Compatibility with PyCrypto

PyCryptodome exposes almost the same API as the old PyCrypto so that most applications will run unmodified. However, a very few breaks in compatibility had to be introduced for those parts of the API that represented a security hazard or that were too hard to maintain.

Specifically, for public key cryptography:

• The following methods from public key objects (RSA, DSA, ElGamal) have been removed:

  • sign()

  • verify()

  • encrypt()

  • decrypt()

  • blind()

  • unblind()

  Applications should be updated to use instead:

  • Crypto.Cipher.PKCS1_OAEP for encrypting using RSA.

  • Crypto.Signature.pkcs1_15 or Crypto.Signature.pss for signing using RSA.

  • Crypto.Signature.DSS for signing using DSA.

• Method: generate() for public key modules does not accept the progress_func parameter anymore.

• Ambiguous method size from RSA, DSA and ElGamal key objects have been removed. Instead, use methods size_in_bytes() and size_in_bits() and check the documentation.

• The 3 public key object types (RSA, DSA, ElGamal) are now unpickable. You must use the export_key() method of each key object and select a good output format: for private keys that means a good password-based encryption scheme.

• Removed attribute Crypto.PublicKey.RSA.algorithmIdentifier.

• Removed Crypto.PublicKey.RSA.RSAImplementation (which should have been private in the first place). Same for Crypto.PublicKey.DSA.DSAImplementation.

For symmetric key cryptography:

• Symmetric ciphers do not have ECB as default mode anymore. ECB is not semantically secure and it exposes correlation across blocks. An expression like AES.new(key) will now fail. If ECB is the desired mode, one has to explicitly use AES.new(key, AES.MODE_ECB).

• Crypto.Cipher.DES3 does not allow keys that degenerate to Single DES.

• Parameter segment_size cannot be 0 for the CFB mode.

• Parameters disabled_shortcut and overflow cannot be passed anymore to Crypto.Util.Counter.new. Parameter allow_wraparound is ignored (counter block wraparound will always be checked).

• The counter parameter of a CTR mode cipher must be generated via Crypto.Util.Counter. It cannot be a generic callable anymore.

• Keys for Crypto.Cipher.ARC2, Crypto.Cipher.ARC4 and Crypto.Cipher.Blowfish must be at least 40 bits long (still very weak).

The following packages, modules and functions have been removed:

• Crypto.Random.OSRNG, Crypto.Util.winrandom and Crypto.Random.randpool. You should use Crypto.Random only.

• Crypto.Cipher.XOR. If you just want to XOR data, use Crypto.Util.strxor.

• Crypto.Hash.new. Use Crypto.Hash.<algorithm>.new() instead.

• Crypto.Protocol.AllOrNothing

• Crypto.Protocol.Chaffing

• Crypto.Util.number.getRandomNumber

• Crypto.pct_warnings

Others:

• Support for any Python version older than 2.6 is dropped.