<div style="text-align: right">
<font color="#004D7F" size=3>Andrés Fernández Muñoz CC BY-NC-SA 4.0</font><br>
<font color="#004D7F" size=3>Masterclass de Ciberseguridad, IES Fco Giner de los Rios</font><br>


<div style="text-align: left">
<h1><font color="#004D7F" size=5>Python Examples</font></h1>

* [1 Hashing](#section1)
* [2 Symetric encription](#section2)
* [3 Asymetric encription](#section3)
* [4 Digital signing](#section4)
* [5 Steganography](#section5)
* [6 Data Watermarking](#section6)


In [None]:
# Python 3.12.0
# Required libraries:
!pip install numpy==2.2.6
!pip install pandas==2.3.1
!pip install cryptography==45.0.5
!pip install pycryptodome==3.23.0
!pip install opencv-python==4.12.0.88
!pip install requests==2.32.4
!pip install imagehash==4.3.2
!pip install Pillow==11.3.0

<a id="section1"></a>
## <font color="#007BA7">1 Hashing</font>

Non-invertible function that creates a digital footprint of an input:

$$
H : \{0, 1\}^{∗} → \{0, 1\}^{ℓ}
$$

In [2]:
import hashlib

secret_message = "Data to create a hash"

hash_algorithms = {
    "MD5" : hashlib.md5,
    "SHA1" : hashlib.sha1,
    "SHA256" : hashlib.sha256,
    "SHA512" : hashlib.sha512
}

for name, algorithm in hash_algorithms.items():
    hash_result = algorithm(secret_message.encode("utf-8")).hexdigest()
    print(f"{name} hash \t{len(hash_result)*4} bits \t{hash_result}")

MD5 hash 	128 bits 	22c25ba0db617ae48f946b155707a9b2
SHA1 hash 	160 bits 	21160df197c978eb0b7130f49317347fd92419ff
SHA256 hash 	256 bits 	c967ba3d7231ae864a109f03bfbfa3e3d43032c055584f2a4a221e6f69838998
SHA512 hash 	512 bits 	2cd6014d168431668c31d08b027756990810251b6ef6cde0509c50731230f1cb37f3c53fd23c19238c64153991801784dd927041d6ae43976f88ab4df57b7647


In [3]:
import requests

don_quijote = requests.get("https://www.gutenberg.org/files/2000/2000-0.txt").text

don_quijote_modified = don_quijote[:len(don_quijote)//2] + "dummy trash" + don_quijote[len(don_quijote)//2:]

print(f"Quijote length: {len(don_quijote)} characters")
print(f"Quijote modified length: {len(don_quijote_modified)} characters")
print(don_quijote[41040:41500] + "\n\n")

for name, algorithm in hash_algorithms.items():
    hash_result_original = algorithm(don_quijote.encode("utf-8")).hexdigest()
    hash_result_modified = algorithm(don_quijote_modified.encode("utf-8")).hexdigest()
    print(f"{name} hash \t{hash_result_original == hash_result_modified}")
    print(hash_result_original)
    print(hash_result_modified)
    print("")

Quijote length: 2168460 characters
Quijote modified length: 2168471 characters

En un lugar de la Mancha, de cuyo nombre no quiero acordarme, no ha mucho
tiempo que vivía un hidalgo de los de lanza en astillero, adarga antigua,
rocín flaco y galgo corredor. Una olla de algo más vaca que carnero,
salpicón las más noches, duelos y quebrantos los sábados, lantejas los
viernes, algún palomino de añadidura los domingos, consumían las tres
partes de su hacienda. El resto della concluían sayo de velarte, calzas de
velludo para las fie


MD5 hash 	False
a4ebeeed524ddb934271d21a99de9802
75a199afae299b126d8b39121bcffdbe

SHA1 hash 	False
f0860e47d4e041206c1da87551d38af910958eb5
8123eac6912ec260e5f28c0d237a5123057d7a7f

SHA256 hash 	False
392270e534c66988d6e949ba0f9a64117969fde0f2aebbc6efef3314e23e4385
0136c4df039d36b50755d5d76696c884508d4fc92091c938b2da4d3e8fea6ebb

SHA512 hash 	False
f40c59609fc44bb600dbddae4709de4dac5443d980ec267f760bf8000f73f1d32fd46a83581749f24dd0589f74a190bbc1e9268d7dd14722

<a id="section2"></a>
## <font color="#007BA7">2 Symetric encription</font>

Symmetric encryption uses the same key for both encrypting and decrypting data.


