python cryptography p7b（Python Cryptography Toolkit）

Design Goals

The Python cryptography toolkit is intended to provide a reliable and

stable base for writing Python programs that require cryptographic

functions.

A central goal has been to provide a simple, consistent interface for

similar classes of algorithms. For example, all block cipher objects

have the same methods and return values, and support the same feedback

modes. Hash functions have a different interface, but it too is

consistent over all the hash functions available. Some of these

interfaces have been codified as Python Enhancement Proposal

documents, as PEP 247, "API for Cryptographic Hash Functions", and

PEP 272, "API for Block Encryption Algorithms".

This is intended to make it easy to replace old algorithms with newer,

more secure ones. If youre given a bit of portably-written Python

code that uses the DES encryption algorithm, you should be able to use

AES instead by simply changing from Crypto.Cipher import DES to

from Crypto.Cipher import AES, and changing all references to

DES.new() to AES.new(). Its also fairly simple to

write your own modules that mimic this interface, thus letting you use

combinations or permutations of algorithms.

Some modules are implemented in C for performance; others are written

in Python for ease of modification. Generally, low-level functions

like ciphers and hash functions are written in C, while less

speed-critical functions have been written in Python. This division

may change in future releases. When speeds are quoted in this

document, they were measured on a 500 MHz Pentium II running Linux.

The exact speeds will obviously vary with different machines,

different compilers, and the phase of the moon, but they provide a

crude basis for comparison. Currently the cryptographic

implementations are acceptably fast, but not spectacularly good. I

welcome any suggestions or patches for faster code.

I have placed the code under no restrictions; you can redistribute the

code freely or commercially, in its original form or with any

modifications you make, subject to whatever local laws may apply in your

jurisdiction. Note that you still have to come to some agreement with

the holders of any patented algorithms youre using. If youre

intensively using these modules, please tell me about it; theres little

incentive for me to work on this package if I dont know of anyone using

it.

I also make no guarantees as to the usefulness, correctness, or legality

of these modules, nor does their inclusion constitute an endorsement of

their effectiveness. Many cryptographic algorithms are patented;

inclusion in this package does not necessarily mean you are allowed to

incorporate them in a product and sell it. Some of these algorithms may

have been cryptanalyzed, and may no longer be secure. While I will

include commentary on the relative security of the algorithms in the

sections entitled "Security Notes", there may be more recent analyses

Im not aware of. (Or maybe Im just clueless.) If youre implementing

an important system, dont just grab things out of a toolbox and put

them together; do some research first. On the other hand, if youre

just interested in keeping your co-workers or your relatives out of your

files, any of the components here could be used.

This document is very much a work in progress. If you have any

questions, comments, complaints, or suggestions, please send them to me.