"I follow "Example: Putting KeyzarTool and Java Keyczar Together".

Step 1: After I type "java org.keyczar.KeyczarTool create --location=/
aeskeys --purpose=crypt" ,
I get a file named "aeskeysmeta" in D:/ .

Step 2: After I type "java org.keyczar.KeyczarTool addkey --location=/
aeskeys --status=primary" ,
JVM will tell me "FileNotFoundException: \aeskeys\meta"

1. So I  create a folder named "aeskeys" .
2. Put "aeskeysmeta" into "aeskeys" .
3. "aeskeysmeta" be changed to "meta" .

Then Step 2 now works !! It will generate "aeskeys1" in D:/ .

Step 3: I try to do something in Java like:
Crypter theCrypter = new Crypter("d:/aeskeys");
String theCiphertext = theCrypter.encrypt("Some data to encrypt");

JVM will return
org.keyczar.exceptions.NoPrimaryKeyException: No primary key found
        at org.keyczar.Encrypter.ciphertextSize(Encrypter.java:91)
        at org.keyczar.Encrypter.encrypt(Encrypter.java:112)
        at org.keyczar.Encrypter.encrypt(Encrypter.java:184)
        at
forfun.tangblack.practices.keyczar.KeyczarTest.main(KeyczarTest.java:
30)"

please include an encryption mode with perfect forward secrecy
http://en.wikipedia.org/wiki/Perfect_forward_secrecy

Create a URL Signer class for Python like the one we have for Java Keyczar.

Add timeout signatures to Python.

What steps will reproduce the problem?
1. Download and extract latest tarball for python
2. run "python setup.py install" or "python setup.py build"

What is the expected output? What do you see instead?
Should build or install the python module, but it complains that there is
no "keyczar" directory.

What version of the product are you using? On what operating system?
0.6b Python on 64-bit Ubuntu Jaunty

Please provide any additional information below.
This should be a simple fix. I just added a symbolic link to src/keyczar in
the Keyczar-Python directory. If you want it to work on other operating
systems, I guess you should move the keyczar directory out of
Keyczar-Python/src and into the Keyczar-Python one.

Some Mac users can't use the Jar. I think we can create a 1.5 Jar once we
remove a few @Override annotations.

Can we have C++ support too?

Add support for nCipher HSMs 

Provide better examples of using Keyczar besides unittests. 

What steps will reproduce the problem?
1. Generate key size < default size
$ python2.4 keyczart.py addkey --location=/tmp/test-rsa --size=1024
Traceback (most recent call last):
  File "keyczart.py", line 306, in ?
    sys.exit(main(sys.argv[1:]))  # sys.argv[0] is name of program
  File "keyczart.py", line 291, in main
    AddKey(loc, status, crypter, size)
  File "keyczart.py", line 124, in AddKey
    czar.AddVersion(status, size)
  File "/home/ookoi/Bureau/tmp/python/src/keyczar/keyczar.py", line 178, in
AddVersion
    print("WARNING: %d-bit key size is less than recommended default key" +
TypeError: not all arguments converted during string formatting


What is the expected output? What do you see instead?

$ python2.4 keyczart.py addkey --location=/tmp/test-rsa --size=1024
WARNING: 1024-bit key size is less than recommended default key size of
2048 bits for RSA_PRIV keys.

What version of the product are you using? On what operating system?

Current Python trunk

Please provide any additional information below.

Attached trivial patch.

What steps will reproduce the problem?

org.keyczar.KeyczarTool create --location=.\sample --purpose=crypt

What is the expected output? What do you see instead?

Expect to see a ".\sample\meta" file created, instead the file that's
created is "samplemeta"

What version of the product are you using? On what operating system?

Keyczar version: 0.5b
OS: Windows XP Pro

Please provide any additional information below.

Using the Java API.
JDK: 1.6.0_04

Current work around is to add a File.separator at the end of the location
argument and then the meta file is created correctly:

org.keyczar.KeyczarTool create --location=.\sample\ --purpose=crypt

Proposed solution:

Add the following to KeyczarTool.java main method after grabbing locationFlag:

        // Verify location is a path, not a file!
        assert(locationFlag != null);

        if (!locationFlag.endsWith(File.separator))
        {
            locationFlag += File.separator;
        }

Remove the following from KeyczarFileReader.java constructor:

    if (fileLocation != null && !fileLocation.endsWith(File.separator)) {
      fileLocation += File.separator;
    }

Decryption is returning an empty Java string without throwing an exception.

http://groups.google.com/group/keyczar-discuss/browse_thread/thread/bf6330aa3886
64b4

Add timeout signatures to Java

We should write a script to test that Java can accept Python output and
vice versa. 

Hi,
it would be really nice, if there would be a Perl API.
Maybe Perl XS would be handy:
http://en.wikipedia.org/wiki/XS_(Perl)

This is the same issue than the one observed with Java
(http://code.google.com/p/keyczar/issues/detail?id=30&colspec=ID Type
Status Priority Milestone Owner Implementation Summary) but for Python this
time.

Pycrypto only accepts AES IV of 16 bytes (when self.block_size is 24 or 32
bytes it fails)


Metada and key are created this way:

python keyczart.py create --location=/home/ookoi/kz --purpose=crypt
python keyczart.py addkey --location=/home/ookoi/kz --status=primary --size=256

Test code:
import keyczar

input = "ttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt"
crypter = keyczar.Crypter.Read("/home/ookoi/kz")
ciphertext = crypter.Encrypt(input)
plaintext = crypter.Decrypt(ciphertext)
assert(input == plaintext)

Which gives:
Traceback (most recent call last):
  File "test.py", line 5, in <module>
    ciphertext = crypter.Encrypt(input)
  File
"/home/ookoi/Bureau/keyczar-read-only/python/src/keyczar/keyczar.py", line
314, in Encrypt
    return util.Encode(encrypting_key.Encrypt(data))
  File "/home/ookoi/Bureau/keyczar-read-only/python/src/keyczar/keys.py",
line 256, in Encrypt
    ciph_bytes = AES.new(self.key_bytes, AES.MODE_CBC, iv_bytes).encrypt(data)
ValueError: IV must be 16 bytes long

The Python code has hard-coded help and error messages in English. We need
to internationalize the code to support other languages.

Can we do anything to ensure that the (revoked key) file can't just be
undeleted? Maybe overwrite it with zeros first, although that might not
make a difference if the current version is cached. Probably better to keep
all key material encrypted on disk using an encrypted reader.

Add support so that keys can be kept encrypted on disk.

It could be handy a Python release which includes the latest trunk with the
OAEP fix. ( fix #42 )
It's so common that most of users normally installs svn trunk after getting
this bug...

my two cents :)

Put all the current crypto defaults into a single place.

What steps will reproduce the problem?

1. org.keyczar.KeyczarTool create --location=sample\ --purpose=crypt

2. org.keyczar.KeyczarTool addkey --location=sample\ --status=primary
--size=256

3. Run a simple Java test:

    String keyPath = "c:\\dev\\keyczar\\sample";

    String testString = "Mercury, Venus, Earth, Mars, Jupiter, Saturn, Uranus,
Neptune, Pluto";

    try
    {
        Crypter crypter = new Crypter(keyPath);

        String ciphertext = crypter.encrypt(testString);

        System.out.println("Cipher-text: "+ciphertext);

        String plaintext = crypter.decrypt(ciphertext);

        System.out.println("Plain-text:  "+plaintext);
    }
    catch (KeyczarException ke)
    {
        ke.printStackTrace();
    }


What is the expected output? What do you see instead?

Expected output: the cipher text, followed by plain-text.

Here's the actual exception that's thrown:

org.keyczar.exceptions.KeyczarException:
java.security.InvalidAlgorithmParameterException: Wrong IV length: must be
16 bytes long
    at org.keyczar.AesKey$AesStream.<init>(AesKey.java:132)
    at org.keyczar.AesKey.getStream(AesKey.java:108)
    at org.keyczar.Encrypter.ciphertextSize(Encrypter.java:93)
    at org.keyczar.Encrypter.encrypt(Encrypter.java:112)
    at org.keyczar.Encrypter.encrypt(Encrypter.java:184)
    at SymmetricTest.main(SymmetricTest.java:19)
Caused by: java.security.InvalidAlgorithmParameterException: Wrong IV
length: must be 16 bytes long
    at com.sun.crypto.provider.SunJCE_f.a(DashoA13*..)
    at com.sun.crypto.provider.AESCipher.engineInit(DashoA13*..)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at org.keyczar.AesKey$AesStream.<init>(AesKey.java:127)
    ... 5 more

The IV that's being created is 32 bytes instead of 16 bytes.

Please use labels and text to provide additional information.

In order to utilize stronger key sizes (e.g. AES 256) the user needs to
update his JCE policy files to the JCE Unlimited Strength Jurisdiction
Policy which can be downloaded from Sun at http://java.sun.com/javase
Please add this information to the documentation and/or the installation notes.

