New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
serializing with pickle #159
Labels
Type: Bug 🐛
Some functionality not working in the codebase as intended
Comments
iamtrask
added
Type: Bug 🐛
Some functionality not working in the codebase as intended
beginner
labels
Aug 19, 2017
@iamtrask I am interested in working on this. How do I start? |
@souravsingh great choice! This is very important functionality!
@hardbyte care to add any color re:security and performance? |
I'd recommend reading the spec that defines JSON Web Keys: RFC 7517 |
If this is still available, I would like to give it a go. |
madhavajay
pushed a commit
that referenced
this issue
Jun 7, 2021
#159) * Added version_tree module to support versioning of arbitrary objects in IPFS * Remove references to VersionTreeNode to play nice with subclasses * Added __str__ and __eq__ methods, along with Jupyter notebook with usage instructions.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Pickle is very powerful, and therefore very dangerous. I would strongly suggest not serializing anything remotely related to crypto with it.
Here is a quick proof of concept to steal a secret being encrypted by altering the public key before serialization. This using the (slightly tweaked) classes from Paillier.py, full code as a gist:
Output (assumed to be on a remote machine):
Instead you could use a standard format such as JWK which will allow interoperability between langauges and be a lot safer.
Also have you seen our paillier keys jwk serialisation docs?
The text was updated successfully, but these errors were encountered: