# Hazmat Primitives in Cryptography

One of the useful library for crypto primitives in Python is called cryptography. It contain both "secure" primitives and a "hazmat" layer. Overall the "hazmat" layer should be treated with care, as it could contain security vulnerabilities. In this case we will implement a number of hashing primitives with the "hazmat" layer.

## Hashing

Within hashing methods, we take data in the form of a byte array, and then create a fixed length hash value. For MD5, the length of the hash is 128 bits, for SHA-1 it is 160 bits, and for SHA-256, it is 256 bits. In the following we will use the hashing methods supported by the Hazmat primitive. This includes MD5, SHA-1 and SHA-256:

In [None]:
from cryptography.hazmat.primitives import hashes
import binascii
import sys
from cryptography.hazmat.backends import default_backend

st = "00"
hex=False
showhex="No"

def show_hash(name,type,data):
  digest = hashes.Hash(type,backend=default_backend())
  digest.update(data)
  res=digest.finalize()
  hex=binascii.b2a_hex(res).decode()
  b64=binascii.b2a_base64(res).decode()
  print (f"{name}: {hex} {b64}")

if (showhex=="yes"): hex=True

try:
	if (hex==True): data = binascii.a2b_hex(st)
	else: data=st.encode()


	print ("Data: ",st)
	print (" Hex: ",binascii.b2a_hex(data).decode())
	print()

	show_hash("Blake2p (64 bytes)",hashes.BLAKE2b(64),data)
	show_hash("Blake2s (32 bytes)",hashes.BLAKE2s(32),data)
	show_hash("MD5",hashes.MD5(),data)
	show_hash("SHA1",hashes.SHA1(),data)	
	show_hash("SHA224",hashes.SHA224(),data)
	show_hash("SHA256",hashes.SHA256(),data)
	show_hash("SHA384",hashes.SHA384(),data)
	show_hash("SHA3_224",hashes.SHA3_224(),data)
	show_hash("SHA3_256",hashes.SHA3_256(),data)
	show_hash("SHA3_384",hashes.SHA3_384(),data)
	show_hash("SHA3_512",hashes.SHA3_512(),data)
	show_hash("SHA512",hashes.SHA512(),data)
	show_hash("SHA512_224",hashes.SHA512_224(),data)
	show_hash("SHA512_256",hashes.SHA512_256(),data)
	show_hash("SHAKE128 (64 bytes)",hashes.SHAKE128(64),data)
	show_hash("SHAKE256 (64 bytes)",hashes.SHAKE256(64),data)

except Exception as e:
    print(e)

In this case the input data is "00". Can you run the program again, and this time use the data input of "The quick brown fox jumps over the lazy dog". Prove that:

- MD5 hash value is "9e107d9d372bb6826bd81d3542a419d6"
- SHA-1 hash value is "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"
- SHA-256 hash value is "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592"

## HMAC

HMAC (hash-based message authentication code) supports the usage of a key to hash data. This key is kept secret between Bob and Alice, and can be used to authentication both the data and that the sender still knows the secret. Overall HMAC can be used with a range of different hashing methods, such as MD5, SHA-1, SHA-256 (SHA-2) and SHA-3. This page outlines the main HMAC methods used in the Hazmat cryptography layer. You can either enter as a hexademical string or an ASCII string, and the output is displayed in a hexademical and a Base-64 format.

In [3]:
from cryptography.hazmat.primitives import hashes, hmac
import binascii
import sys
from cryptography.hazmat.backends import default_backend

st = "The quick brown fox jumps over the lazy dog"
hex=False
showhex="No"
k="key"

def show_hmac(name,type,data,key):
  digest = hmac.HMAC(key, type,backend=default_backend())
  digest.update(data)
  res=digest.finalize()
  hex=binascii.b2a_hex(res).decode()
  b64=binascii.b2a_base64(res).decode()
  print (f"HMAC-{name}: {hex} {b64}")

if (showhex=="yes"): hex=True


try:
	if (hex==True): data = binascii.a2b_hex(st)
	else: data=st.encode()

	if (hex==True): key = binascii.a2b_hex(k)
	else: key=k.encode()

	print ("Data: ",st)
	print (" Hex: ",binascii.b2a_hex(data).decode())
	print ("Key: ",k)
	print (" Hex: ",binascii.b2a_hex(key).decode())
	print()

