# Cryptography in Python

## Introduction to Cryptography
Cryptography is the science of **securing communication and data from unauthorized access**. It involves techniques for protecting the confidentiality, integrity, and authenticity of information. With the rise of digital communication, cryptography has become crucial for ensuring data security.

## Why Python
Python is one of the most popular languages for implementing cryptographic algorithms because of its simplicity, readability, and extensive library support

## The main goals of cryptography are:

### Confidentiality:
Ensuring that the information is accessible only to authorized individuals.
### Integrity:
Ensuring that the data has not been altered during transmission.
### Authentication:
Verifying the identity of the parties involved in communication.
### Non-repudiation:
Ensuring that neither party can deny the authenticity of their communications.

## There are several types of cryptographic algorithms:

### Symmetric Key Cryptography:
Both the sender and the receiver use the **same key** for encryption and decryption.
### Asymmetric Key Cryptography:
**Two different keys** are used a public key for encryption and a private key for decryption.
### Hash Functions:
**One-way** cryptographic functions that convert data into a fixed-size hash value.

## Installation

In [None]:
!pip install pycryptodome

# Symmetric Encryption
Symmetric encryption uses the **same key for both encryption and decryption**. It's fast and efficient but requires secure key management.

### Algorithms

- **AES (Advanced Encryption Standard)**: A widely used symmetric encryption standard that supports key sizes of 128, 192, and 256 bits.
- **DES (Data Encryption Standard)**: An older symmetric algorithm using a 56-bit key. It's considered insecure by modern standards.
- **3DES (Triple DES)**: An extension of DES that applies the encryption process three times to enhance security.
- **Blowfish**: A fast and flexible symmetric algorithm that uses variable-length keys (32 to 448 bits).
- **RC4**: A stream cipher that is fast and widely used, but now considered insecure due to vulnerabilities.

### Example using Cryptography lib

In [30]:
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

# Generate a random key and initialization vector
key = get_random_bytes(16)
cipher = AES.new(key, AES.MODE_GCM)
nonce = cipher.nonce

In [31]:
# Encrypt the message
message = b'Hello I am Ameur'
ciphertext, tag = cipher.encrypt_and_digest(message)
print("Encrypted Message:",ciphertext)

Encrypted Message: b'A`\x10:\xdb\x98\xc1\xe7\xdf\xc6\xddc\xc5\x0fW\xb9'


In [32]:
# Decrypt the message
cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
plaintext = cipher.decrypt(ciphertext)
print(f'Decrypted message: {plaintext.decode()}')

Decrypted message: Hello I am Ameur


In this example, we use the AES algorithm in GCM (Galois/Counter Mode) to encrypt and decrypt a message

### Uses
- **Data Encryption:** to secure sensitive data in transit or at rest.
- **Secure Communications:** Used in protocols like TLS/SSL to encrypt data between clients and servers.
- **VPNs**
- **Database Encryption** often used to encrypt sensitive information stored in databases, ensuring that only authorized users can access it.

# Asymmetric Encryption
Asymmetric encryption uses a **pair of keys—public and private**. The **public key encrypts** data, and only the corresponding **private key can decrypt** it. This allows secure communication without sharing the private key.

### Algorithms

- **RSA (Rivest–Shamir–Adleman)**: One of the first public-key cryptosystems, widely used for secure data transmission.
- **DSA (Digital Signature Algorithm)**: Primarily used for digital signatures, not for encrypting data.
- **ECC (Elliptic Curve Cryptography)**: Uses elliptic curves over finite fields to create faster, smaller keys than RSA.
- **ElGamal**: Used for public-key cryptography and digital signatures.

### Example using RSA

#### 1. Generate Keys

In [49]:
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP

# Generate RSA keys
key = RSA.generate(2048)

# Export and Store the Private Key
private_key = key.export_key()
with open('private_key.pem', 'wb') as f:
    f.write(private_key)
    
# Export and Store the Public Key
public_key = key.publickey().export_key()
with open('public_key.pem','wb') as f:
    f.write(public_key)
    
print("Keys generated and Stored.")

Keys generated and Stored.


#### 2. Encrypting Data with Public Key

In [54]:
# Load the public key
with open('public_key.pem', 'rb') as f:
    public_key = f.read()

    
# Encrypt a message with the public key
cipher = PKCS1_OAEP.new(RSA.import_key(public_key))
ciphertext = cipher.encrypt(b'Hi')
print(f"Encrypted message: {ciphertext}")

Encrypted message: b'\x1e\xf5\x08D\xab#\x10\xda\xb4\xe4\xde\xbb\x07\xb1\x9b\x9c^\xd9[q\xc8$\xd7\xf3\x98\x95\xde<\xd7\x1brU:<\xdfc\x8a\xde\x87?\xafj_\x87\xfc\xfa\xa7\x01\xac%\xcd\x91\x03\xef\xca\xeeoT\x7f`p\xafV\xab/\xfa\xb2\xcf\xb6\xab\x07\x1a\xed4<x\xcfw\xde\xc8 \xcb\x8f\x8cp\x9a\x0b\x83\x0f\xc5\x90\x993\xb5\x93\x08B\xb9\xc8\x93ZA\xb0L\xc3\xe0<x\xce/(\x85\x0c\x0c\x8b\xb3\x1c\xa0\x80p&\xd9\x15\x819\xe4/\x11\x9f6\xbb\x9d\x87\x8di\xec\xf6I\xdd\xcaQ<\xdf\xba\xc2\xcf\xfes\xa5[\xd4\xf0\xe0\x86\x00\x06h\x0e\xd3}\t\xdd\x9b\xed\x13\x91\xe5\xeeJ\x9d\xd7\x8a\xce\x18\xf9\x84b|D\xc9(\xa1\xba\xd2~\xbc\x8a:h\xad\xc1L %X1\x84\xe9\x10\x99\xb7k\x1a\xf6\x87x0jfmi\xcd\x95M\xaeV\xc9J\xa7\x1b(\xdc\xe5\x92\xeb\xc7\xf58 @\x8d\xca\xd8\xec\xee,}.M%\xa1\xaa\xf8lR ?\xf1\xea\x05@V\x82\xda\x88\xe3'


#### 3. Decrypting Data with Private Key

In [55]:
# Load the private key
with open('private_key.pem', 'rb') as f:
    private_key = f.read()

# Decrypt the message with the private key
cipher = PKCS1_OAEP.new(RSA.import_key(private_key))
plaintext = cipher.decrypt(ciphertext)
print(f'Decrypted message: {plaintext.decode()}')

Decrypted message: Hi


In this example, we use RSA for encryption and decryption.We stored the keys and them load them for more security and separation, The private key is used to decrypt messages that were encrypted with the corresponding public key.

### Uses 
- **Secure Key Exchange:** used to securely exchange symmetric keys between parties, enabling them to communicate securely without sharing the symmetric key directly.
- **Digital Signatures:** it provides a method for signing documents and messages, ensuring authenticity and non-repudiation.
- **Email Encryption:** Protocols like PGP (Pretty Good Privacy).
- **SSL/TLS Certificates:** Asymmetric encryption is integral to the SSL/TLS protocols used in securing web traffic, providing encryption and identity verification.

# Hashing
Hashing is a **one-way function** that converts data into a fixed-size string of characters, typically a **hash value**. It is commonly used for password storage and data integrity checks.<br>
**Salt** is a random data that is added to a password or message before hashing it. The purpose of salt is to ensure that even if two users hashes same data, their hashes will be different.

### Algorithms

- **SHA-256 (Secure Hash Algorithm 256-bit)**: Part of the SHA-2 family, widely used in various applications including blockchain.
- **SHA-1**: An older hash function that is no longer considered secure against well-funded attackers.
- **MD5 (Message-Digest Algorithm 5)**: Commonly used but also considered insecure due to vulnerabilities.
- **BLAKE2**: A fast and secure cryptographic hash function that is an improvement over MD5 and SHA-1.

### Example with PBKDF2

In [3]:
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Random import get_random_bytes

# Password to be hashed
password = b"my_secret_password"

# Generate a random salt
salt = get_random_bytes(16)  # 16-byte salt

# Derive a key using PBKDF2
key = PBKDF2(password, salt, dkLen=32, count=1000000)

print("Salt:", salt)
print("Derived Key:", key)

Salt: b'\xd7O\xb4a\xb1\xc7\x1c\xca\xe6\xa9\xe6\xd4Ck\x84\xbb'
Derived Key: b'\xd0l$t\xac\xf7A\x9dzwa\xe3\x12\n4\xc3)~o:\xeen\x90\x15?r\x95\x84,\x9e\x93\xbf'


### Explanation
**PBKDF2(password, salt, dkLen=32, count=1000000)**: This function derives a key using the password, salt, and specified number of iterations (count=1000000). The dkLen=32 specifies that the output key length will be 32 bytes (256 bits).

