In [1]:

import os
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
import smtplib
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
from email.mime.application import MIMEApplication
import hashlib

from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC

In [2]:
# Generate RSA key pair
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
    backend=default_backend()
)
public_key = private_key.public_key()

In [3]:
# Create digital signature
file_path = "file_to_sign.txt"
with open(file_path, "rb") as f: 
    file_data = f.read()
signature = private_key.sign(
    file_data,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)

In [4]:

# Save public key to file
public_key_file = "public_key.pem"
with open(public_key_file, "wb") as f:
    f.write(public_key.public_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PublicFormat.SubjectPublicKeyInfo
    ))



In [5]:
#encrypt file

file_to_encrypt = "file_to_encrypt.txt"
with open(file_to_encrypt, "rb") as f:

    file_data = f.read()

password = "my_password".encode('utf-8')  # Encode the passphrase string as bytes
salt = os.urandom(16)  # Generate a random salt
iterations = 100000  # Set the number of iterations for PBKDF2

# Derive a 256-bit key using PBKDF2 with HMAC-SHA256
kdf = PBKDF2HMAC(algorithm=hashlib.sha256(), length=32, salt=salt, iterations=iterations)
private_key = kdf.derive(password)

iv = os.urandom(16)  # Generate a random IV (16 bytes for AES-CBC)

cipher = Cipher(algorithms.AES(private_key), modes.CBC(iv), backend=default_backend())
encryptor = cipher.encryptor()
encrypted_data = encryptor.update(file_data) + encryptor.finalize()


In [6]:
# Save encrypted data to file
encrypted_file = "encrypted_file.bin"
with open(encrypted_file, "wb") as f:
    f.write(iv + encrypted_data)

In [7]:
# Send encrypted file by email
#NOTE: you will need to create app specific password for gmail if you have TFA on and use it as sender_password
sender_email = "email@example.com"  
sender_password = "boimqeztuogjtcau"
recipient_email = "email@example.com"
subject = "Encrypted file"
body = "Please find the encrypted file attached."

msg = MIMEMultipart()
msg['From'] = sender_email
msg['To'] = recipient_email
msg['Subject'] = subject
msg.attach(MIMEText(body))

with open(encrypted_file, "rb") as f: 
    
    attachment = MIMEApplication(f.read(), _subtype="bin")
    attachment.add_header('Content-Disposition', 'attachment', filename=encrypted_file)
    msg.attach(attachment)

with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp:
    smtp.login(sender_email, sender_password)
    smtp.send_message(msg)

In [9]:


# Decrypt file and verify digital signature
with open(encrypted_file, "rb") as f:
    data = f.read()
    iv = data[:16]
    encrypted_data = data[16:]

cipher = Cipher(algorithms.AES(private_key), modes.CBC(iv), backend=default_backend())
decryptor = cipher.decryptor()
decrypted_data = decryptor.update(encrypted_data) + decryptor.finalize()

with open("decrypted_file.txt", "wb") as f:
    f.write(decrypted_data)

with open("public_key.pem", "rb") as f: 
    public_key = serialization.load_pem_public_key(
        f.read(),
        backend=default_backend()
    )

with open("decrypted_file.txt", "rb") as f:
    file_data = f.read()
try:
    public_key.verify(
    signature,
    file_data,
    padding.PSS(
    mgf=padding.MGF1(hashes.SHA256()),
    salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
    )
    print("Digital signature is valid")
except:
    print("Digital signature is not valid")


Digital signature is valid
