The code is used for generating a key pair, signing a message with a private key, and verifying the signature with the corresponding public key. This is known as asymmetric cryptography or public-key cryptography.

In [5]:
!pip install cryptography



In [6]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key
from cryptography.exceptions import InvalidSignature
import base64

# Generate a key pair
def generate_key_pair():
    private_key = rsa.generate_private_key(
        public_exponent=65537,
        key_size=2048
    )
    public_key = private_key.public_key()
    return private_key, public_key

# Sign a message with the private key
def sign(message, private_key):
    signature = private_key.sign(
        message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
    return base64.b64encode(signature).decode()

# Verify a signature with the public key
def verify(message, signature, public_key):
    try:
        signature_bytes = base64.b64decode(signature)
        public_key.verify(
            signature_bytes,
            message,
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return True
    except InvalidSignature:
        return False

# Example usage
private_key, public_key = generate_key_pair()
message = b'This is a message to be signed'
signature = sign(message, private_key)

print(f'Message: {message.decode()}')
print(f'Signature: {signature}')

is_valid = verify(message, signature, public_key)
print(f'Is the signature valid? {is_valid}')

Message: This is a message to be signed
Signature: ij5CiP8LbC8ARq4bGVtZ9wghiudh783XWA92gLJZodlExWVM99Bl+J8j+yzdPTXv5sLQWIhTyA7bmPRidSL97lxLOhEFNz6RfltfxMFdNiroBr4FoE3PY0aWl/6/7AItzyhQjF6XlIGSUtFhxI9CDnXp9uepAHzMSASmtKic0yd815ao8dKuppvzAoO0JT6Liuhfybyh53vq+mSRKvvkLaDswzLUc2ZJcoaZnc4RH9uriXyriKP3XS5Shkz4b96SAjyx40uqZmKcJfvy3eaHXQ04rNMk8so03KwJyBHBLVs3es3evQk3+zLuZ7ZKPO8vYsYIN2LoRYEC9Rotxk6oZw==
Is the signature valid? True
