| Alex Stapleton | c5fffd3 | 2014-03-18 15:29:00 +0000 | [diff] [blame] | 1 | Frequently asked questions |
| Alex Gaynor | de06b29 | 2014-02-18 16:40:09 -0800 | [diff] [blame] | 2 | ========================== |
| 3 | |
| Alex Gaynor | 59a6bc6 | 2014-02-18 18:13:48 -0800 | [diff] [blame] | 4 | How does ``cryptography`` compare to NaCl (Networking and Cryptography Library)? |
| Alex Gaynor | de06b29 | 2014-02-18 16:40:09 -0800 | [diff] [blame] | 5 | -------------------------------------------------------------------------------- |
| 6 | |
| 7 | While ``cryptography`` and `NaCl`_ both share the goal of making cryptography |
| 8 | easier, and safer, to use for developers, ``cryptography`` is designed to be a |
| Alex Gaynor | c37adab | 2014-02-18 16:46:58 -0800 | [diff] [blame] | 9 | general purpose library, interoperable with existing systems, while NaCl |
| 10 | features a collection of hand selected algorithms. |
| Alex Gaynor | de06b29 | 2014-02-18 16:40:09 -0800 | [diff] [blame] | 11 | |
| Alex Gaynor | 5809d48 | 2014-02-19 13:33:18 -0800 | [diff] [blame] | 12 | ``cryptography``'s :ref:`recipes <cryptography-layout>` layer has similar goals |
| 13 | to NaCl. |
| Alex Gaynor | de06b29 | 2014-02-18 16:40:09 -0800 | [diff] [blame] | 14 | |
| 15 | If you prefer NaCl's design, we highly recommend `PyNaCl`_. |
| 16 | |
| Alex Gaynor | 0604944 | 2017-03-15 12:21:45 -0400 | [diff] [blame^] | 17 | Compiling ``cryptography`` on macOS produces a ``fatal error: 'openssl/aes.h' file not found`` error |
| 18 | ---------------------------------------------------------------------------------------------------- |
| Alex Gaynor | c77db59 | 2016-03-09 07:12:06 -0500 | [diff] [blame] | 19 | |
| Alex Gaynor | 0604944 | 2017-03-15 12:21:45 -0400 | [diff] [blame^] | 20 | This happens because macOS 10.11 no longer includes a copy of OpenSSL. |
| Alex Gaynor | c77db59 | 2016-03-09 07:12:06 -0500 | [diff] [blame] | 21 | ``cryptography`` now provides wheels which include a statically linked copy of |
| 22 | OpenSSL. You're seeing this error because your copy of pip is too old to find |
| 23 | our wheel files. Upgrade your copy of pip with ``pip install -U pip`` and then |
| 24 | try install ``cryptography`` again. |
| Alex Gaynor | 0fa997b | 2016-03-09 07:13:04 -0500 | [diff] [blame] | 25 | |
| Paul Kehrer | fcf6fca | 2016-03-12 16:21:24 -0400 | [diff] [blame] | 26 | Starting ``cryptography`` using ``mod_wsgi`` produces an ``InternalError`` during a call in ``_register_osrandom_engine`` |
| 27 | ------------------------------------------------------------------------------------------------------------------------- |
| 28 | |
| Paul Kehrer | 66a2372 | 2017-01-18 13:42:09 +0800 | [diff] [blame] | 29 | Upgrade to the latest ``cryptography`` and this issue should be resolved. |
| Paul Kehrer | fcf6fca | 2016-03-12 16:21:24 -0400 | [diff] [blame] | 30 | |
| 31 | ``cryptography`` raised an ``InternalError`` and I'm not sure what to do? |
| 32 | ------------------------------------------------------------------------- |
| 33 | |
| 34 | Frequently ``InternalError`` is raised when there are errors on the OpenSSL |
| 35 | error stack that were placed there by other libraries that are also using |
| 36 | OpenSSL. Try removing the other libraries and see if the problem persists. |
| Paul Kehrer | 4e9bd8c | 2016-03-12 16:33:39 -0400 | [diff] [blame] | 37 | If you have no other libraries using OpenSSL in your process, or they do not |
| 38 | appear to be at fault, it's possible that this is a bug in ``cryptography``. |
| 39 | Please file an `issue`_ with instructions on how to reproduce it. |
| Paul Kehrer | fcf6fca | 2016-03-12 16:21:24 -0400 | [diff] [blame] | 40 | |
| Paul Kehrer | bd7cd2d | 2017-02-13 20:01:06 -0600 | [diff] [blame] | 41 | Installing ``cryptography`` fails with ``ImportError: No module named setuptools_ext`` |
| 42 | -------------------------------------------------------------------------------------- |
| 43 | |
| 44 | Your ``cffi`` package is out of date. ``pip install -U cffi`` to update it. |
| 45 | |
| Alex Gaynor | 0e8cdf1 | 2016-12-13 21:05:35 -0500 | [diff] [blame] | 46 | Installing cryptography with OpenSSL 0.9.8 or 1.0.0 fails |
| 47 | --------------------------------------------------------- |
| Alex Gaynor | 29b2ebc | 2016-11-22 09:25:17 -0500 | [diff] [blame] | 48 | |
| Alex Gaynor | 0e8cdf1 | 2016-12-13 21:05:35 -0500 | [diff] [blame] | 49 | The OpenSSL project has dropped support for the 0.9.8 and 1.0.0 release series. |
| 50 | Since they are no longer receiving security patches from upstream, |
| 51 | ``cryptography`` is also dropping support for them. To fix this issue you |
| 52 | should upgrade to a newer version of OpenSSL (1.0.1 or later). This may require |
| 53 | you to upgrade to a newer operating system. |
| Alex Gaynor | 5d38206 | 2016-03-19 12:02:14 -0400 | [diff] [blame] | 54 | |
| Alex Gaynor | 0fa997b | 2016-03-09 07:13:04 -0500 | [diff] [blame] | 55 | .. _`NaCl`: https://nacl.cr.yp.to/ |
| Alex Gaynor | 988df9b | 2016-04-28 10:57:16 -0400 | [diff] [blame] | 56 | .. _`PyNaCl`: https://pynacl.readthedocs.io |
| 57 | .. _`WSGIApplicationGroup`: https://modwsgi.readthedocs.io/en/develop/configuration-directives/WSGIApplicationGroup.html |
| Paul Kehrer | 4e9bd8c | 2016-03-12 16:33:39 -0400 | [diff] [blame] | 58 | .. _`issue`: https://github.com/pyca/cryptography/issues |