	show_hmac("Blake2p (64 bytes)",hashes.BLAKE2b(64),data,key)
	show_hmac("Blake2s (32 bytes)",hashes.BLAKE2s(32),data,key)
	show_hmac("MD5",hashes.MD5(),data,key)
	show_hmac("SHA1",hashes.SHA1(),data,key)	
	show_hmac("SHA224",hashes.SHA224(),data,key)
	show_hmac("SHA256",hashes.SHA256(),data,key)
	show_hmac("SHA384",hashes.SHA384(),data,key)
	show_hmac("SHA3_224",hashes.SHA3_224(),data,key)
	show_hmac("SHA3_256",hashes.SHA3_256(),data,key)
	show_hmac("SHA3_384",hashes.SHA3_384(),data,key)
	show_hmac("SHA3_512",hashes.SHA3_512(),data,key)
	show_hmac("SHA512",hashes.SHA512(),data,key)
	show_hmac("SHA512_224",hashes.SHA512_224(),data,key)
	show_hmac("SHA512_256",hashes.SHA512_256(),data,key)


except Exception as e:
    print(e)

Data:  The quick brown fox jumps over the lazy dog
 Hex:  54686520717569636b2062726f776e20666f78206a756d7073206f76657220746865206c617a7920646f67
Key:  key
 Hex:  6b6579

HMAC-Blake2p (64 bytes): 92294f92c0dfb9b00ec9ae8bd94d7e7d8a036b885a499f149dfe2fd2199394aaaf6b8894a1730cccb2cd050f9bcf5062a38b51b0dab33207f8ef35ae2c9df51b kilPksDfubAOya6L2U1+fYoDa4haSZ8Unf4v0hmTlKqva4iUoXMMzLLNBQ+bz1Bio4tRsNqzMgf47zWuLJ31Gw==

HMAC-Blake2s (32 bytes): f93215bb90d4af4c3061cd932fb169fb8bb8a91d0b4022baea1271e1323cd9a0 +TIVu5DUr0wwYc2TL7Fp+4u4qR0LQCK66hJx4TI82aA=

HMAC-MD5: 80070713463e7749b90c2dc24911e275 gAcHE0Y+d0m5DC3CSRHidQ==

HMAC-SHA1: de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9 3nybhbi3iqa8ino29wqQcBydtNk=

HMAC-SHA224: 88ff8b54675d39b8f72322e65ff945c52d96379988ada25639747e69 iP+LVGddObj3IyLmX/lFxS2WN5mIraJWOXR+aQ==

HMAC-SHA256: f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8 97yD9DBThCSxMpjmqm+xQ+9NWaFJRhdZl0edvC0aPNg=

HMAC-SHA384: d7f4727e2c0b39ae0f1e40cc96f60242d5b7801841cea6fc59

## HKDF

HKDF (HMAC Key Derivation Function) is used to generate an encryption key based on a password. We can use a range of hashing methods to dervie the encryption key. In this case we will use a range of hashing methods, and derive a key of a given size.

In [3]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.concatkdf import ConcatKDFHash,ConcatKDFHMAC
from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF
from cryptography.hazmat.backends import default_backend


import binascii
import sys

st = "00"
hex=False
showhex="No"
k="00"
length=16
slt=""

def show_hash(name,type,data,length,salt):

  hkdf = HKDF(algorithm=type, length=length,salt=salt, info=b"",backend=default_backend())
  mykey=hkdf.derive(data)
  hex=binascii.b2a_hex(mykey).decode()
  b64=binascii.b2a_base64(mykey).decode()
  print (f"HKDF {name}: {hex} {b64}")

def show_hash_pbkdf2(name,type,data,length,salt):

  hkdf = PBKDF2HMAC(algorithm=type, length=length,salt=salt, iterations=1000,backend=default_backend())
  mykey=hkdf.derive(data)
  hex=binascii.b2a_hex(mykey).decode()
  b64=binascii.b2a_base64(mykey).decode()
  print (f"HKDF {name}: {hex} {b64}")

def show_hash_scrypt(name,data,length,salt):

  hkdf = Scrypt(length=length,salt=salt,n=2**14,r=8, p=1,backend=default_backend())
  mykey=hkdf.derive(data)
  hex=binascii.b2a_hex(mykey).decode()
  b64=binascii.b2a_base64(mykey).decode()
  print (f"HKDF {name}: {hex} {b64}")

def show_hash_concat(name,type,data,length,salt):

  hkdf = ConcatKDFHash(algorithm=type, length=length,otherinfo=b"",backend=default_backend())
  mykey=hkdf.derive(data)
  hex=binascii.b2a_hex(mykey).decode()
  b64=binascii.b2a_base64(mykey).decode()
  print (f"HKDF {name}: {hex} {b64}")


if (showhex=="yes"): hex=True



try:
	if (hex==True): data = binascii.a2b_hex(st)
	else: data=st.encode()
	if (hex==True): salt = binascii.a2b_hex(slt)
	else: salt=slt.encode()


	print ("Key: ",st)
	print (" Hex: ",binascii.b2a_hex(data).decode())

	print ("Salt: ",slt)
	print (" Hex: ",binascii.b2a_hex(salt).decode())

	print()


	show_hash("Blake2p (64 bytes)",hashes.BLAKE2b(64),data,length,salt)
	show_hash("Blake2s (32 bytes)",hashes.BLAKE2s(32),data,length,salt)
	show_hash("MD5",hashes.MD5(),data,length,salt)
	show_hash("SHA1",hashes.SHA1(),data,length,salt)	
	show_hash("SHA224",hashes.SHA224(),data,length,salt)
	show_hash("SHA256",hashes.SHA256(),data,length,salt)
	show_hash("SHA384",hashes.SHA384(),data,length,salt)
	show_hash("SHA3_224",hashes.SHA3_224(),data,length,salt)
	show_hash("SHA3_256",hashes.SHA3_256(),data,length,salt)
	show_hash("SHA3_384",hashes.SHA3_384(),data,length,salt)
	show_hash("SHA3_512",hashes.SHA3_512(),data,length,salt)
	show_hash("SHA512",hashes.SHA512(),data,length,salt)
	show_hash("SHA512_224",hashes.SHA512_224(),data,length,salt)
	show_hash("SHA512_256",hashes.SHA512_256(),data,length,salt)
	show_hash_pbkdf2("PBKDF2",hashes.SHA256(),data,length,salt)
	show_hash_scrypt("Scrypt SHA256",data,length,salt)
	show_hash_concat("Concat SHA256",hashes.SHA256(),data,length,salt)

except Exception as e:
    print(e)

Key:  00
 Hex:  3030
Salt:  
 Hex:  

name 'default_backend' is not defined


## Symmetric Key

Symmetric key encryption involves the same key being used to encrypt and decrypt. Apart from ECB mode, we also normally apply a salt value known as an IV (Initialization Vector). The main modes are ECB (Electronic Code Book), CBC (Cipher Block Chaining), CTR (Counter), OFB (Output Feedback) and GCM (Galois/Counter Mode). In this case we will use the cryptography library in Python, and implement AES, Chacha20, Camellia, 3DES, IDEA, CAST5 and Blowfish. The Python program will use a random 256-bit encryption key, and a random 128-bit IV value. In most of the modes, we need to pad the plaintext to the size of the block (typically this is 128 bits or 16 bytes), but AES GCM mode we do not need to pad the cipher as it is a stream cipher.

In [11]:
import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes 
from cryptography.hazmat.primitives import padding
import sys
from cryptography.hazmat.backends import default_backend

import binascii

def go_encrypt(msg,method,mode):
  cipher = Cipher(method, mode,backend=default_backend())
  encryptor = cipher.encryptor()
  ct = encryptor.update(msg) + encryptor.finalize()
  return (ct)


def go_decrypt(ct,method,mode):
  cipher = Cipher(method, mode,backend=default_backend())
  decryptor = cipher.decryptor()
  return (decryptor.update(ct) + decryptor.finalize())

def go_encrypt_with_auth(msg,method,mode,add):
  cipher = Cipher(method, mode,backend=default_backend())
  encryptor = cipher.encryptor()
  encryptor.authenticate_additional_data(add)
  ct = encryptor.update(msg) + encryptor.finalize()
  return (ct,encryptor.tag)


def go_decrypt_with_auth(ct,method,mode,add):
  cipher = Cipher(method, mode,backend=default_backend())
  decryptor = cipher.decryptor()
  decryptor.authenticate_additional_data(add)
  pl=decryptor.update(ct) + decryptor.finalize()
  return (pl)

def pad(data,size=128):
  padder = padding.PKCS7(size).padder()
  padded_data = padder.update(data)
  padded_data += padder.finalize()
  return(padded_data)

