I want to encrypt the session key using the public key. How does the PGP software do this? Can somebody specify the procedure or function of encryption in Python?
1
-
Are you sure you need public-key (asymmetric) encryption? Except for cases when you need to publicly share session key between several sites/applications, symmetric (like AES or Serpent) encryption should be better.drdaeman– drdaeman2009-07-10 20:29:09 +00:00Commented Jul 10, 2009 at 20:29
Add a comment
|
3 Answers
There's also the PyCrypto module that looks exactly like what you are looking for: http://www.dlitz.net/software/pycrypto/ the API docs are here: http://www.dlitz.net/software/pycrypto/apidoc/ and some nice docs with basic examples of encrypting/decrypting here: http://www.dlitz.net/software/pycrypto/doc/.
I'll confess I haven't used this module, but it seems like you would establish a session with a public key, then use that to encrypt/decrypt the channel with a Crypto.PublicKey object. Then do the usual activity of generating a session key, communicating that over whatever channel you have. Finally, switch the channel to a Crypto.Cipher object using the session key.
Also, be sure to be very, very careful about how you obtain the value for your session key if security is a real concern, particularly on multiuser or only partially trusted machine.
Comments
See What is the best/easiest to use encryption library in python, which mentions a PGP-compatible solution, gpgme.
For reasons I ignore, nobody in How to do PGP in Python (generate keys, encrypt/decrypt) mentioned gpgme...
