In [1]:
import random

# example of Diffie-Hellman-Merkle key exchange

check out [this article](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) on DHM key exchange. extra shoutout to the example, which is super helpful and what we're about to do here

## partner up!

pair up. One of you is partner 1, the other is partner 2. Both of you should execute the following (don't change these numbers!):

In [2]:
p = 23
g = 5

afterward, go through you respective section below and think about each cell you execute. Then, switch roles and try again

## partner 1 does this

this person is Alice

*pick a secret number! Don't tell anyone!!*

In [3]:
p1secretnumber = random.randint(1, 100)
p1secretnumber

13

*prepare a special number to send to partner 2*

In [4]:
forp2 = (g ** p1secretnumber) % p
forp2

21

*give that number to partner 2 and then wait for them to get back to you*

In [8]:
fromp2 = int(input('what number did partner 2 give back to you? '))

what number did partner 2 give back to you? 14


In [9]:
p1result = (fromp2 ** p1secretnumber) % p
p1result

11

*check with partner 2 that you have the same values. Then switch roles*

## partner 2 does this

this person is Bob

*wait for a special number from partner 1*

In [5]:
fromp1 = int(input("what number did partner 1 give you? "))

what number did partner 1 give you? 21


*now you choose your own secret, don't tell partner 1 or anyone!*

In [6]:
p2secretnumber = random.randint(1, 100)
p2secretnumber

43

In [7]:
forp1 = (g ** p2secretnumber) % p
forp1

14

*give that number back to partner 1 and move on*

In [10]:
p2result = (fromp1 ** p2secretnumber) % p
p2result

11

*check with partner 1 that you have the same values. Then switch roles*

## why does this work?

this is simply the result of a property of prime numbers:

$$
\left(a \cdot b\right) \mod n = \left((a \mod n) \cdot (b \mod n)\right) \mod n
$$

to prove: you could write $a = d_a * n + r_a$, and same with b. multiply $a$ and $b$ and all but the remainder terms (the results of the modulo expressions themselves) will fall out because they will have at least one factor of $n$

as a result

$$
\left(g^a \mod p\right)^b = g^{ab} \mod p \\
\left(g^b \mod p\right)^a = g^{ba} \mod p
$$

and the value that you get from that is necessarily identical.

## primitive root diversion

check out [this article](https://en.wikipedia.org/wiki/Primitive_root_modulo_n) on primitive roots

In [11]:
[3 ** i for i in range(1, 7)]

[3, 9, 27, 81, 243, 729]

In [12]:
[(3 ** i) % 7 for i in range(1, 7)]

[3, 2, 6, 4, 5, 1]

In [13]:
def is_primitive(root, modulus):
    return set(range(1, modulus)) == {(root ** i) % modulus for i in range(1, modulus)}

In [14]:
assert is_primitive(g, p)

## concluding thoughts

the process of picking secret numbers and using modulo exponentiation tricks as we did above has one cool feature: between partner 1's secret number, partner 2's secret number, and the secret result, no one in the room knows all three numbers. This is important for public exchange of information -- we just created one shared secret using mutually un-shared secrets.

I wonder if there's an application here...

# making it a bit harder: RSA

Let's do something similar now, but add in a bit more mathematical complexity (we're paranoid)

## partner up!

Same drill, but now you don't even start with the same information. go through you respective section below and think about each cell you execute. Then, switch roles and try again

## partner 1 does this

this person is Alice

*pick two prime numbers with different orders of magnitude. then multiply them -- that's our modulus now*

In [15]:
p = 1987
q = 13

n = p * q
n

25831

*now we do some magic with least common multiples (functions stolend from [here](https://stackoverflow.com/questions/147515/least-common-multiple-for-3-or-more-numbers))*

In [16]:
# ripped straight from here
def gcd(a, b):
    while b:
        a, b = b, a % b
    return a

def lcm(a, b):
    return a * b // gcd(a, b)

