<a href="https://colab.research.google.com/github/RicPu/isde-git/blob/main/CryptoLabCTRM2024_With_solutions.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Asymmetric encryption: RSA

In [None]:
!pip install rsa



In [None]:
import rsa

# https://en.wikipedia.org/wiki/PKCS_1
# generate the keys and save them in PKCS1 format
def generateKeys():
    (publicKey, privateKey) = rsa.newkeys(1024)
    with open('keys/publicKey.pem', 'wb') as p:
        p.write(publicKey.save_pkcs1('PEM'))
    with open('keys/privateKey.pem', 'wb') as p:
        p.write(privateKey.save_pkcs1('PEM'))

# load the keys and return them
def loadKeys():
    with open('keys/publicKey.pem', 'rb') as p:
        publicKey = rsa.PublicKey.load_pkcs1(p.read())
    with open('keys/privateKey.pem', 'rb') as p:
        privateKey = rsa.PrivateKey.load_pkcs1(p.read())
    return privateKey, publicKey

# encrypt a message string
def encrypt(message, private_key):
    return rsa.encrypt(message.encode('ascii'), private_key)

# decrypt a ciphertext and return False if any error occurs, the plaintext string otherwise
def decrypt(ciphertext, private_key):
    try:
        return rsa.decrypt(ciphertext, private_key).decode('ascii')
    except:
        return False

# https://www.w3.org/PICS/DSig/RSA-SHA1_1_0.html
# sign a message with a SHA-1 signature type
def sign(message, private_key):
    return rsa.sign(message.encode('ascii'), private_key, 'SHA-1')

# verify the message signature, return True if the signature is correctly verified, false otherwise
def verify(message, signature, public_key):
    try:
        return rsa.verify(message.encode('ascii'), signature, public_key,) == 'SHA-1'
    except:
        return False

In [None]:
# key generation and loading
generateKeys()
privateKey, publicKey = loadKeys()

# message to encrypt
message = input('Write your message here:')

# encryption
ciphertext = encrypt(message, privateKey)

# signature
signature = sign(message, privateKey)

# decryption
text = decrypt(ciphertext, privateKey)

# print the results
print(f'Cipher text: {ciphertext}')
print(f'Signature: {signature}')

if text:
    print(f'Message text: {text}')
else:
    print(f'Unable to decrypt the message.')

if verify(text, signature, publicKey):
    print("Successfully verified signature")
else:
    print('The message signature could not be verified')

Write your message here:hello
Cipher text: b'x\x1e}\x85L/\xb9}\xc7gJ\xf4\xae\xb9\x96\xf4\xa3\x07\xabk\x847\x17\xf5$\x899\xce\\F\x91\xe3\xaa\x05}4[\xb7\x85\xfc,\x86\x91\xfc\xa0h\x85\x19]\x9f\xa8{#\x07\xa4\xe5\xc3o\xd0x9\x1d\x86\xde\xfa!5h!\xbe\xc6\x8f\x1c\x8e:xV\x8b.a\xdc\xf08\x9f\x9f\xa3\xcc\x93._.\x9c8\xe4\xca\x19i\xef\xa2\x8b5\x14z\xdd?\xd3E\x01W\x90\x10\xed\x1f\x99\xaeG{\xb9(\x86!\xb6\xdb\x03\x08\x90\xea\xcc'
Signature: b'\\?\xed\x8f\xedb\xe04\xbeK=\x93\x8e\x1f7\xcf\x1fq\xc8?+\xef\xf4\x87\xc9\xf1\xdb\x96\xfd\x05\xc1\xf2\xd0\xf8\x80}O\xa74\x04\xfb\x87u\xd5\xce\xa8R3\x00 \xc0\xa7*G+%\xa8\xd6\x89\x80G\xb3\x9d\xebT\x11\x1c\xe1J\xcb\xf5\xd7\x184F\x93/\x07f\xe9\x944\x05\xf6l2\x94pX\xf6\xebY\x95\x02\x9b\xf2\xd2Gi\xab\xb6\xdf>\x01Px\x94\x959\xab\xf0\xc1\x82\xe6_{\x06\x0f\xda\x07~\x8e\xfbC\x97\xc9\xcaC'
Message text: hello
Successfully verified signature


In [None]:
!pip install pycryptodome

from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import binascii

Collecting pycryptodome
  Downloading pycryptodome-3.20.0-cp35-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.1 MB)
[?25l     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.0/2.1 MB[0m [31m?[0m eta [36m-:--:--[0m[2K     [91m━━━━━━━━━━━━━━[0m[90m╺[0m[90m━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.7/2.1 MB[0m [31m22.4 MB/s[0m eta [36m0:00:01[0m[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m2.1/2.1 MB[0m [31m33.2 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pycryptodome
Successfully installed pycryptodome-3.20.0


In [None]:
# key generation
keyPair = RSA.generate(1024)

pubKey = keyPair.publickey()
print(f"Public key:  (n={pubKey.n}, e={pubKey.e})")
pubKeyPEM = pubKey.exportKey()
print(pubKeyPEM.decode('ascii'))

print(f"Private key: (n={hex(pubKey.n)}, d={hex(keyPair.d)})")
privKeyPEM = keyPair.exportKey()
print(privKeyPEM.decode('ascii'))

# encryption and decryption
msg = b'A message for encryption'
encryptor = PKCS1_OAEP.new(pubKey)
print(pubKey.n) # http://factordb.com/
decryptor = PKCS1_OAEP.new(keyPair)
encrypted = encryptor.encrypt(msg)
print("Encrypted:", binascii.hexlify(encrypted))

decrypted = decryptor.decrypt(encrypted)
print("Decrypted:", decrypted)

Public key:  (n=141207672647161088441287674565648277110868084240616054522616417962727063677461099216392780343132494891038164345053657875011528101465547536098564917337676894280355288709796473090467011523470218312299552973077032520726256145416951244435679079067139883258427118945837772375393004777279573908009303941649406913269, e=65537)
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJFh5af65QeZw6iWpaeonbOIhV
uC1sl6ERW072pGWjf59skOPE6INZyoMD/vl1LxlIcpdXbGKV+YoUcJULQXGHSjqk
bQyqeSgLoxCjRFw0M6jcCZq916l2bLTxSFT5a5Zm2+e3M16CQlMNFL7FsHfYsL6d
k0ijv+j87Sbq1Fxq9QIDAQAB
-----END PUBLIC KEY-----
Private key: (n=0xc9161e5a7fae50799c3a896a5a7a89db388855b82d6c97a1115b4ef6a465a37f9f6c90e3c4e88359ca8303fef9752f19487297576c6295f98a1470950b4171874a3aa46d0caa79280ba310a3445c3433a8dc099abdd7a9766cb4f14854f96b9666dbe7b7335e8242530d14bec5b077d8b0be9d9348a3bfe8fced26ead45c6af5, d=0x20fd1b72ae52ab0a205aac13820f6b5147077ac491d32856f8b1799555e804b819afe65f2f7d139b65f133751f789d86f0cf37cbd450a219

## Excercise: RSA attack

You manage to intercept an rsa encrypted message:
11700901449779765763508101081

We know that it contains only one word
We also know the public key:

n = 132420683385315910791872800790076560548274292915602211551970038528407686609679552632778004136225026734894405625585255079274407744373849604560084628804772237703552168790280768702939708169783196212168917735971708699471743264252681591112502545288149137877768737422686737460701423105441179752299232063182125115961

e = 2

Can you retrieve the original message?

In [None]:
from Crypto.Util.number import long_to_bytes, bytes_to_long

message = b"Hello!"
int_msg = bytes_to_long(message)
print(int_msg)
bytes_msg = long_to_bytes(int_msg)
print(bytes_msg)

79600447942433
b'Hello!'


## Solution

In [None]:
import math
from Crypto.Util.number import long_to_bytes, bytes_to_long

ct = 11700901449779765763508101081
print("Ciphertext=", ct)
pt = int(math.sqrt(ct))
print("Plaintext (numeric)=", int(pt))
print("Plaintext=",long_to_bytes(pt))

Ciphertext= 11700901449779765763508101081
Plaintext (numeric)= 108170705136741
Plaintext= b'battle'


# Hashing

In [None]:
import hashlib
# SECURE - sha256
m = hashlib.sha256()

# we can add as many bytes to be hashed as we want
m.update(b"Nobody inspects")
m.update(b" the spammish repetition")
print(m.hexdigest())
print(len(m.hexdigest()))
# 031edd7d41651593c5fe5c006fa5752b37fddff7bc4e843aa6af0c950f4b9406

031edd7d41651593c5fe5c006fa5752b37fddff7bc4e843aa6af0c950f4b9406
64


In [None]:
# NOT SECURE - md5
m = hashlib.md5()
m.update(b"test")
print(m.hexdigest())
print(len(m.hexdigest()))

098f6bcd4621d373cade4e832627b4f6
32


## Excercise: Finding a collision
### The exam results are out! Unfortunately your grade is 18. Now you are required to send an email to accept your grade containing the sentence "I accept my grade of 18". An automatic grade-registering platform calculates the md5 of the text of your email, takes the first 6 characters, and checks if they equal to "e88792". The automatic platform only reads the sentence until the grade, everything else is discarded. Can you produce a sentence that starts with "I accept my grade of 30" and that has an hash equal to "e88792"?

## Implement your solution here

In [None]:
m = hashlib.md5()
grade = b"I accept my grade of 18 "
m.update(grade)
to_collide = m.hexdigest()[0:6]
print(to_collide)
# Implement solution

e88792


## Solution

In [None]:
m = hashlib.md5()
grade = b"I accept my grade of 18 "
m.update(grade)
to_collide = m.hexdigest()[0:6]


k = 0
while True:
  exploit = b"I accept my grade of 30 -"+ bytes(str(k), 'utf-8')
  m = hashlib.md5()
  m.update(exploit)
  collision = m.hexdigest()[0:6]
  if to_collide == collision:
    print("Collision found")
    print(collision, exploit)
    break
  k+=1


Collision found
e88792 b'I accept my grade of 30 -1856943'


# Symmetric encryption: AES

![AES ECB](https://upload.wikimedia.org/wikipedia/commons/c/c4/Ecb_encryption.png)
![AES CBC](https://upload.wikimedia.org/wikipedia/commons/thumb/8/80/CBC_encryption.svg/600px-CBC_encryption.svg.png)

In [None]:
!pip install pycryptodomex

Collecting pycryptodomex
  Downloading pycryptodomex-3.20.0-cp35-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl (2.1 MB)
[?25l     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.0/2.1 MB[0m [31m?[0m eta [36m-:--:--[0m[2K     [91m━━━[0m[90m╺[0m[90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.2/2.1 MB[0m [31m4.7 MB/s[0m eta [36m0:00:01[0m[2K     [91m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m[91m╸[0m [32m2.1/2.1 MB[0m [31m40.2 MB/s[0m eta [36m0:00:01[0m[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m2.1/2.1 MB[0m [31m26.4 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pycryptodomex
Successfully installed pycryptodomex-3.20.0


In [None]:
from Cryptodome.Cipher import AES
# if the message is not a multiple of 16 in length we need to add some padding
def pad(pt):
    while len(pt) % 16:
        pt += b'0'
    return (pt)

# encrypt the plaintext and return the ciphertext
def encrypt(plain):
    key = b'abcedf0123456789'
    cipher = AES.new( key, AES.MODE_ECB)
    padded_pt = pad(plain)
    return cipher.encrypt(padded_pt)

# decrypt the ciphertext and return the plaintext
def decrypt(ciphertext):
    key = b'abcedf0123456789'
    cipher = AES.new( key, AES.MODE_ECB)
    return cipher.decrypt(ciphertext)

ciphertext = encrypt(b"AAAATAAAAAABAAAAFAAAAAAAAAAABAAAAAAAA")
print(ciphertext)
plaintext = decrypt(ciphertext)
print(plaintext)
# b'\xc3&A\x8c\x02(\x04{\x9f|\x7f\x93\xdf}\x81\xf4=Z\x97]{\xc7p\x8b__\xe6\x17Ao\x9c\xcb\xae|\xc7\x84\x8ar\x04\x87a\x9f\x99\xb7\xf7\x9a\xf4\xda'


b'\xafqr\xff\x86S\x87r\xc5l\x81!\xf3\xd4E,A\xc3\xb8\x06,Y\xfd\x0e\r\xa6\x8bw\xe4V\xcd\xe2\xae|\xc7\x84\x8ar\x04\x87a\x9f\x99\xb7\xf7\x9a\xf4\xda'
b'AAAATAAAAAABAAAAFAAAAAAAAAAABAAAAAAAA00000000000'


## Excercise: ECB Oracle Attack
### The oracle has spoken! It is appending a secret message to what you send. Can you find out what the secret is?
### We know that the secret is 16 characters long and that the block size is 16
####--------------------------------------------------------------------------
## ECB Oracle Attack explained (the | symbol is used to separate blocks)
####A A A A A A A A A A A A A A A T | H I S I S T H E S E C R E T ! 0 |

#####produces the ciphertext abcdefg | uvwxyz

####We can now bruteforce

####A A A A A A A A A A A A A A A B | T H I S I S T H E S E C R E T ! |
####which produces ciphertext = hijklmn | jklmnop
####A A A A A A A A A A A A A A A C | T H I S I S T H E S E C R E T ! |
####which produces ciphertext = dfhkjda | jklmnop
####A A A A A A A A A A A A A A A D | T H I S I S T H E S E C R E T ! |
####...
####and so on until we encrypt
####A A A A A A A A A A A A A A A T | T H I S I S T H E S E C R E T ! |
####which produces again the ciphertext abcdefg | jklmnop , so we know that T is the first letter of the secret message
####--------------------------------------------------------------------------
# Do not watch what is inside the following cells. Just execute them.