### Example with SHA256

In [2]:
from Crypto.Hash import SHA256
from Crypto.Random import get_random_bytes

# Data to be hashed
data = b"some_data_to_hash"

# Generate a random salt
salt = get_random_bytes(16)

# Combine data and salt
data_with_salt = salt + data

# Hash the combined data with SHA256
hash_obj = SHA256.new(data_with_salt)

print("Salt:", salt)
print("Hash:", hash_obj.hexdigest())

Salt: b'\x118\xf6\xb4\xdf\xde\xc1+\xc6g&\xe1+\xd3\xbe\xbb'
Hash: cb7fcd9f7f32537c48986b0bb0a885689723d83ef4b4eacfe918458c3a6ee91d


### Explanation
The **salt** is prepended or appended to the data, and then the combined result is hashed using SHA256.

### summary:
- **For PBKDF2**, salt is automatically used to secure the password hashing process.
- **For SHA256** or other general hashing algorithms, you can manually add the salt before hashing the data.

### Uses
- **Password Storage:** used to securely store user passwords in databases, ensuring that even if the database is compromised, the original passwords cannot be easily retrieved.
- **Data Integrity Verification:** Hashes can verify the integrity of files and data by comparing the hash of the original data with the hash of the received data.
- **Digital Signatures**
- **Checksums:** Hash functions are used to generate checksums for files to detect changes or corruption.

# Digital Signatures
Digital signatures ensure the **authenticity of the sender and the integrity of the message**. They are generated by encrypting the hash of the message with the sender’s private key.

### Algorithms

- **RSA**: Used for both encryption and digital signatures.
- **DSA**: Specifically designed for creating digital signatures.
- **ECDSA (Elliptic Curve Digital Signature Algorithm)**: A variant of DSA using elliptic curve cryptography for more efficient signatures.
- **EdDSA (Edwards-Curve Digital Signature Algorithm)**: A modern digital signature scheme using elliptic curves, designed for high performance and security.

### Example 

In [42]:
from Crypto.Signature import pkcs1_15
from Crypto.Hash import SHA256

# Hash the message
message = b'10:50 AM'
hash_object = SHA256.new(message)

# Sign the message with the private key
signature = pkcs1_15.new(RSA.import_key(private_key)).sign(hash_object)

# Verify the signature with the public key
try:
    pkcs1_15.new(RSA.import_key(public_key)).verify(hash_object, signature)
    print("The signature is valid.")
except (ValueError, TypeError):
    print("The signature is not valid.")

The signature is valid.


This code demonstrates how to sign a message and verify its authenticity using RSA and SHA-256.

### Uses
- **Authenticity**: Verifying the identity of the sender of a message.
- **Integrity**: Ensuring that the message has not been altered.
- **Non-repudiation**: Preventing the sender from denying the message sent

# Summary

#### Symmetric Encryption
- **Pros**: Fast, efficient for large data sizes.
- **Cons**: Key distribution problem (securely sharing the key).
#### Asymmetric Encryption
- **Pros**: Secure key exchange and digital signatures.
- **Cons**: Slower than symmetric encryption, larger key sizes.
#### Hashing
- **Pros**: One-way function; cannot be reversed to original data.
- **Cons**: Vulnerable to brute-force attacks if not salted.
#### Digital Signatures
- **Pros**: Provides authenticity, integrity, and non-repudiation.
- **Cons**: Requires a public/private key pair; computationally intensive.

# Real-World Applications of Cryptography with Python

- **Secure Messaging and Communication:** Python can be used to encrypt and decrypt messages in real-time applications such as secure chat platforms, email encryption services, and encrypted file sharing.

- **Blockchain and Cryptocurrency:** Cryptography is the foundation of blockchain technology and cryptocurrency. Python’s cryptographic libraries can be used to build blockchain platforms, create secure transactions, and validate cryptocurrency wallets.

- **Password Management Systems:** Python is widely used in developing password managers and secure authentication systems. Hash functions, such as bcrypt, can be implemented in Python to securely store and verify user passwords.

- **Secure API Communication:** Python can be used to encrypt sensitive data transmitted between clients and servers via APIs, ensuring secure data exchange in financial systems, healthcare applications, and e-commerce platforms.

# Sources
- <a href="https://theamitos.com/cryptography-with-python/#:~:text=Cryptography%20with%20Python%3A%20A%20Comprehensive%20Guide%201%201.,...%203%203.%20Hash%20Functions%20and%20Digital%20Signatures">Cryptography with Python: A Comprehensive Guide in THEAMITOS</a>