jillesvangurp.com/2008/01/25/crypto-crap-in-python/#comment-19800 Spend some time looking at the Python library documentation at: http://docs.python.org/lib/lib.html The book "Python Essential Reference" by David Beazley is also very useful. Some of the "batteries included" modules you might be looking for: xml.dom xml.dom.minidom xml.sax md5 sha hmac base64 Python has so much HTTP stuff I won't list it all but with just the included libraries you get enough HTTP client stuff to rewrite cURL and enough server stuff to write a simple HTTP server in a few lines of code. You also get full socket libraries in case you want to do something more low-level. Read the docs before going off like this! Spend some time looking at the Python library documentation at:

http://docs.python.org/lib/lib.html

The book “Python Essential Reference” by David Beazley is also very useful.

Some of the “batteries included” modules you might be looking for:

xml.dom
xml.dom.minidom
xml.sax
md5
sha
hmac
base64

Python has so much HTTP stuff I won’t list it all but with just the included libraries you get enough HTTP client stuff to rewrite cURL and enough server stuff to write a simple HTTP server in a few lines of code. You also get full socket libraries in case you want to do something more low-level.

Read the docs before going off like this!

]]> By: Suraj Barkale http://www.jillesvangurp.com/2008/01/25/crypto-crap-in-python/#comment-19799 Suraj Barkale Fri, 25 Jan 2008 19:36:17 +0000 http://blog.jillesvangurp.com/2008/01/25/crypto-crap-in-python/#comment-19799 # WTF are you smoking pal? # This is from the standard library >>> import base64 >>> encoded = base64.b64encode('data to be encoded') >>> encoded 'ZGF0YSB0byBiZSBlbmNvZGVk' >>> data = base64.b64decode(encoded) >>> data 'data to be encoded' # WTF are you smoking pal?
# This is from the standard library
>>> import base64
>>> encoded = base64.b64encode(’data to be encoded’)
>>> encoded
‘ZGF0YSB0byBiZSBlbmNvZGVk’
>>> data = base64.b64decode(encoded)
>>> data
‘data to be encoded’

]]>