def unpad(data,size=128):
  padder = padding.PKCS7(size).unpadder()
  unpadded_data = padder.update(data)
  unpadded_data += padder.finalize()
  return(unpadded_data)


key = os.urandom(32)
iv = os.urandom(16)
msg=b"Hello"
tag= b"Some data for the authentication tag"


print ("Message:\t",msg.decode())
print ("Key:\t",binascii.b2a_hex(key))
print ("IV:\t",binascii.b2a_hex(iv))

padded_data=pad(msg)


print ("\n\n=== AES ECB === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.ECB())

plain=go_decrypt(cipher,algorithms.AES(key), modes.ECB())
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CBC(iv))

print ("=== AES CBC === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CBC(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.CBC(iv))
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CBC(iv))

print ("=== AES OFB === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.OFB(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.OFB(iv))
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== AES CFB === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CFB(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.CFB(iv))
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== AES CTR === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CTR(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.CTR(iv))
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== AES GCM === ")
# In GCM mode we convert to a stream cipher, so there is no need for padding
cipher,auth_tag=go_encrypt_with_auth(msg,algorithms.AES(key), modes.GCM(iv),tag)

plain=go_decrypt_with_auth(cipher,algorithms.AES(key), modes.GCM(iv,auth_tag),tag)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {plain.decode()}")


print ("=== AES XTS === ")
# In XTS the iv value is known as a tweak - and relates to the sector number
# The keys are double length, so that a 32 byte key (256 bits) is actually AES-128
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.XTS(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.XTS(iv))
data=unpad(plain)
print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")


print ("\n=== Blowfish ECB === ")

cipher=go_encrypt(padded_data,algorithms.Blowfish(key), modes.ECB())

plain=go_decrypt(cipher,algorithms.Blowfish(key), modes.ECB())

data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== Blowfish CBC === ")

cipher=go_encrypt(padded_data,algorithms.Blowfish(key), modes.CBC(iv[:8]))

plain=go_decrypt(cipher,algorithms.Blowfish(key), modes.CBC(iv[:8]))

data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")


print ("\n=== ChaCha20 === ")

cipher=go_encrypt(msg,algorithms.ChaCha20(key,iv), None)

plain=go_decrypt(cipher,algorithms.ChaCha20(key,iv), None)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("\n=== 3DES ECB === ")
cipher=go_encrypt(padded_data,algorithms.TripleDES(key[:16]), modes.ECB())

plain=go_decrypt(cipher,algorithms.TripleDES(key[:16]), modes.ECB())

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== 3DES CBC === ")
cipher=go_encrypt(padded_data,algorithms.TripleDES(key[:16]), modes.CBC(iv[:8]))

plain=go_decrypt(cipher,algorithms.TripleDES(key[:16]), modes.CBC(iv[:8]))

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")


print ("\n=== Camellia ECB === ")
cipher=go_encrypt(padded_data,algorithms.Camellia(key), modes.ECB())

plain=go_decrypt(cipher,algorithms.Camellia(key), modes.ECB())

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")


print ("=== Camellia CBC === ")
cipher=go_encrypt(padded_data,algorithms.Camellia(key), modes.CBC(iv))

plain=go_decrypt(cipher,algorithms.Camellia(key), modes.CBC(iv))

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== IDEA ECB === ")
cipher=go_encrypt(padded_data,algorithms.IDEA(key[:16]), modes.ECB())

plain=go_decrypt(cipher,algorithms.IDEA(key[:16]), modes.ECB())

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== IDEA CBC === ")
cipher=go_encrypt(padded_data,algorithms.IDEA(key[:16]), modes.CBC(iv[:8]))

plain=go_decrypt(cipher,algorithms.IDEA(key[:16]), modes.CBC(iv[:8]))

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("\n=== CAST5 ECB === ")
cipher=go_encrypt(padded_data,algorithms.CAST5(key[:16]), modes.ECB())

plain=go_decrypt(cipher,algorithms.CAST5(key[:16]), modes.ECB())

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== CAST5 CBC === ")
cipher=go_encrypt(padded_data,algorithms.CAST5(key[:16]), modes.CBC(iv[:8]))

plain=go_decrypt(cipher,algorithms.CAST5(key[:16]), modes.CBC(iv[:8]))