### Usages

- Encrypting data in transit (e.g., SSH, SFTP, HTTPS (3-4 years after HTTP))
- Secure storage
- File and disk encryption


### Symmetric Encryption Algorithms

- AES (Advanced Encryption Standard), *AES-128 and AES-256 considerated as secure in 2025*
- Triple DES (3DES), *vulnerated in 2016*
- RC4, *vulnerated in 2001*
- DES (Data Encryption Standard), *vulnerated in 1998*


In [8]:
from base64 import b64encode
from Crypto.Cipher import AES
from Crypto.Util.Padding import pad, unpad
from Crypto.Random import get_random_bytes

block_size = 32                                       # AES block size: 32 bytes (256 bits)
private_key = get_random_bytes(block_size)
print(f"Key: {b64encode(private_key).decode('utf-8')}")
cipher = AES.new(private_key, AES.MODE_CBC)
secret_message = b"secret"
print(secret_message)

secret_message_encripted = cipher.encrypt(pad(secret_message, block_size))
print(secret_message_encripted)

cipher_decrypt = AES.new(private_key, AES.MODE_CBC, cipher.iv)
secret_message_decripted = unpad(cipher_decrypt.decrypt(secret_message_encripted), block_size)
print(secret_message_decripted)

print(secret_message == secret_message_decripted)


Key: bE7GEcKG8/uDWfumIx0NXY9zo8A02wiACNy2MKSgdVY=
b'secret'
b'\xc3.\xdd7\xea\xe0\x0f\xa3\x1c\xd6\xea"mM\x07\xbe\x07\xcd+\xc8u\xc2\xa7W,Rz\xf5\xdf\xb0\xa3\xb3'
b'secret'
True


<a id="section3"></a>
## <font color="#007BA7">3 Asymetric encription</font>

Usages:
- Symmetric key sharing (SSL/TLS Protocols) (Diffie-Hellman)

Main algorithms:
- RSA (Rivest-Shamir-Adleman)

- ECC (Elliptic Curve Cryptography)

In [10]:
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization, hashes

private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048,)

# PEM: Privacy Enhanced Mail
pem = private_key.private_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PrivateFormat.PKCS8,
   encryption_algorithm=serialization.NoEncryption()
)
print(pem.decode("utf-8"))


public_key = private_key.public_key()
pem = public_key.public_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PublicFormat.SubjectPublicKeyInfo
)
print(pem.decode("utf-8"))


-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDMAtbnGJhX0lpV
Mn3B66YoFeMSAGIQC7Y6PlAkHmo/EijW2EluWG8w57H5dn8IsI78gh8eqSIVBGCC
uvKh3MSoF8qD9jslai/S5f3EMy5mVwTlCtusokgpI2A/fIXpOC/28NV2fKnPQx1A
z8h//sbh8tcAxIy1fKPN/doapCBunOBp2CbZnbzOechrPw4KnFqGTrKaDzs9Ib+U
Bd5Q+fE0F/pa/l+qGytaHeYAFl0ddJyo/TSs9Ux2z4xI6BETOklVzpVUAyFcnqo9
hGUOFL7Jo61pLpyyKRMXaEeRVr/cFBjtWwWpI1WXJDCA7XQ2zOw6HkcrptJLRbNz
DYHjZuWnAgMBAAECggEAJF5BNzNAPS+noNZ+aqp6lVzJfPUKhjfARYPEP5wYbqPr
Gdm2xXAIalxzcrg4DzGCW+tKZunZxItiNQvkoww7FogfNwUXKCVU3zDW2zoQhHfw
zG/yF0VavdKrnsWxDZFRo6DtPNEeaG9bcKlZ4c9mXvMudtmTB+tvPBKL5gHqMi19
mZqd4UlhC11q4blXTZCMnOwuy6yPDCiUY3gL1nATOpAFe5i4NpKML4tcByXXQqCM
mgXbTG3ZziwzoK0wDfNoL42SZjPnrpJ4W7VMrzNJdTWZ0Tn8jp/0MzRjgrcyR8IU
grDCwTTNGD4KTJI5WrEamBOXuUcAiDa4HUUM+myfIQKBgQDuoYUkYXCuBk3yu68K
ZoycIPaBhMKuGJdnVliUDdorXiJYSxTACtaD9UTn8RzbhKNpFe8a8/xqvqzf+Wa/
aMsipHKuvRoawZg521Ff5H5rhaCwikqMGYgH88HaWCEHumyfMr21dk2Ig377Z0LR
xyAuVwuHpV1OvYUwzAcOELOWtwKBgQDa3DzYiBm5VHyY/GdYOVScHWlKFo/qXQ