*calculate the following SUPER SECRET NUMBER*

In [17]:
lambdaN = lcm(p - 1, q - 1)
lambdaN

3972

*find any number $1 < e < \lambda_n$ such that $e$ and $\lambda_n$ are coprime*

In [18]:
# note: this is a fun but super dumb way to do this. In practice we often just use 
# a favorite number (e.g. 2^16 + 1) every time

while True:
    e = random.randint(1, lambdaN)
    if gcd(e, lambdaN) == 1:
        break
        
e

845

In [19]:
# this cell is set aside for hard-coding the value of e.
# uncomment the line below to hard-code e to a value of 451

#e = 451

*find the [modular multiplicative inverse](https://en.wikipedia.org/wiki/Modular_multiplicative_inverse) of $e$ modulo $\lambda_n$*

In [20]:
d = 1
while True:
    if (d * e) % lambdaN == 1:
        break
    d += 1
        
d

785

In [21]:
print('MY PUBLIC KEYS ARE')
print('  n = {}'.format(n))
print('  e = {} (e is for "encryption")'.format(e))
print('\nMY PRIVATE KEYS ARE')
print('  n = {}'.format(n))
print('  d = {} (d is for "decryption")'.format(d))
print('\nI should also keep the following secret, because they could be used to calculate d:')
print('  p = {}'.format(p))
print('  q = {}'.format(q))
print('  lambdaN = {}'.format(lambdaN))
print('\nso mind your ps and qs, gang')

MY PUBLIC KEYS ARE
  n = 25831
  e = 845 (e is for "encryption")

MY PRIVATE KEYS ARE
  n = 25831
  d = 785 (d is for "decryption")

I should also keep the following secret, because they could be used to calculate d:
  p = 1987
  q = 13
  lambdaN = 3972

so mind your ps and qs, gang


*send your public key values $n$ and $e$ to your partner and move on*

In [25]:
encryptedMessage = int(input('was the encrypted message partner 2 gave you? '))

was the encrypted message partner 2 gave you? 595


*let's decrypt that message*

In [26]:
# note -- d below is totally private, partner 2 doesn't know it
decryptedMessage = (encryptedMessage ** d) % n
decryptedMessage

1447

*check with partner 2 that you have the same values. Then switch roles*

## partner 2 does this

this person is Bob

*wait for a pair of special numbers from partner 1*

In [23]:
fromp1n = int(input("what number did partner 1 give you for n? "))
fromp1e = int(input("what number did partner 1 give you for e? "))

what number did partner 1 give you for n? 25831
what number did partner 1 give you for e? 845


*let's send a message to our partner*

In [24]:
message = 1447
encryptedMessage = (message ** fromp1e) % fromp1n
encryptedMessage

595

*give that encrypted message to partner 1*

*check with partner 1 that they got your message. Then switch roles*

# advanced: ssh keys

the convoluted process above is effectively exactly what is going on when you log in to your `ec2` server. the `ssh` private and public keys that you create are complex files which contain (among several other things) those `n`, `e`, and `d` values we created in the previous section. 

the following section will show you that there is a complex structure to these private and public keys, but underneath it all it is really just a very compact means of communicating several large integers.

let's start by creating a public and private key and seeing how that works.

in a shell session, execute the following:

```shell
ssh-keygen -t rsa
```

and at the prompt, enter

```
/tmp/key
```

as the path of the key. you can pick a different path if you'd like; you will have to update the cells below, though. 

Do not enter a password.

let's read that private key:

In [27]:
%%bash
less /tmp/key

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAumH2f/6cmk0FyMbNpBgfr6+AOybWoMG8L8G+Vq4jQ3FBuWu9
AWYsqE/OxET8g6Us7tvtrVGnYyNb5wWgpN5AC8CIRpKZBymtfeUQtXF+QdBidmiZ
An+UuFOYF1X/hCnrT/g0OxCePG3nNTNEU2h0qCkythJeM++jfL8CHnDDhC102BPR
qYoQk3LE+Mxq4LwOWhB2XnU6NBw1K3Lm75kjvcCfTponcWaGqlX8LkQLCWN/1c2k
lpD4v6MxmMQn0yOzDM3X9/DvOiWfoAILbNzCkYAXVTwMyLzKg8HCcd66t9ppdkmX
/3F/Gwmw9NqPbI5zkdorPD5Hd9QVylP358RwLwIDAQABAoIBADHM0RdcCa303JHM
BNBOndDMfN/RPdHQUh8Ujm4Ms2Fm1p/bmLHSAiaqxF2O7UWjkcD0xKnlwmrr3Ld6
unSy6bv6Iq9wpjDSwwd7eB5zB8BAFL78rb2MJ0mlFGNP2CkRJk3EzPfnNdCBsSB2
5U+//kOcVm9tsvv/kNhZFRDbInKjWfIvB/0hmUf3V2kj4oTX2ghhdw/nCV0kPt9I
pWqIgOlk3alUxMLVJgeRQ7rVpdsnYbdq++XTvSG/KbVtwjsHtn/LYU27gpitG0xa
nn6c8qYAaGUs802D68Gig7GggpJOwdI3EMpudB9mWd3wK/czBl/f4AxopyILhU/8
2W3oNxkCgYEA3YCHal2WT4UijAbrQFqaIZdjD78qyClzkYf0sfY4J0kS1GCLhArL
67tYzpQJ4FKQvNpWYLpHyb3sJu1BKmvZxgyydZDLi+OeYBdnpQOiawp90079CGUM
LKiv4B8tYUieJUctvwSfEYYc0YRftsIik1RGpNh2hddKxjMmByYkChMCgYEA12kx
wsSNsLBFvB4VkSQxHb8h1nhBb6B4IcRVzagF7h2b7U/TSEE5NoCm9ppWsZ

if you received an error, go back and make sure you used `ssh-keygen` to create `/tmp/key` as described two cells above.

remember -- if you're sharing this (like I am, by publishing this), this private key is *totally worthless*

there is also a "public" version of this key, created with the same name and an additional `.pub` extension.

In [28]:
%%bash
less /tmp/key.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6YfZ//pyaTQXIxs2kGB+vr4A7Jtagwbwvwb5WriNDcUG5a70BZiyoT87ERPyDpSzu2+2tUadjI1vnBaCk3kALwIhGkpkHKa195RC1cX5B0GJ2aJkCf5S4U5gXVf+EKetP+DQ7EJ48bec1M0RTaHSoKTK2El4z76N8vwIecMOELXTYE9GpihCTcsT4zGrgvA5aEHZedTo0HDUrcubvmSO9wJ9OmidxZoaqVfwuRAsJY3/VzaSWkPi/ozGYxCfTI7MMzdf38O86JZ+gAgts3MKRgBdVPAzIvMqDwcJx3rq32ml2SZf/cX8bCbD02o9sjnOR2is8Pkd31BXKU/fnxHAv zlamberty@megaman


## key structure

The keys above look like a bunch of random characters, but there is a complicated structure in that string of characters.

These keys can both be parsed into a particular structured format called ASN.1. You can use linux tools to do this parsing, (see below), or you can go to [this awesome online parser site](http://lapo.it/asn1js/).

**note**: you have to do a little conversion to the public key (see two cells below) before the online parser commands will work

In [29]:
%%bash
openssl asn1parse -in /tmp/key

    0:d=0  hl=4 l=1188 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=4 l= 257 prim: INTEGER           :BA61F67FFE9C9A4D05C8C6CDA4181FAFAF803B26D6A0C1BC2FC1BE56AE23437141B96BBD01662CA84FCEC444FC83A52CEEDBEDAD51A763235BE705A0A4DE400BC0884692990729AD7DE510B5717E41D062766899027F94B853981755FF8429EB4FF8343B109E3C6DE7353344536874A82932B6125E33EFA37CBF021E70C3842D74D813D1A98A109372C4F8CC6AE0BC0E5A10765E753A341C352B72E6EF9923BDC09F4E9A27716686AA55FC2E440B09637FD5CDA49690F8BFA33198C427D323B30CCDD7F7F0EF3A259FA0020B6CDCC2918017553C0CC8BCCA83C1C271DEBAB7DA69764997FF717F1B09B0F4DA8F6C8E7391DA2B3C3E4777D415CA53F7E7C4702F
  268:d=1  hl=2 l=   3 prim: INTEGER           :010001
  273:d=1  hl=4 l= 256 prim: INTEGER           :31CCD1175C09ADF4DC91CC04D04E9DD0CC7CDFD13DD1D0521F148E6E0CB36166D69FDB98B1D20226AAC45D8EED45A391C0F4C4A9E5C26AEBDCB77ABA74B2E9BBFA22AF70A630D2C3077B781E7307C04014BEFCADBD8C2749A514634FD82911264DC4CCF7E735D081B12076E54FBFFE439C566F6DB2FBF

the public key (`/tmp/key.pub`) is in openssh format, which is not the expected format (`pem`) for the `openssl` tool. fortunately, we can make the conversion pretty easily:

In [30]:
%%bash
ssh-keygen -f /tmp/key.pub -e -m pem

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAumH2f/6cmk0FyMbNpBgfr6+AOybWoMG8L8G+Vq4jQ3FBuWu9AWYs
qE/OxET8g6Us7tvtrVGnYyNb5wWgpN5AC8CIRpKZBymtfeUQtXF+QdBidmiZAn+U
uFOYF1X/hCnrT/g0OxCePG3nNTNEU2h0qCkythJeM++jfL8CHnDDhC102BPRqYoQ
k3LE+Mxq4LwOWhB2XnU6NBw1K3Lm75kjvcCfTponcWaGqlX8LkQLCWN/1c2klpD4
v6MxmMQn0yOzDM3X9/DvOiWfoAILbNzCkYAXVTwMyLzKg8HCcd66t9ppdkmX/3F/
Gwmw9NqPbI5zkdorPD5Hd9QVylP358RwLwIDAQAB
-----END RSA PUBLIC KEY-----


take that key and write it to file

In [31]:
%%bash
ssh-keygen -f /tmp/key.pub -e -m pem >> /tmp/key.pub.pem
PUBKEY=$(grep -v -- ----- /tmp/key.pub.pem | tr -d '\n')
echo $PUBKEY | base64 -d | openssl asn1parse -inform DER -i

    0:d=0  hl=4 l= 266 cons: SEQUENCE          
    4:d=1  hl=4 l= 257 prim:  INTEGER           :BA61F67FFE9C9A4D05C8C6CDA4181FAFAF803B26D6A0C1BC2FC1BE56AE23437141B96BBD01662CA84FCEC444FC83A52CEEDBEDAD51A763235BE705A0A4DE400BC0884692990729AD7DE510B5717E41D062766899027F94B853981755FF8429EB4FF8343B109E3C6DE7353344536874A82932B6125E33EFA37CBF021E70C3842D74D813D1A98A109372C4F8CC6AE0BC0E5A10765E753A341C352B72E6EF9923BDC09F4E9A27716686AA55FC2E440B09637FD5CDA49690F8BFA33198C427D323B30CCDD7F7F0EF3A259FA0020B6CDCC2918017553C0CC8BCCA83C1C271DEBAB7DA69764997FF717F1B09B0F4DA8F6C8E7391DA2B3C3E4777D415CA53F7E7C4702F
  265:d=1  hl=2 l=   3 prim:  INTEGER           :010001
  270:d=0  hl=4 l= 266 cons: SEQUENCE          
  274:d=1  hl=4 l= 257 prim:  INTEGER           :BA61F67FFE9C9A4D05C8C6CDA4181FAFAF803B26D6A0C1BC2FC1BE56AE23437141B96BBD01662CA84FCEC444FC83A52CEEDBEDAD51A763235BE705A0A4DE400BC0884692990729AD7DE510B5717E41D062766899027F94B853981755FF8429EB4FF8343B109E3C6DE7353344536874A82932B6125E33E

both the public and private keys can be broken up into sequences of integers. Note that the first large integer in the private key (three cells above) is *identical* to the first large integer in the public key (cell immediately above).

this is proof of one of the claims we made in class: the public key can always be constructed from the private key, because the private key contains it in its entirety.

the structure above isn't exactly the most convenient to use, is it? We may have demonstrated that a structure *exists*, but what is it telling us?

fortunately, the `openssl` command has the subcommand `rsa` which allows us to print out those values a little more explicitly:

In [32]:
%%bash
openssl rsa -text -in /tmp/key

Private-Key: (2048 bit)
modulus:
    00:ba:61:f6:7f:fe:9c:9a:4d:05:c8:c6:cd:a4:18:
    1f:af:af:80:3b:26:d6:a0:c1:bc:2f:c1:be:56:ae:
    23:43:71:41:b9:6b:bd:01:66:2c:a8:4f:ce:c4:44:
    fc:83:a5:2c:ee:db:ed:ad:51:a7:63:23:5b:e7:05:
    a0:a4:de:40:0b:c0:88:46:92:99:07:29:ad:7d:e5:
    10:b5:71:7e:41:d0:62:76:68:99:02:7f:94:b8:53:
    98:17:55:ff:84:29:eb:4f:f8:34:3b:10:9e:3c:6d:
    e7:35:33:44:53:68:74:a8:29:32:b6:12:5e:33:ef:
    a3:7c:bf:02:1e:70:c3:84:2d:74:d8:13:d1:a9:8a:
    10:93:72:c4:f8:cc:6a:e0:bc:0e:5a:10:76:5e:75:
    3a:34:1c:35:2b:72:e6:ef:99:23:bd:c0:9f:4e:9a:
    27:71:66:86:aa:55:fc:2e:44:0b:09:63:7f:d5:cd:
    a4:96:90:f8:bf:a3:31:98:c4:27:d3:23:b3:0c:cd:
    d7:f7:f0:ef:3a:25:9f:a0:02:0b:6c:dc:c2:91:80:
    17:55:3c:0c:c8:bc:ca:83:c1:c2:71:de:ba:b7:da:
    69:76:49:97:ff:71:7f:1b:09:b0:f4:da:8f:6c:8e:
    73:91:da:2b:3c:3e:47:77:d4:15:ca:53:f7:e7:c4:
    70:2f
publicExponent: 65537 (0x10001)
privateExponent:
    31:cc:d1:17:5c:09:ad:f4:dc:91:cc:04:d0:4e:9d:
    d0:c

writing RSA key


the modulus number above

```
00:ba:61:f6:7f:fe:9c:9a:4d:05:c8:c6:cd:a4:18:
1f:af:af:80:3b:26:d6:a0:c1:bc:2f:c1:be:56:ae:
23:43:71:41:b9:6b:bd:01:66:2c:a8:4f:ce:c4:44:
fc:83:a5:2c:ee:db:ed:ad:51:a7:63:23:5b:e7:05:
a0:a4:de:40:0b:c0:88:46:92:99:07:29:ad:7d:e5:
10:b5:71:7e:41:d0:62:76:68:99:02:7f:94:b8:53:
98:17:55:ff:84:29:eb:4f:f8:34:3b:10:9e:3c:6d:
e7:35:33:44:53:68:74:a8:29:32:b6:12:5e:33:ef:
a3:7c:bf:02:1e:70:c3:84:2d:74:d8:13:d1:a9:8a:
10:93:72:c4:f8:cc:6a:e0:bc:0e:5a:10:76:5e:75:
3a:34:1c:35:2b:72:e6:ef:99:23:bd:c0:9f:4e:9a:
27:71:66:86:aa:55:fc:2e:44:0b:09:63:7f:d5:cd:
a4:96:90:f8:bf:a3:31:98:c4:27:d3:23:b3:0c:cd:
d7:f7:f0:ef:3a:25:9f:a0:02:0b:6c:dc:c2:91:80:
17:55:3c:0c:c8:bc:ca:83:c1:c2:71:de:ba:b7:da:
69:76:49:97:ff:71:7f:1b:09:b0:f4:da:8f:6c:8e:
73:91:da:2b:3c:3e:47:77:d4:15:ca:53:f7:e7:c4:
70:2f
```

is a [hexadecimal](https://en.wikipedia.org/wiki/Hexadecimal) number. if we were to convert it to 

