[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [tor-assistants] Python metrics-lib



Hi Beck, hi Karsten.

First I'd like to make sure that I'm clear on what we're trying to do.
The javadocs for VerifyDescriptors [1] says that it...

> Verify server descriptors using the contained signing key.  Verify that
> 1) a contained fingerprint is actually a hash of the signing key and
> 2) a router signature was created using the signing key.
>
> Verify consensuses using the separate certs.  Verify that
> 1) the fingerprint in a cert is actually a hash of the identity key,
> 2) a cert was signed using the identity key,
> 3) a consensus was signed using the signing key from the cert.

Honestly I'm not yet sure what most of this means. The first #2 is
simply checking that the descriptor content can be verified using the
router-signature and signing-key, right? If so then this sounds like a
good place to start since it's entirely self-contained within the
descriptor and just involves implementation and testing of...

https://gitweb.torproject.org/stem.git/blob/HEAD:/stem/descriptor/server_descriptor.py#l624

> However, I need some suggestions for the choice of Python cryptography API, since I haven't used any before.

Nor have I. At present stem does not have any dependencies outside of
python's builtin functions. If we need PyCrypto and it's the best
choice then so be it, but be sure to wrap the imports in a try/catch
so we only raise an ImportError when executing the function that
requires the PyCrypto library.

Cheers! -Damian

[1] https://gitweb.torproject.org/metrics-tasks.git/blob/HEAD:/task-2768/VerifyDescriptors.java
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev