-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crytography library #41
Comments
I would be interested in supporting cryptography if it is installed. We have an open PR (#39) to do something similar for elliptic curve signatures. It will take some work to support cryptography, as well as dynamically determining which library to use. Additionally, the unit tests will need to be run against each crypto library. I would like to avoid having to manually register the crypto library manually and instead opting for dynamically determining which libraries are installed. |
I guess you could hide the crypto library away in the core code with an abstraction that has the required API, e.g. close to the PyCrypto one to make it easier. Then users could either set a config to use the library of their choice or it defaults to something like:
and then the abstraction does magic to map the right crypto library functions onto its API. |
That is the general idea. We will also need to work through how dependencies are managed in setup.py, as well as what happens with no suitable library is installed. |
Hi, +1 for this one. PyCrypto does not install easily on Py3.6 on Windows. Moreover, PyCrypto is not supposed to be compatible with > 3.3, this becomes to be difficult with more and more Py3 :( |
pycryptodome is a supported, drop-in replacement for PyCrypto, it might make sense to use that. |
any reason why |
It is still a requirement to support That said, it would certainly be possible to support |
Same here developing on windows. The guys at pycryptodome are active. https://github.com/Legrandin/pycryptodome |
Pycryptodome works with any python as far as I know, it is simply not enabled or preferred. Installing pycryptodome instead of pycrypto should just work, since they're API compatible. Installing python-jose will probably still fail if you don't change manually change the setup.py, since pycrypto is listed as a dependency. |
Right. I forked python-jose and swapped pycrypto out for pycryptodome this weekend. It works fine. |
@mpdavis - Definitely should make this happen to help people avoid CVE-2013-7459 |
What is the status of this issue? |
@melutovich The cryptography library is supported and the recommended default. In order to use it, you would install with that option.
|
I ended up here because of PyJWT but I also needed jwk stuff. I noticed PyJWT uses cryptography for some algorithm support. I guess Google App Engine requires PyCrypto as you mention but perhaps python-jose should also support cryptography. For example pycrypto hasn't had a commit in 2 years whereas cryptography repository is active.
Just a thought! I might be interested in pitching in as well.
The text was updated successfully, but these errors were encountered: