[pyOpenSSL] AES and RSA APIs (was Re: [ANN] pyOpenSSL 0.10)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 13 Nov, 09:09 pm, mc...@re... wrote:
>Dne 13.11.2009 18:23, ex...@tw... napsal(a):
>>pyOpenSSL 0.10 exposes several more OpenSSL APIs, including support 
>>for
>>running TLS connections over in-memory BIOs, access to the OpenSSL
>>random number generator, the ability to pass subject and issuer
>>parameters when creating an X509Extension instance, more control over
>>PKCS12 creation and an API for exporting PKCS12 objects, and APIs for
>>controlling the client CA list servers send to clients.
>
>Is there a hope that we could get ever exported AES and RSA from
>openSSL. I am interested in gajim (PyGtk XMPP client) which currently
>uses for these two algorithms (and now only for them, the rest of
>security is done through pyOpenSSL or native python methods)
>python-crypto which contains its own C-implementations of AES and RSA. 
>I
>hate this independent (and I would expect not much tested and
>maintained, certainly in comparison with openSSL library) solution.

>There seems to me two solutions to this problem: a) to persuade you (or
>somebody, I am not a C programmer) to implement bindings for these two
>algorithms in pyOpenSSL, b) port whole gajim to m2crypto, which IIRC 
>has
>also only bindings for openSSL (not its own implementations). Of 
>course,
>I would prefer the first solution.
>
>Is there a hope?

This is certainly not something I'd rule out for pyOpenSSL.  It's just a 
question of who will implement it and when.

I was also recently reminded of a set of outstanding changes by David 
Crindland.  I know these changes include some kind of crypto-related 
enhancements, but I still haven't looked at the patches closely enough 
to know exactly what.  I'm going to try to get these integrated for 
0.11.  This is still probably a non-trivial undertaking, as I don't 
think the patches include much in the way of automated test coverage.

I've recently become available for contract work.  If this is something 
you'd like expedited and have a budget for doing so, perhaps we can work 
something out.  Feel free to contact me off-list about that.  Also, 
several other people have been active in pyOpenSSL development recently. 
I'm not sure if any of them are available for this sort of work, but 
it's possible, and I don't want anyone to think that I'm the only person 
who could be paid for pyOpenSSL development. :)  I'll happily 
incorporate work done by anyone, so long as it meets the quality 
standards I've been trying to enforce since I took over maintainership.

Jean-Paul