In [11]:

message = bytes("4340qv3iw9ea", "utf-8")
encrypted = public_key.encrypt(
    message,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

decrypted = private_key.decrypt(
    encrypted,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

print("Encrypted:", encrypted)
print("Decrypted:", decrypted.decode())


Encrypted: b'\x9b\x89\xd0\xc3\x0bo\xfe\xe399^\x17\xcd\xc2\xa0\x9f\xd8\x84\xee$9?\xb7\xc3\x8c\x85\x08\xc4Z\xeb\xf8\x02\xc4\xcc\xc1le\x06K\x91\x03*6\x85\xd6\x0br(u\x9e\x11ng\xa1a\xfe\x908\xb2\xc1*\x88K\x99$x)\x99\xcc\xf0\x06\xber\x95B\x1bF\xa4\x97\xfb\x94"\x8cNx\xc8u";X\xc4v\xea\x8b$\x95\xect,\xd9(\xb0\x83\xa9W\x1b\t\xfb1\x98asF\xe6\x17\xe2\xd6-\x92\x9e\xadp\x1a\x9b\xf3\x14\xc9\x03)\x1fQC^i8\xb2\xef\xd8\xbc\xcaP\xe2\xfb\xcd\xed\x08\xc4\x02\xcbi\xf3`\x01jH\xec\xf8\xca^J6\x93\xe8\xd4/L6\xf1\xa5\xa9\x9dd\xa4\xb3F\xa0\x06\xc9\xa3S.\'E\x06\xa9\xb5JYm\xc6\xe3\x90\xbd\xe7&\x15\x94\x86A\x06\xa1#y\xb9\xa5\xd5\xd8\xc4\xc6\xec\x0e\xc4Z\xfc\x97\xf2\xe6\x85\x97&\xe2\x87\x8a\x0e\xeb\xadw\xb3y\x1d\x81\x9e\xde4\xdb$\xc1\xa3yCH`\xd3\x81\xe5(\xe1d_\xc6\xacj\x02\x11f\xf0'
Decrypted: 4340qv3iw9ea


<a id="section4"></a>
## <font color="#007BA7">4 Digital signing</font>

Digital signatures are used to verify the authenticity and integrity of a message or document. They provide a way to ensure that the sender is who they claim to be and that the message has not been altered in transit.


In [13]:
from Crypto.PublicKey import RSA
from Crypto.Signature import pkcs1_15
from Crypto.Hash import SHA256

private_key = RSA.generate(2048)
public_key = private_key.publickey()
message = b"This is a signed message"

h = SHA256.new(message)
signature = pkcs1_15.new(private_key).sign(h)


def verify_signature(public_key, message, signature):
    h = SHA256.new(message)
    try:
        pkcs1_15.new(public_key).verify(h, signature)
        print("OK      Signature verified")
    except (ValueError, TypeError):
        print("ERROR   Signature invalid")


verify_signature(public_key, message, signature)
verify_signature(public_key, b"message tampered" + message, signature)



OK      Signature verified
ERROR   Signature invalid


<a id="section5"></a>
# <font color="#007BA7">5 Steganography</font>

Steganography is the practice of hiding a message within another message, so that the hidden message is not obvious or detectable by an observer. It's a form of covert communication that aims to hide not only the message itself but also the fact that a message is being hidden

[Python library for steanography](https://github.com/ShieldMnt/invisible-watermark)

In [17]:
import cv2 as opencv
import numpy as np

# LSB Steganography: hiding messages in the least significant bits of an image

def encode_image(img_path, message, output_path):
    img = opencv.cvtColor(opencv.imread(img_path), opencv.COLOR_BGR2RGB)
    flat_img = img.flatten()

    binary_msg = ''.join([format(ord(c), '08b') for c in (message + "###")])

    for i in range(len(binary_msg)):
        flat_img[i] = (flat_img[i] & 0xFE) | int(binary_msg[i])

    new_img = flat_img.reshape(img.shape)
    new_img_bgr = opencv.cvtColor(new_img, opencv.COLOR_RGB2BGR)
    opencv.imwrite(output_path, new_img_bgr)


def decode_image(img_path):
    img = opencv.cvtColor(opencv.imread(img_path), opencv.COLOR_BGR2RGB)
    flat_img = img.flatten()

    bits = [str(byte & 1) for byte in flat_img]
    chars = [chr(int(''.join(bits[i:i+8]), 2)) for i in range(0, len(bits), 8)]
    message = ''.join(chars).split("###")[0]
    return message


In [None]:
secret_message = "The treasure is under the sofa in the village house"

encode_image("image.jpg", secret_message, "img_encoded.png")
print("Decoded message:", decode_image("img_encoded.png"))

Decoded message: The treasure is under the sofa in the village house


<a id="section6"></a>
# <font color="#007BA7">6 Data Watermarking</font>

Data Watermarking is a technique used to embed information into a message or multimedia content, such as an image, audio, or video file, in a way that is difficult to remove or alter. The embedded information, known as the watermark, can be used for various purposes, including copyright protection, ownership verification, and content tracking.


In [19]:
import cv2 as opencv
import numpy as np

def watermark_image(img_path, img_watermark, output_path):
    img = opencv.cvtColor(opencv.imread(img_path), opencv.COLOR_BGR2RGB)
    img_wm = opencv.cvtColor(opencv.imread(img_watermark), opencv.COLOR_BGR2RGB)
    img_wm = opencv.resize(img_wm, (img.shape[0], img.shape[1]))

    flat_img = img.flatten()
    flat_img_wm = img_wm.flatten()

    for i in range(len(flat_img)):
        flat_img[i] = (flat_img[i] & 0xFE) | ( 1 if int(flat_img_wm[i]) > 50 else 0)

    new_img = flat_img.reshape(img.shape)
    new_img_bgr = opencv.cvtColor(new_img, opencv.COLOR_RGB2BGR)
    opencv.imwrite(output_path, new_img_bgr, [opencv.IMWRITE_PNG_COMPRESSION, 0])


def decode_watermark(img_path, output_path):
    img = opencv.cvtColor(opencv.imread(img_path), opencv.COLOR_BGR2RGB)
    flat_img = img.flatten()

    for i in range(len(flat_img)):
        flat_img[i] = (0 if int(flat_img[i] & 0x01) > 0 else 255)

    new_img = flat_img.reshape(img.shape)
    new_img_bgr = opencv.cvtColor(new_img, opencv.COLOR_RGB2BGR)
    opencv.imwrite(output_path, new_img_bgr)


def simulate_forgery(image_path, output_path, mask_rect=(200, 200, 300, 300)):
    img = opencv.imread(image_path)
    x, y, w, h = mask_rect
    opencv.rectangle(img, (x, y), (x + w, y + h), (255, 255, 255), -1)
    opencv.imwrite(output_path, img, [opencv.IMWRITE_PNG_COMPRESSION, 0])



In [None]:
watermark_image("image.jpg", "watermark.jpg", "img_wm.png")
simulate_forgery("img_wm.png", "img_wm_forg.png")
decode_watermark("img_wm.png", "img_wm_des.jpg")
decode_watermark("img_wm_forg.png", "img_wm_forg_des.jpg")