SSLCrypto - Easy, Fast Crypto for Python
SSLCrypto 0.1.1 now released - all python pickling has been replaced by
bencode serialisation - thus removing possible pickle exploits.
** Warning ** - If you are exchanging SSLCrypto key objects over the internet, it is imperative
you switch immediately to SSLCrypto 0.1.1. If you stay with SSLCrypto 0.1, you
could be susceptible to malformed pickle attacks.
SSLCrypto is a package for Python that dramatically eases the task of
adding encryption to Python programs.
It provides a unified API that is almost totally compatible with that
of ezPyCrypto, except that it takes
advantage of the OpenSSL Crypto
to deliver massive improvements in speed and security.
After using ezPyCrypto myself, I found that while it performed ok with
smaller public key sizes, it proved impossibly slow with larger keys.
This slowness, resulting from non-optimal code in its backend (the Python
Cryptography Toolkit) meant that on a 1.5 GHz Athlon XP, it was
taking several minutes to generate 4096-bit keys. Completely
unacceptable if you need real
Performance is absolutely critical
for an encryption API. If slowness deters people from using
adequate-sized keys, security will be severely compromised, almost to
the extent that there's little point in using encryption in the first
OpenSSL is a performance dream. It can generate truly military-grade
keys in acceptable times, and supports these keys with cipher
implementations that aggressively guard against known attacks. So, at
the price of a library dependency (on non-windoze systems), you get a
crypto API, whose key class is
compatible with ezPyCrypto, but whose performance imposes no deterrent
to truly strong cryptography.
We are confident that the security offered
by SSLCrypto is more than enough for your everyday needs, and will
prove a major resource-consuming deterrent against even the most
powerful interests who would compromise your privacy. To test this
claim, we have laid down a crypto challenge in which you are invited to take part.
SSLCrypto requires Python
To help windoze users, the SSLCrypto package is also available as a
self-installing EXE file (for Python 2.3 only - if running earlier
version, please upgrade) with no
external dependencies. (The
SSLCrypto.pyd file contained therein is statically linked against the
OpenSSL Windows libraries, which means you won't even need to know
OpenSSL). Just install and use!
On Linux and *BSD systems, you'll have to build SSLCrypto from the
source code. This is trivial if you have the following prerequisite
- Pyrex compiler - fortunately this is easy to install and set up -
get it from the Pyrex Website
- OpenSSL development library and headers - available on most Linux
and *BSD feeds as openssl-dev
similar, or from the OpenSSL
- You can view the SSLCrypto documentation here
- You can view the example programs online here.
These will show you just how easy crypto programming in Python can be.
- Possession or use of this software is illegal in some countries,
and may result in substantial fines or jail time.
In certain semi-free countries like UK and Australia, you may be
legally obliged to disclose encryption keys to government officials on
pain of serious jail time. Please consult a legal specialist.
- This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)
- The SSLCrypto code is released under the GNU General Public
License. Please feel welcome to use the code freely in non-commercial
and open-source-commercial software. (Commercial licenses, authorising
use of this code in closed-source applications, are available - please
contact the author).