encryption and decryption scripting
The Python library contains the cryptography module, that we will be importing to use in our code. Cryptography allows us to protect data and scramble it via algorithms (encryption), these algortihms can be unscrambled by the intended recipient via decryption.
what algorithms can we use?
Pythons Cryptography library supports the use of many popular algorithms. That can be used for different purposes such as hash functions, symmetric and assymetric encryption, Key derivation functions. Some of the most popular algorithm functions include:
(SHA) Secure Hash Function 1, 2 (256, 384, 512), 3.
Password Based Key Derivation Function (PBKDF)/HMAC-based Key Derivation Function (HKDF)
Hash-based Message Authentication Code (HMAC)/Cipher-based Message Authentication Code (CMAC).
Fernet which is a A high-level symmetric encryption API that handles key management and tokenization.
As well as some of the common algorithms
Advanced Encryption Standard (AES), Data Encryption Standard (DES), Blowfish, Twofish.
Rivest-Shamir-Adleman (RSA), Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA).
generating key pairs
RSA or Rivest-Shamir-Adleman Cryptography works by generating two key pairs, an assymetric encryption algorithm. A common example of RSA is SSL/TLS encryption which ensures the data submitted between a client and a web server remains confidential. A client will send its public key to a webserver to request data and the web server will encrypt that data using the clients public key and send the data back which can then be decrypted with the clients private key.
The Algorithm gets its security based on the difficulty of factoring large numbers. The mechanism behind RSA is a public key consisting of two prime numbers that have been multiplied and a private key derived from those same two prime numbers.
To create a simple RSA value-
take two prime numbers (h)= 13, (k)=17
calculate the modulus m (h) * (k) = (13) * (17) = 221
calculate eulers totient (phi) m: (phi)m= (h-1) * (k-1) = (13-1) * (17-1) = 12 * 16 = 192
choose an interger (e) which should be less than (m) and relatively prime phi(7)
calculate the private exponent/modular inverse (d). ideally, (d*e) mod (phi)(n) = 1. We can calculate this through trial and error or use python as well. I will do a post further. We find that (d=11)
we are left with the public and private keys
public = (m,e) (221,7)
private = (m,d) (221,11)
This works because its really difficult to factorize (m) into (h) and (k) and would require an insane amount of computational resources to calculate the private key d from m and e. This is generally how assymetric encryption works.
This algorithm is also referred to as a trap door function where its easy to go one way through (multiplication) but near impossible to go the other way (factorization).
To generate RSA Key Pairs using Python we are going to start by installing the cryptography module on our command line interface. In this code we don’t really need to worry about calculating the RSA key pairs ourselves because the module from python will do it for us.
The modules we need to import in our script include from cryptography.hazmat.primitives.asymmetric which provides functions for key generation and manipulation. import rsa for RSA generation, cryptography.hazmat.primitives. serialization for key serialization and deserialization. In order for our code to actually work.
code explanation
import our modules from the Python Library; cryptography.hazmat.primitives.asymmetric.rsa and cryptography.hazmat.primitives. serialization.
private_key = rsa.generate_private_key generates a new private key we can choose the bit size. The options are either 2048 or 1024, a bit siz of 2048 is more secure.
For the public_exponent we are choosing 65537 the reason this is a common choice is its a relatively small prime number and a secure one.
public_key = private_key.public_key derives the corresponding public key from the private key.
PEM (privacy enhanced mail) stands for the encoding format being used and private_key.private_bytes serializes the private key into binary format.
format=serialization.PrivateFormat.PKCS8 tells the code what format for the private key (PKCS8).
encryption_algorithm=serialization.BestAvailableEncryption specifies the encryption algorithm used as well as the password for the private key (rsa2024).
with open("private_key.pem", "wb") as f creates a file to store the private key.
pem = public_key.public_bytes same as the private key, it serializes it into a binary format. The format is PKCS1
with open("public_key.pem", "wb") as f creates a file to store the public key.
private_key = serialization.load_pem_private_key and public_key = serialization.load_pem_public_key This part isn’t really necessary, I probably wouldn’t use it in real life. It’s if you need to load to private and public key for future decryption from a PEM encoded file saved with the password rsa2024.
elliptic curve algorithm
Elliptic curve cryptography (ECC), is used for public key cryptography, similar to RSA but uses a smaller key size which makes it more efficient for some API’s. Elliptic Curve cryptography is based around a finite mathematical curve. The elliptic mathematical curve is defined by the equation y^2 = x^3 + ax + b or
In the formula for the Elliptic curve, (a) and (b) are constants and (y) and (x) are variables.
The most common curves used are:
NIST (National institue of Standards and Technology) curves
NIST P-256 which is a 256 bit curve
NIST P-384 a 384 bit curve
NIST P-521 a 521 bit curve
secp256k1 a curve used in blockchain technology which simplifies to [ y^2 = x^3 + 7 ]
To generate our private key, we start by choosing a random 256 bit number. To generate our public key we use the formula (nP=G). Say (n) is the private key (choose an interger) and (P) is the special point on the elliptic curve (our generator point).
imagine that our curve is (y^2 = x^3 - 3x + 4) and our generator point (p) is (1,2) and the private key n is 5. if (n)= 5, we need to P*5 which is multiplying P by itself 5 times to generate a new point on the curve which will result in our public key.
encrypting and decrypting a message using elliptic curve cryptography
Ok so now we know how elliptic curve algorithms work, you don’t really need to understand the mathematics to encrypt using python but it is interesting to learn. Obviously we are going to be using the cryptography module from the python library and will be loading from cryptography.hazmat.primitives.asymmetric.ec to provide functions for elliptic curve cryptography as well as from cryptography.hazmat.primitives.serialization which will handle the serialization as well as deserialization of cryptographic keys.