2

I am new-ish to encryption, and have seen many different libraries, however many of them were created many years ago, I am just wondering what people use today to encrypt in python and something that will work with it for decrypting in C# .net

I have looked into pycrypto, but from all the posts I have read, it seems like it hasn't been updated in a while (though it does seem very popular), and people have had a real struggle at getting it working with .net,

Any good suggestions? I don't suppose a library exists for this that has a .net & python version available? It really needs to be a reliable encryption such as AES.

jww
  • 97,681
  • 90
  • 411
  • 885
Josh Mc
  • 9,911
  • 8
  • 53
  • 66
  • 1
    First you need to figure out what you want to achieve using encryption. What do you want to protect? Who is the attacker? What are the trust boundaries? – CodesInChaos Jun 26 '12 at 09:11
  • 1
    Basicly I am using xmpp with app engine, and although the data is already encrypted by app engine, in this case, by opening up gmail and examining the chat messages, you can see the plaintext messages, I want to simply encrypt these in my google app python & decrypt in my C# application that is picking these up. – Josh Mc Jun 26 '12 at 21:10

2 Answers2

4

For anyone in the future, I did some tests and found that this worked perfectly for my purposes, the silverlight example can pretty much be directly ported to C#.

Uses pycrypto & System.Security.Cryptography

http://japrogbits.blogspot.co.nz/2011/02/using-encrypted-data-between-python-and.html

Josh Mc
  • 9,911
  • 8
  • 53
  • 66
1

We don't know how the data is moving around, so here is some advice:

  1. If the client and server communicate over a two-way channel, then use SSL. Python has good built-in support for SSL, I'm sure C# has good support too. This is easy to set up, you can even use stunnel so your Python and C# code doesn't have to touch crypto.

  2. If the client and server communicate asynchronously (e.g., email, batch jobs, etc.) then use PGP / GPG. Encryption and decryption can be offloaded to an external process, such as GPG, so the cost of implementation (no matter what the language) will be relatively minimal and your Python and C# code don't have to touch crypto.

Neither of these require using a library.

In both cases, you will need to create a public/private key pair. The normal procedure is to install this key pair on the server, and bundle the public key with the client. If your app does not have a simple division between "client" and "server" then you will need to figure something else out, but you should ASK FIRST because it is easy to get crypto wrong. Frighteningly easy.

DO NOT USE "AES".

If you type "AES" into your source code somewhere, you are doing it wrong.

Also, don't use AES.

AES is a cipher, which is one of the building blocks of a cryptography system. You don't want a building block, you want a complete system. SSL and PGP/GPG are complete systems. If you try to invent your own system by using AES, you will probably make a simple mistake somewhere and this is a very bad thing.

Creating a viable cryptography system is difficult. Like brain surgery, there are lots of people who can pick up a knife but only a few who know where to cut.

Did I mention that you shouldn't use AES?

Okay, don't use AES.

Don't forget to avoid AES.

Dietrich Epp
  • 205,541
  • 37
  • 345
  • 415
  • This answer seems to be accumulating some punishment without explanation. I provided links to TWO solutions that should cover most use cases and a blog post about why you should not design your own crypto. I'm not sure what else you want, except "give me teh codes." – Dietrich Epp Jun 26 '12 at 15:56
  • I certainly didn't downvote :s, doesn't seem worth downvoting to me, or if it did I would at least comment why. (looking into the stuff you mentioned now) – Josh Mc Jun 26 '12 at 21:12
  • 1
    What about using AES? – Jamie May 30 '17 at 15:48