In [33]:
h = """
00:ba:61:f6:7f:fe:9c:9a:4d:05:c8:c6:cd:a4:18:
1f:af:af:80:3b:26:d6:a0:c1:bc:2f:c1:be:56:ae:
23:43:71:41:b9:6b:bd:01:66:2c:a8:4f:ce:c4:44:
fc:83:a5:2c:ee:db:ed:ad:51:a7:63:23:5b:e7:05:
a0:a4:de:40:0b:c0:88:46:92:99:07:29:ad:7d:e5:
10:b5:71:7e:41:d0:62:76:68:99:02:7f:94:b8:53:
98:17:55:ff:84:29:eb:4f:f8:34:3b:10:9e:3c:6d:
e7:35:33:44:53:68:74:a8:29:32:b6:12:5e:33:ef:
a3:7c:bf:02:1e:70:c3:84:2d:74:d8:13:d1:a9:8a:
10:93:72:c4:f8:cc:6a:e0:bc:0e:5a:10:76:5e:75:
3a:34:1c:35:2b:72:e6:ef:99:23:bd:c0:9f:4e:9a:
27:71:66:86:aa:55:fc:2e:44:0b:09:63:7f:d5:cd:
a4:96:90:f8:bf:a3:31:98:c4:27:d3:23:b3:0c:cd:
d7:f7:f0:ef:3a:25:9f:a0:02:0b:6c:dc:c2:91:80:
17:55:3c:0c:c8:bc:ca:83:c1:c2:71:de:ba:b7:da:
69:76:49:97:ff:71:7f:1b:09:b0:f4:da:8f:6c:8e:
73:91:da:2b:3c:3e:47:77:d4:15:ca:53:f7:e7:c4:
70:2f
"""
h = h.replace(':', '').replace('\n', '')
i = int(h, 16)
i

23528632025451081503654664519357809878788927014931688176803070904651921514735649324143761835639775196479774864949574831534018952634137353983638723762428445841865004899115804198982379976750979547176170474109114878032997154293143184236842715773870150309191001271358262865986157704149864281001740058759671081424469834811972420221509294323803400872858321753572922972215183511013878395298927808012100222333046440517716288464859742372160758961278411579395639226728603713418708072408522126151714702442158279443403857429045942589893673776730493301416192404020542813754080664617618680448286284177102123014222829615588812550191

In [34]:
len(str(i))

617

## let's encrypt and decrypt something

just because we can!

In [35]:
%%bash
echo "my super secret secret is now super secret, except that it's in plain text here" > /tmp/secret.txt

we need an `openssl`-specific public key in order to encrypt:

In [36]:
%%bash
openssl rsa -in /tmp/key -inform PEM -pubout -out /tmp/key.pub.openssl.pem

writing RSA key


use the `openssl rsautl` subcommand along with our `openssl.pem` formatted public key to encrypt any file:

In [37]:
%%bash
openssl rsautl -encrypt -inkey /tmp/key.pub.openssl.pem -pubin -in /tmp/secret.txt -out /tmp/secret.ssl

In [38]:
%%bash
cat /tmp/secret.ssl

!mWKs\��⎉�Ж Nw ,�P�<��{��j�C�+�q�`{�K����m���(t�&��|���!�Br@q�T�U2`d��՗��1�w^UP��L:i�vS�@�|�,M�3���Χ��Y�����=>E�;w����^O��L̠��pzN��m�ñ&�����ͼF|����*\̨��\٦N��#�{b%!T��}��zAd)������J�A�e��fx�����/���R��Bʑ!A��wXV�ri���Q4�To

In [39]:
%%bash
openssl rsautl -decrypt -inkey /tmp/key -in /tmp/secret.ssl

my super secret secret is now super secret, except that it's in plain text here
