New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use python cryptography for DNSSEC #449
Conversation
Signed-off-by: Simo Sorce <simo@redhat.com>
This looks ok to me. |
What minimal version of python-cryptography is required? I would like to check if it is available in reasonably modern versions of Debian etc. |
Buster (current stable Debian version) has 2.6.1 so it seems to be OK as this patch requires 2.6 in the specs already. I tried Xenial (Ubuntu 16.04) and it only complained about I think 2.6 is a reasonable requirement for elliptic curves. It is possible to split imports further and get the whole code supporting python-cryptography 1.2.3. I wonder if that is really needed. |
Thanks @simo5 Nit pick: The upstream project is called |
Sounds good to me, I would not complicate matters just because of very old distributions. dnspython 2.0 is breaking release anyway. Thanks! |
@tiran while the "cryptography" project is under the PyCA organization in github, on pypi it is called just cryptography. I added the "python" prefix just to make clear it is the import called "cryptography" available in python. |
Thanks @rthalley |
Use python cryptography for DNSSEC
Replaces the need to use pycryptodome and ecpy with the much better python cryptography.
Python cryptograpy depends on the much more common and vetted openssl library for cryptography functions. This means algorithms are properly hardened against side channel attacks unlike other implementations.
Fixes #448