The testAesEncryptedKeyDecrypt() unit test is failing. I don't think that
keyczart.py genkey is generating an encrypted keyset.

It appears that main() in keyczart.py is calling AddKey with the parameters
(loc, status, size, crypter) rather than (loc, status, crypter, size). 

Auto-generated DSA signatures are not verifying in Java

Flip the default DSA key length to 2048 bits, as per NIST recommendations.

The wiki pages are out of date. We need to go through and make sure they
are current.

What steps will reproduce the problem?

The code in charge of returning the next version number is bugged and under
specifics circumstances can lead to overwrite a valid key when a new key is
added.

Consider these steps:

$ python2.4 keyczart.py create --location=/tmp/aes --purpose=crypt
$ python2.4 keyczart.py addkey --location=/tmp/aes
$ python2.4 keyczart.py addkey --location=/tmp/aes
$ ls -la /tmp/aes
total 13
drwxr-xr-x  2 ookoi ookoi 120 2009-01-19 00:26 ./
drwxrwxrwt 22 root  root  832 2009-01-19 00:24 ../
-rw-r--r--  1 ookoi ookoi 160 2009-01-19 00:26 1
-rw-r--r--  1 ookoi ookoi 160 2009-01-19 00:26 2
-rw-r--r--  1 ookoi ookoi 225 2009-01-19 00:26 meta
$ python2.4 keyczart.py demote --location=/tmp/aes --version=1
$ python2.4 keyczart.py revoke --location=/tmp/aes --version=1
$ ls -la /tmp/aes                                                 
total 9
drwxr-xr-x  2 ookoi ookoi  96 2009-01-19 00:27 ./
drwxrwxrwt 22 root  root  832 2009-01-19 00:24 ../
-rw-r--r--  1 ookoi ookoi 160 2009-01-19 00:27 2
-rw-r--r--  1 ookoi ookoi 162 2009-01-19 00:27 meta
$ cat /tmp/aes/2
{"hmacKey": {"hmacKeyString":
"JUii6dsUDRcjnOaVQQWCAqJPPfOhoMgv53ixWVs25NY", "size": 256},
"aesKeyString": "S4_TD9D5tn_dfGWIhmuL_A", "mode": "CBC", "size": 128}
$ python2.4 keyczart.py addkey --location=/tmp/aes
$ ls -la /tmp/aes                                     
total 9
drwxr-xr-x  2 ookoi ookoi  96 2009-01-19 00:27 ./
drwxrwxrwt 22 root  root  832 2009-01-19 00:24 ../
-rw-r--r--  1 ookoi ookoi 160 2009-01-19 00:28 2
-rw-r--r--  1 ookoi ookoi 162 2009-01-19 00:28 meta
$ cat /tmp/aes/2                                  
{"hmacKey": {"hmacKeyString":
"gcbHBl1ds4nkXecLf8uKk6Bel5amnVADpio-KLdDsec", "size": 256},
"aesKeyString": "S8Hycf7seAKG8y1agh_mHQ", "mode": "CBC", "size": 128}

The content of /tmp/aes/2 has changed.

What is the expected output? What do you see instead?

/tmp/aes/2 has been overwritten, the expected result would have been to
generate a new key version named for example /tmp/aes/1 while preserving
the previous key /tmp/aes/2.


What version of the product are you using? On what operating system?

This problem affects the current trunk of Keyczar for both Java and Python
implementations.

Please provide any additional information below.

Here is a working patch for the Python implementation.

after few iterations this simple program

from keyczar import keyczar, keys
key = keys.RsaPrivateKey.Generate()
msg = "ciao"

for i in range(100):
    key.Decrypt(key.Encrypt(msg))

fails with the folloring exception:

Traceback (most recent call last):
  File "hello2.py", line 9, in <module>
    key.Decrypt(key.Encrypt(msg))
  File "/home/sciasbat/tmp/Keyczar-Python/keyczar/keys.py", line 563,
in Decrypt
    return self.__Decode(decrypted)
  File "/home/sciasbat/tmp/Keyczar-Python/keyczar/keys.py", line 478,
in __Decode
    raise errors.KeyczarError("OAEP Decoding Error")
keyczar.errors.KeyczarError: OAEP Decoding Error 

Change as per NIST recommendations

Improve and expand the PDF documents

What steps will reproduce the problem?
1. Create a new keyset, add a key to it:
c:\keyczar>java -cp ".\*" org.keyczar.KeyczarTool create
--location=/keys/crypt_test/ --purpose=crypt

c:\keyczar>java -cp ".\*" org.keyczar.KeyczarTool addkey
--location=/keys/crypt_test/ --status=primary

2. Run the following test case:
    @Test
    public void symEncryptDecrypt() {

        try {
            Crypter crypter = new Crypter("/keys/crypt_test");
            String ciphertext = crypter.encrypt("Hello World");
            String plaintext = crypter.decrypt(ciphertext);
            Assert.assertEquals("Hello World", plaintext);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

What is the expected output? What do you see instead?

Expect the test to succeed. Instead got the following:
org.junit.ComparisonFailure: expected:<[Hello World]> but was:<[]>
    at org.junit.Assert.assertEquals(Assert.java:99)
    at org.junit.Assert.assertEquals(Assert.java:117)
...


What version of the product are you using? On what operating system?

I'm using keyczar05b-1.6.jar. I'm on Win XP Pro SP2.

Right now, we will have different sets of translations for both Java and
Python. It would be good if we had these in a single source, then generated
each the i18n files for each implementation automatically. Then the two
implementations won't drift apart.

It is not very comfortable if the user is forced to install a artifact to
its local repository.

What about uploading the artifact to your maven repo
(http://keyczar.googlecode.com/svn/trunk/java/maven/)


Regards

Johannes

http://groups.google.com/group/keyczar-discuss/browse_thread/thread/3f3e1a310565
e16d

What steps will reproduce the problem?
1. Set up Eclipse with Subclipse and m2eclipse plugins. Follow "Maven
Instructions" and check out source.
2. Install dependencies as mentioned in the "Java Dependencies" wiki page.


What is the expected output? What do you see instead?
As soon as you checkout the source you see that build fails due to missing
jar files. When you navigate to the pom.xml, you see that it is complaining
about the org.jvnet.wagon-svn:pom:1.8 (See attachment 1 for a screen shot).
After you get through the problem, you see that there is a "Maven error"
due to missing artifacts in the repository paths provided. The maven
2.java.net repo does not have jdmk_jmx, jms jars. 

Probable fix:
Please see attached patch file where I have made appropriate changes to the
pom.xml to get around this problem (Attachment 2)

Figure out whether using Maven is feasible for this project.

Please translate the Keyczar messages to Arabic

Please translate the Keyczar messages to Chinese 

Right now we do a lot of string.getBytes(). These need to specify the
character encoding, otherwise encrypting in different locales could be
incompatible. We will also need to update the docs to reflect this.

Please translate the Keyczar messages to: French

[deleted issue]

We need to generate some test vectors for the PDF document

Hello,

What steps will reproduce the problem?

1. Create a new "key ring" and add a key as the documentation suggests
python ..\src\keyczar\keyczart.py create --location=keys --purpose=crypt
python ..\src\keyczar\keyczart.py addkey --location=keys --status=primary

2. Write the simplest script to encrypt
from keyczar.keyczar import Encrypter
K = Encrypter.Read("keys")
print K.Encrypt("Hello")

What is the expected output? What do you see instead?

Instead of the encrypted string one sees:
>>> K.Encrypt("Hello")
Traceback (most recent call last):
  File "<pyshell#12>", line 1, in <module>
    K.Encrypt("Hello")
  File "F:\...\Keyczar-Python\src\keyczar\keyczar.py", line 306, in Encrypt
    encrypting_key = self.primary_key
  File "F:\...\Keyczar-Python\src\keyczar\keyczar.py", line 70, in <lambda>
    primary_key = property(lambda self: self.GetKey(self.primary_version),
  File "F:\...\Keyczar-Python\src\keyczar\keyczar.py", line 126, in GetKey
    raise errors.KeyNotFoundError(id)
KeyNotFoundError: Key with hash identifier None not found.

The reason for this is that the status of the key is written as "None" (by
the addkey command) as:
{"encrypted": false, "versions": [{"status": "None", "versionNumber": 1,
"exportable": false}], "type": "AES", "name": "Test", "purpose":
"DECRYPT_AND_ENCRYPT"}

It turns out that the logic comparing the flag passed as status (i.e. the
sting "primary", compares it to the flag "PRIMARY" in a case sensitive way
in the function "GetStatus" (file "keyinfo.py").

