Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CryptographyDeprecationWarnings with cryptography 2.5 release #1369

Closed
joshsleeper opened this issue Jan 22, 2019 · 12 comments · Fixed by #1379
Closed

CryptographyDeprecationWarnings with cryptography 2.5 release #1369

joshsleeper opened this issue Jan 22, 2019 · 12 comments · Fixed by #1379

Comments

@joshsleeper
Copy link

See the last bullet point here
https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst#25---2019-01-22

The warnings I see launching my app that uses paramiko:

<VENV_LCOATION>/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  m.add_string(self.Q_C.public_numbers().encode_point())
<VENV_LCOATION>/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.curve, Q_S_bytes
<VENV_LCOATION>/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  hm.add_string(self.Q_C.public_numbers().encode_point())

pipenv graph output for package versions

paramiko==2.4.2
  - bcrypt [required: >=3.1.3, installed: 3.1.6]
    - cffi [required: >=1.1, installed: 1.11.5]
      - pycparser [required: Any, installed: 2.19]
    - six [required: >=1.4.1, installed: 1.12.0]
  - cryptography [required: >=1.5, installed: 2.5]
    - asn1crypto [required: >=0.21.0, installed: 0.24.0]
    - cffi [required: >=1.8,!=1.11.3, installed: 1.11.5]
      - pycparser [required: Any, installed: 2.19]
    - six [required: >=1.4.1, installed: 1.12.0]
  - pyasn1 [required: >=0.1.7, installed: 0.4.5]
  - pynacl [required: >=1.0.1, installed: 1.3.0]
    - cffi [required: >=1.4.1, installed: 1.11.5]
      - pycparser [required: Any, installed: 2.19]
    - six [required: Any, installed: 1.12.0]
@jcea
Copy link

jcea commented Jan 23, 2019

Hitting this too:

/usr/local/lib/python3.7/site-packages/paramiko/ecdsakey.py:164: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.ecdsa_curve.curve_class(), pointinfo
/usr/local/lib/python3.7/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  m.add_string(self.Q_C.public_numbers().encode_point())
/usr/local/lib/python3.7/site-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.curve, Q_S_bytes
/usr/local/lib/python3.7/site-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  hm.add_string(self.Q_C.public_numbers().encode_point())

@CamiloDFM
Copy link

Same here:

<venv location>/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py:39: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  m.add_string(self.Q_C.public_numbers().encode_point())
<venv location>/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py:96: CryptographyDeprecationWarning: Support for unsafe construction of public numbers from encoded data will be removed in a future version. Please use EllipticCurvePublicKey.from_encoded_point
  self.curve, Q_S_bytes
<venv location>/lib/python3.6/site-packages/paramiko/kex_ecdh_nist.py:111: CryptographyDeprecationWarning: encode_point has been deprecated on EllipticCurvePublicNumbers and will be removed in a future version. Please use EllipticCurvePublicKey.public_bytes to obtain both compressed and uncompressed point encoding.
  hm.add_string(self.Q_C.public_numbers().encode_point())

This pops up when using the connect method of a paramiko.SSHClient instance. I only passed hostname, username and password to connect.

@joshsleeper
Copy link
Author

I predict that everyone who uses modern Paramiko with updated peer dependencies will have this.

Also, github etiquette tip: if you have the same issue as the original issue post, I would suggest leaving a thumbs up reaction on it rather than a comment sending all subscribers an email that boils down to "me too".