In [None]:
!pip install pycryptodome
from Cryptodome.Cipher import AES

def pad(pt):
    while len(pt) % 16:
        pt += b'0'
    return (pt)

def encrypt(plain):
    key = b'0123456789abcedf'
    cipher = AES.new( key, AES.MODE_ECB )
    padded_pt = pad(plain+b'AESECB-leaking!!')
    return cipher.encrypt(padded_pt).hex()




## Implement your solution here

In [None]:
import string

print(string.printable) # this can be useful to bruteforce

# This is the function that simulates an oracle. You need to used this to find the secret message
print(encrypt(b'testmessage'))
print(encrypt(b'')) # this will return the encrypted secret message

0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ 	

ca8669016c6c86aa6b58620a6a7a6df3e5dc262f902a57d86ccb1ad9a168b069
4552ea9190d5f6efac718e8425bed6b6


### Solution

In [None]:
import string

i = 1
secret_message = ''
while i <= 16:
  to_guess = encrypt(b'A'*(16-i))[:16]
  for c in string.printable:
    cipher = encrypt(b'A'*(16-i)+bytes(secret_message,'utf-8')+bytes(c,'utf-8'))
    if to_guess == cipher[:16]:
      secret_message+=c
      print(secret_message)
      i+=1
      break


A
AE
AES
AESE
AESEC
AESECB
AESECB-
AESECB-l
AESECB-le
AESECB-lea
AESECB-leak
AESECB-leaki
AESECB-leakin
AESECB-leaking
AESECB-leaking!
AESECB-leaking!!


# PDF File manipulation

In [None]:
!pip install pypdf
!pip install reportlab

Collecting pypdf
  Downloading pypdf-4.1.0-py3-none-any.whl (286 kB)
[?25l     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m0.0/286.1 kB[0m [31m?[0m eta [36m-:--:--[0m[2K     [91m━━━━━━━━━━━━━━━━━━━━━━[0m[91m╸[0m[90m━━━━━━━━━━━━━━━━━[0m [32m163.8/286.1 kB[0m [31m4.6 MB/s[0m eta [36m0:00:01[0m[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m286.1/286.1 kB[0m [31m5.5 MB/s[0m eta [36m0:00:00[0m
[?25hInstalling collected packages: pypdf
Successfully installed pypdf-4.1.0
Collecting reportlab
  Downloading reportlab-4.1.0-py3-none-any.whl (1.9 MB)
[2K     [90m━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━[0m [32m1.9/1.9 MB[0m [31m26.8 MB/s[0m eta [36m0:00:00[0m
Installing collected packages: reportlab
Successfully installed reportlab-4.1.0


In [None]:
import pypdf
from pypdf import PdfReader, PdfWriter
import io
from reportlab.pdfgen import canvas
from reportlab.lib.pagesizes import letter
import hashlib

# Create PDF File
packet = io.BytesIO()
can = canvas.Canvas(packet, pagesize=letter)
can.setFont('Helvetica', 25)
can.drawString(100, 500, "This is a simple PDF file")
can.save()

#move to the beginning of the StringIO buffer
packet.seek(0)

# create a new PDF with Reportlab
new_pdf = PdfReader(packet)

output = PdfWriter()

output.add_page(new_pdf.pages[0])
output.add_metadata( {
        "/Author": "Lorenzo",
        "/Producer": "CTRM Course",
    })
# finally, write "output" to a real file
output_stream = open("test.pdf", "wb")
output.write(output_stream)
output_stream.close()

# How to calculate the sha256 of our PDF file
pdf = open('test.pdf', 'rb')
pdf_content = pdf.read()
pdf_hash = hashlib.sha256(pdf_content).hexdigest()
print(pdf_hash)
# ac3c43dbe9f083db760ec899f46532c32a89364f5b6b7c0dd861337913181b71

ac3c43dbe9f083db760ec899f46532c32a89364f5b6b7c0dd861337913181b71


In [None]:
# How to load PDFs and get information on their content

pdf = PdfReader("test.pdf")
print(pdf)

print(pdf.metadata)
print(pdf.pages)
print(pdf.pages[0])
print(pdf.pages[0].extract_text())


<pypdf._reader.PdfReader object at 0x78f5dbdfa980>
{'/Producer': 'CTRM Course', '/Author': 'Lorenzo'}
[PageObject(0)]
{'/Contents': IndirectObject(5, 0, 132997351188864), '/MediaBox': [0, 0, 612, 792], '/Resources': {'/Font': IndirectObject(6, 0, 132997351188864), '/ProcSet': ['/PDF', '/Text', '/ImageB', '/ImageC', '/ImageI']}, '/Rotate': 0, '/Trans': {}, '/Type': '/Page', '/Parent': IndirectObject(1, 0, 132997351188864)}
This is a simple PDF file