Probably the function "GetStatus":

def GetStatus(value):
  if value in statuses:
    return statuses[value]

should be modified to raise an exception if it does not find a valid
status. It might also be wise to change the documentation to reflect that
the correct addkey command is:
python ..\src\keyczar\keyczart.py addkey --location=keys --status=PRIMARY

Yours,

George Danezis

We should externalize the hard-coded Strings from the Java version for
easier internationalization.

Please translate the Keyczar messages to Russian.

At least English and Spanish for 0.5b.

What steps will reproduce the problem?
1. python keyczart.py create --location='.' --purpose=crypt
2. python keyczart.py addkey --location='.'

What do you see instead?
Traceback (most recent call last):
  File "keyczart.py", line 279, in <module>
    sys.exit(main(sys.argv[1:]))  # sys.argv[0] is name of program
  File "keyczart.py", line 264, in main
    int(flags.get(SIZE, -1)), crypter)
  File "keyczart.py", line 118, in AddKey
    UpdateGenericKeyczar(czar, loc, crypter)
  File "keyczart.py", line 236, in UpdateGenericKeyczar
    czar.Write(loc, encrypter)
  File "/home/neo/Proyectos/Python/Keyczar-Python/src/keyczar/keyczar.py",
line 270, in Write
    key = encrypter.Encrypt(key)  # encrypt key info before outputting
AttributeError: 'int' object has no attribute 'Encrypt'


What version of the product are you using? On what operating system?
Keyczar 0.5b Python Release
Ubuntu Hardy (8.04)
Python 2.5.2

Please provide any additional information below.
This is the content of 'meta' after ot run 'addkey':

{"encrypted": true, "versions": [{"status": "ACTIVE", "versionNumber": 1,
"expor
table": false}], "type": "AES", "name": "Test", "purpose":
"DECRYPT_AND_ENCRYPT"
}

What steps will reproduce the problem?
1. Try to encrypt a String or Byte larger than 214 bytes, like the example
below:

try {
    encrypter = new Encrypter(publickey);
    decrypter = new Crypter(privatekey);
    byte[] b = new byte[500];
    encrypter.encrypt(b);   
} catch (KeyczarException e1) {
    e1.printStackTrace();
} 

This generate the following error:

328  [AWT-EventQueue-0] INFO  org.keyczar.Encrypter  - Cifrando 500 bytes.
org.keyczar.exceptions.KeyczarException:
javax.crypto.IllegalBlockSizeException: Data must not be longer than 214 bytes
    at org.keyczar.RsaPublicKey$RsaStream.doFinalEncrypt(RsaPublicKey.java:98)
    at org.keyczar.Encrypter.encrypt(Encrypter.java:164)
    at org.keyczar.Encrypter.encrypt(Encrypter.java:113)
    at com.lossurdo.cipherchat.CipherChat.<init>(CipherChat.java:59)
    at com.lossurdo.cipherchat.CipherChat$9.run(CipherChat.java:390)
    at java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:209)
    at java.awt.EventQueue.dispatchEvent(EventQueue.java:597)
    at
java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:273
)
    at
java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:183)
    at
java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:173
)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:168)
    at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:160)
    at java.awt.EventDispatchThread.run(EventDispatchThread.java:121)
Caused by: javax.crypto.IllegalBlockSizeException: Data must not be longer
than 214 bytes
    at com.sun.crypto.provider.RSACipher.a(DashoA13*..)
    at com.sun.crypto.provider.RSACipher.engineDoFinal(DashoA13*..)
    at javax.crypto.CipherSpi.a(DashoA13*..)
    at javax.crypto.CipherSpi.engineDoFinal(DashoA13*..)
    at javax.crypto.Cipher.doFinal(DashoA13*..)
    at org.keyczar.RsaPublicKey$RsaStream.doFinalEncrypt(RsaPublicKey.java:96)
    ... 12 more

2. I have used the following commands to generate the keys:

java -classpath keyczar05b-1.6-090208.jar;gson-1.2.jar;log4j-1.2.15.jar
org.keyczar.KeyczarTool create --purpose=crypt --asymmetric=rsa
--location=./rsakeys

java -classpath keyczar05b-1.6-090208.jar;gson-1.2.jar;log4j-1.2.15.jar
org.keyczar.KeyczarTool addkey --location=./rsakeys --status=primary

java -classpath keyczar05b-1.6-090208.jar;gson-1.2.jar;log4j-1.2.15.jar
org.keyczar.KeyczarTool pubkey --location=./rsakeys --status=active
--destination=./rsakeys/publickeys/

I'm sure I'll figure it out eventually, but it would be nice if it was easy.