-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backport to Python2.7 #51
Comments
Thanks for the interest @drandreaskrueger. I have no plans to backport python-paillier at this time however I would carefully review and consider merging a pull request. As an aside, using pickle for serialisation of any of the objects in this (or any python cryptography) library is not considered safe unless you 100% control and trust the serialiser and the transport/storage medium. It is trivial to hide code in a public key or |
Thanks a lot. And thanks for the offer with the pull request. We'll consider that.
Thanks for that hint. Please show us the alternative. The purpose of h.e. is to pass on encrypted data, so ... what in your opinion is the best way for that? Our case: After we have encrypted a privacy relevant dataset, we pass it on (*) to a third party to do calculations on it, then we get their results as encrypted numbers back from them (*), and will decrypt those results. For the transfers (*) what do you suggest if not pickle? |
Plus ... for passing data around, we only ever intend to pickle a |
Even that is a big problem - because pickle serializes both code and data. Your third party could alter the EncryptedNumber class before serializing with pickle. You are correct that for passing on encrypted data you should explicitly serialize the >>> import json
>>> enc_with_one_pub_key = {}
>>> enc_with_one_pub_key['public_key'] = {'g': public_key.g,
... 'n': public_key.n}
>>> enc_with_one_pub_key['values'] = [
... (str(x.ciphertext()), x.exponent) for x in encrypted_number_list
... ]
>>> serialised = json.dumps(enc_with_one_pub_key) |
Just use JSON. |
Tiny issue in your deserializer example code:
because the constructor allows only to pass Problematic? Can I everywhere assume that |
Great, here is a starting point for that: zlevas' changes from your py3 code to python 2.7 syntax seem to be enough to make my tests run through without problems. So far so good. But:
Perhaps, when you find the time, do a diff, and see what exactly he has changed, and whether that breaks anything. That'd be really nice, thanks. Start here: Thanks a million! |
Any chance for a backport to python 2.7 ?
We have a partial backport with almost all of the functions that we need working ...
... but we are still running into problems when (de)serializing (with pickle).
And sorry - I am not a Python 2 vs 3 expert neither.
The text was updated successfully, but these errors were encountered: