CODEWITHSUNDEEP
cryptographyrsapython
SeaDude
SeaDude

Reputation: 4385

What is the "backend" in reference to the Python cryptography module?

What does the "backend" refer to when using the Python cryptography module.

For example: The .RSABackend simple states: A backend with methods for using RSA..

Upvotes: 1

Views: 1869

Answers (1)

MechMK1
MechMK1

Reputation: 3378

The library in question does not implement crypto code themselves. This is because cryptographic code is prone to a wide range of problems that most programmers don't even think about - or don't need to think about in their day-to-day work.

What these libraries do instead is use some other piece of software which implements them in a (hopefully) secure way. These pieces of software are referred to as backend.

But what specifically is a backend?

Class-wise, I'll take HashBackend as an example, but it can easily be extrapolated to other backends. It is for all intents and purposes an abstract class, that has to implement two methods:

  • hash_supported(algorithm)
  • create_hash_ctx(algorithm)

hash_supported will take an algorithm and return whether or not a specific algorithm is supported. Not every backend might support every algorithm, so you might use this to determine which algorithm you'd like to use, based on availability.

create_hash_ctx will take an algorithm and return a "hash context", which is the object that is used to actually calculate a hash of data.

For both of these, the class in question doesn't actually implement any of the functions. It merely defines that they exist, and the documentation explains what they should do. "Actual" backend code, such as the OpenSSL backend, will then interface with the actual implementation of the cryptographic code.

+-----------------+
|    Your Code    | This is your code, calling someting like GetHash(input.password)
+-----------------+
   |
+--v--------------+
|   High-Level    | This is the "nice" interface provided by your crypto library
|   Crypto Code   | This is what you should use 100% of the time
+-----------------+
   |
+--v--------------+
|  Hash Backend   | This is the backend that the "nice" interface calls
+-----------------+
   |
+--v--------------+
| OpenSSL Backend | This is what translates requests to a way OpenSSL understands
+-----------------+
   |
+--v--------------+
| OpenSSL Library | This is what actually does the cryptographic operations
+-----------------+

Depending on the cryptographic task in question, the library may call some OS function designed to fulfill some task, such as reading random data.

Upvotes: 4

Related Questions