Steven D'Aprano wrote: > On Sat, 11 Mar 2006 16:09:22 +0100, robert wrote: > > >>>Lastly, have you considered that your attempted solution is completely the >>>wrong way to solve the problem? If you explain _what_ you are wanting to >>>do, rather than _how_ you want to do it, perhaps there is a better way. >> >>So, there seems to be a big barrier for that task, when encryption is on >>the whole archive. A complex block navigation within a block cipher >>would be required, and obviously there is no such (handy) code already >>existing. Or is there a encryption/decryption method which you can can >>use like a file pipe _and_ which supports 'seek'? > > > [snip] > > Let's try again: rather than you telling us what technology you want to > use, tell us what your aim is. I suspect you are too close to the trees to > see the forest -- you are focusing on the fine detail. Let's hear the big > picture: what is the problem you are trying to solve? Because, frankly, as > far as I can see, the solution you are looking for doesn't exist. But > maybe I'm too far from the forest to see the individual trees. > > "I need encryption that supports seek" -- no, that's you telling us _how_ > you want to solve your problem. > > Perhaps you can tick some/all of the following requirements: > > - low bandwidth usage when updating the remote site > > - transmission needs to be secure > > - data on the remote site needs to be secure in case of theft or break-ins > > - remote site is under the control of untrusted parties; > or remote site is trusted > > - remote site is an old machine with limited processing power and very > small disk storage; > or remote site can be any machine we choose > > - local site needs to run Windows/Macintosh/Linux/BSD/all of the above > > - remote site runs on Windows/Macintosh/Linux/BSD/anything we like > > - we are updating text files/binary files > > - anything else you can tell us about the nature of your problem
The main requirement is, that it has to be become a cohesive, reusable, portable (FTP/SFTP standard) functionality as mentioned in the OP. A Python module at best. For integration in a bigger Python app. not a one-time admin hack with a bunch of tools to be fiddled together on each user machine. So the 'how' is mostly =='what'. Its a Python question so far. The last 2 methods I mentioned already are maybe a way to a compromise, (if integrated one-stream encryption cannot be managed) The only issue remaining: A native Python module for pgp-(pwd only)-encryption or another kind of good (commonly supported) encryption. ZIP2-encryption itself seems to be too weak? (Still so in recent ZIP formats? what about the mode of 7zip etc?) But I found no python modules for either. http://www.amk.ca/python/code/gpg just calls into an external gpg installation. Can the functionality of "gpg -c" maybe fiddled together with PyCrypto easily ? (variable length key/pwd only - no public key stuff required) And what about ZIP password-only encryption itself? Are there maybe any usable improvents ? And: when there are many files encrypted with the same password (both PGP and ZIP), will this decrease the strength of encryption? Robert -- http://mail.python.org/mailman/listinfo/python-list