@patrickfish
Copy link

Workaround until a fix is in place: pip install cryptography==2.4.2

Review the cryptography changelog here: https://cryptography.io/en/latest/changelog/

jelmer added a commit to jelmer/breezy that referenced this issue Jan 24, 2019
jaywcarman added a commit to jaywcarman/power-up that referenced this issue Jan 24, 2019
The 'paramiko' python module depends on the 'cryptography' module. There
is a known 'CryptographyDeprecationWarning' problem (see
paramiko/paramiko#1369) that can be resolved
by installing 'cryptography==2.4.2'.
jelmer added a commit to jelmer/breezy that referenced this issue Jan 24, 2019
jelmer added a commit to jelmer/breezy that referenced this issue Jan 25, 2019
@cowlinator
Copy link

cowlinator commented Jan 25, 2019

I think these are all the lines that need to be changed:

numbers = ec.EllipticCurvePublicNumbers.from_encoded_point(

m.add_string(self.Q_C.public_numbers().encode_point())

self.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point(

hm.add_string(self.Q_S.public_numbers().encode_point())

m.add_string(self.Q_S.public_numbers().encode_point())

self.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point(

hm.add_string(self.Q_C.public_numbers().encode_point())

public_key_numbers_obj = ec.EllipticCurvePublicNumbers.from_encoded_point(

obj.Q_S = ec.EllipticCurvePublicNumbers.from_encoded_point(

obj.Q_C = ec.EllipticCurvePublicNumbers.from_encoded_point(

EllipticCurvePublicNumbers.from_encoded_point needs to be replaced with EllipticCurvePublicKey.from_encoded_point.

Also, EllipticCurvePublicNumbers.encode_point needs to be replaced with EllipticCurvePublicKey.public_bytes

jaywcarman added a commit to IBM/power-up that referenced this issue Jan 28, 2019
The 'paramiko' python module depends on the 'cryptography' module. There
is a known 'CryptographyDeprecationWarning' problem (see
paramiko/paramiko#1369) that can be resolved
by installing 'cryptography==2.4.2'.
zhenz added a commit to ChameleonCloud/abracadabra that referenced this issue Feb 4, 2019
rectalogic added a commit to rectalogic/paramiko that referenced this issue Feb 6, 2019
@bitprophet bitprophet added this to the p0 milestone Feb 9, 2019
@bitprophet
Copy link
Member

Upstream has blessed #1379 so let's close this and roll it into that.

@bitprophet bitprophet removed this from the p0 milestone Feb 9, 2019
rwalton-arm added a commit to PelionIoT/mbl-cli that referenced this issue Feb 11, 2019
rwalton-arm added a commit to PelionIoT/mbl-cli that referenced this issue Feb 11, 2019
Support python 3.5.6.

* downgrade cryptography to 2.4.2 due to paramiko/paramiko#1369
* fix tests
* 3.5 doesn't like path objects being passed around in some cases
bndabbs added a commit to rocknsm/homebrew-taps that referenced this issue Mar 18, 2019
Workaround until paramiko/paramiko#1369 is
fully merged upstream
@sjamaan
Copy link

sjamaan commented Mar 19, 2019

When will there be a release that includes this change? From what I can tell, latest release on Pypi is 2.4.2 from 2018.

pymonger added a commit to sdskit/sdscli that referenced this issue Mar 20, 2019
* port to python3 (#24)
* initial 2to3 run
* remove import of distribute
* format to PEP8 spec
* pasteurized
* remove imports not yet installed via install_requires
* require future
* install fabric3 and pin cryptography to v2.4.2 to prevent warnings: paramiko/paramiko#1369
* install supervisor using master branch with python3 support
* update to celery v4.2.1
* encode unicode string
* load yaml securely
* bump version
@kabirbaidhya
Copy link

Any updates on when the new version will be published with this fix?

@AInteriorB
Copy link

It would be great to hear from you. We use duplicity for backups. There, warnings are important for us as an indication for a failed or incomplete backup.

@ninjape
Copy link

ninjape commented May 14, 2019

I have cryptography 2.6.1 and the warnings still persist. Any solution?

@ploxiln
Copy link
Contributor

ploxiln commented May 14, 2019

see #1379 for any and all solutions/questions/comments/updates

@TheSima
Copy link

TheSima commented Mar 26, 2020

For old versions I'm use filter of warnings:

import warnings
from cryptography.utils import DeprecatedIn25
warnings.simplefilter('ignore', DeprecatedIn25)

It's works for me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.