diff --git a/dev-requirements.txt b/dev-requirements.txt index 79a48f97..3385d7af 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -2,13 +2,15 @@ # and installation. It can be executed as follows: # $ pip install --requirement dev-requirements.txt # -# pip install TUF in editable mode (i.e., setuptools "develop mode"). -# The current working directory must contain 'setup.py'. +# pip install TUF (minimal install) in editable mode (i.e., setuptools +# "develop mode"). The current working directory must contain 'setup.py'. --editable . # Install PyNaCl for faster generation and verification of ed25519 keys and # signatures. It also includes protection against side-channel attacks. # NOTE: TUF only uses the pure Python implementation of ed25519 for signature # verification. PyNaCl is required for ed25519 key and signature generation -# with the TUF repository tools. +# with the TUF repository tools. Also install PyCrypto for RSA key & signature +# support and general-purpose cryptography needed by the repository tools. +pycrypto==2.6.1 pynacl==0.2.3 diff --git a/setup.py b/setup.py index da63b39d..efff48fe 100755 --- a/setup.py +++ b/setup.py @@ -37,10 +37,11 @@ $ pip install . # Installing optional requirements (i.e., after installing tuf). - # 'fast_ed25519' currently supported, which enables faster and more secure - # ed25519 key generation and signature verification computations with - # pynacl+libsodium. - $ pip install tuf[fast_ed25519] + # The 'tools' optional requirement is currently supported, which enables + # fast and secure ed25519 key generation and signature verification + # computations with PyNaCl+libsodium. General-purpose cryptography is also + # provided. 'tools' is needed by the TUF repository tools. + $ pip install tuf[tools] Alternate installation options: @@ -70,7 +71,7 @@ from setuptools import find_packages extras = { - 'fast_ed25519': ['pynacl>=0.2.3'] + 'tools': ['pycrypto>=2.6.1', 'pynacl>=0.2.3'] } setup( @@ -98,7 +99,7 @@ 'Topic :: Security', 'Topic :: Software Development' ], - install_requires = ['pycrypto>=2.6.1'], + install_requires = [], packages = find_packages(exclude=['tests', 'tuf.tests']), extras_require = extras, scripts = [ diff --git a/tuf/client/updater.py b/tuf/client/updater.py index 9de30029..f51d963e 100755 --- a/tuf/client/updater.py +++ b/tuf/client/updater.py @@ -116,7 +116,6 @@ import tuf.keydb import tuf.log import tuf.mirrors -import tuf.repo.signerlib import tuf.roledb import tuf.sig import tuf.util diff --git a/tuf/ed25519_keys.py b/tuf/ed25519_keys.py index 0c7f3398..bb7051fc 100755 --- a/tuf/ed25519_keys.py +++ b/tuf/ed25519_keys.py @@ -161,6 +161,7 @@ def generate_public_and_private(): try: nacl_key = nacl.signing.SigningKey(seed) public = str(nacl_key.verify_key) + except NameError: message = 'The PyNaCl library and/or its dependencies unavailable.' raise tuf.UnsupportedLibraryError(message) @@ -354,7 +355,7 @@ def verify_signature(public_key, method, signature, data, use_pynacl=False): except nacl.exceptions.BadSignatureError: pass - # Verify 'ed25519' signature with pure Python implementation. + # Verify 'ed25519' signature with the pure Python implementation. else: try: tuf._vendor.ed25519.ed25519.checkvalid(signature, data, public) diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py index 30888fd9..dc66675b 100755 --- a/tuf/repository_tool.py +++ b/tuf/repository_tool.py @@ -3380,8 +3380,8 @@ def import_rsa_privatekey_from_file(filepath, password=None): # If the caller does not provide a password argument, prompt for one. if password is None: - message = 'Enter a password for the encrypted RSA key file: ' - password = _get_password(message, confirm=True) + message = 'Enter a password for the encrypted RSA file: ' + password = _get_password(message, confirm=False) # Does 'password' have the correct format? tuf.formats.PASSWORD_SCHEMA.check_match(password) @@ -3636,8 +3636,8 @@ def import_ed25519_privatekey_from_file(filepath, password=None): # If the caller does not provide a password argument, prompt for one. if password is None: - message = 'Enter a password for the encrypted ED25519 key file: ' - password = _get_password(message, confirm=True) + message = 'Enter a password for the encrypted ED25519 key: ' + password = _get_password(message, confirm=False) # Does 'password' have the correct format? tuf.formats.PASSWORD_SCHEMA.check_match(password)