Compatibility with PyCrypto
PyCryptodome exposes almost the same API as the old PyCrypto so that most applications will run unmodified. However, a very few breaks in compatibility had to be introduced for those parts of the API that represented a security hazard or that were too hard to maintain.
Specifically, for public key cryptography:
The following methods from public key objects (RSA, DSA, ElGamal) have been removed:
Applications should be updated to use instead:
Method: :meth:`generate` for public key modules does not accept the
The 3 public key object types (RSA, DSA, ElGamal) are now unpickable. You must use the :meth:`export_key` method of each key object and select a good output format: for private keys that means a good password-based encryption scheme.
Crypto.PublicKey.RSA.RSAImplementation(which should have been private in the first place). Same for
For symmetric key cryptography:
- Symmetric ciphers do not have ECB as default mode anymore. ECB is not semantically secure
and it exposes correlation across blocks.
An expression like
AES.new(key)will now fail. If ECB is the desired mode, one has to explicitly use
- :mod:`Crypto.Cipher.DES3` does not allow keys that degenerate to Single DES.
- Parameter :data:`segment_size` cannot be 0 for the CFB mode.
overflowcannot be passed anymore to :mod:`Crypto.Util.Counter.new`. Parameter :data:`allow_wraparound` is ignored (counter block wraparound will always be checked).
- The :data:`counter` parameter of a CTR mode cipher must be generated via :mod:`Crypto.Util.Counter`. It cannot be a generic callable anymore.
- Keys for :mod:`Crypto.Cipher.ARC2`, :mod:`Crypto.Cipher.ARC4` and :mod:`Crypto.Cipher.Blowfish` must be at least 40 bits long (still very weak).
The following packages, modules and functions have been removed:
Crypto.Random.randpool. You should use :mod:`Crypto.Random` only.
Crypto.Cipher.XOR. If you just want to XOR data, use :mod:`Crypto.Util.strxor`.
Crypto.Hash.new. Use :func:`Crypto.Hash.<algorithm>.new` instead.
- Support for any Python version older than 2.6 is dropped.