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

Message:	 Hello
Key:	 b'75108231d759b576e9e26d74a69fac01de5412c427b01779fefe805640ee7756'
IV:	 b'b3c3f903d81e2f47a5bb9d6d7102c46a'


=== AES ECB === 
Cipher:  b'52710346abd34fdd302a33a103009310'
Decrypted: Hello
=== AES CBC === 
Cipher:  b'0b3e0cc6c8f580f8a658b69e9982e3a3'
Decrypted: Hello
=== AES OFB === 
Cipher:  b'3d2139534946484050cc14b3129cf67e'
Decrypted: Hello
=== AES CFB === 
Cipher:  b'3d2139534946484050cc14b3129cf67e'
Decrypted: Hello
=== AES CTR === 
Cipher:  b'3d2139534946484050cc14b3129cf67e'
Decrypted: Hello
=== AES GCM === 
Cipher:  b'5de7889741'
Decrypted: Hello
=== AES XTS === 
Cipher:  b'84b89b9f920d781443e6e959a278c800'
Decrypted: Hello

=== Blowfish ECB === 
Cipher:  b'53a677a4b06b48fc764539ff9b357a5a'
Decrypted: Hello
=== Blowfish CBC === 
Cipher:  b'e414ca26835d193aa1095c4b99656d87'
Decrypted: Hello

=== ChaCha20 === 
Cipher:  b'43d3ff9fd6'
Decrypted: Hello

=== 3DES ECB === 
Cipher:  b'1a6a67bbeb161e73b8df6e840a944b04'
Decrypted: Hello
=== 3DES CBC === 
Cipher:  

## RSA Keys 

With RSA, we have the magic of public key encryption, and where Bob can generate a key pair: a public key and a private key, and then send Alice his public key. If she wants to encrypt something for him, she encrypts it with his public key, and then the only key which can decrypt it is his private key. A truly wonderful concept, and it was Rivest, Shamir and Adleman who made it come alive with the RSA method. In RSA, we start by generating two prime numbers (p,q) and then calculate the modulus (N) of N=pq. It is this modulus (N) that provides the core of the security of RSA, and it must be difficult to determine the prime numbers for a given modulus value. Our prime numbers must thus be of a size that makes it difficult to factorize, and they must be randomly generated.

In [15]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
import sys
from cryptography.hazmat.backends import default_backend

size=512
M=5


try:
	print(f"RSA key size: {size}\nM={M}\n")

	private_key = rsa.generate_private_key(public_exponent=65537,key_size=size,backend=default_backend())

	priv= private_key.private_numbers()
	p=priv.p
	q=priv.q 
	d=priv.d
	n=p*q
	print("=== RSA Private key ===")
	print (f"p={p} q={q} d={d} N={n}")
	print (f"\nBit length of p and q is {p.bit_length()}")
	print (f"Bit length of N is {n.bit_length()}")

	print("\n=== RSA Public key ===")
	pub = private_key.public_key()
	e=pub.public_numbers().e
	n=pub.public_numbers().n
	print (f"\nN={n} e={e}")



	C = pow(M,e,n)
	Plain = pow(C,d,n)
	print (f"\nMessage={M}")
	print (f"Cipher={C}")
	print (f"Decrypt={Plain}")



	print("\n=== Private Key PEM format ===")
	pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())
	print ("Private key: ",pem.decode())


	pem = pub.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)

	print("\n=== Public Key PEM format ===")
	print ("Public key: ",pem.decode())

except Exception as e:
    print(e)

RSA key size: 512
M=5

=== RSA Private key ===
p=114240027289133679916853601188430818342505970058336223690127546253419301921291 q=106927850855783140995262884657855361840603034156020906226195283705417869958079 d=12056263550552130122923905739070666874031192187927860369377606874056401919958137436002088193238240131651226273674194799808471728408204851623607010221110053 N=12215440599733082136976701922011568649001781649277680148229058975388191837550991125104446323995201242037017634104455399946932098494548782067414314327559989

Bit length of p and q is 256
Bit length of N is 512

=== RSA Public key ===

N=12215440599733082136976701922011568649001781649277680148229058975388191837550991125104446323995201242037017634104455399946932098494548782067414314327559989 e=65537

Message=5
Cipher=8681388997006403186260644889804391620158460251057105492554241431796114500559026556435367120212960187799018356532032536157753321962365210361500584359919374
Decrypt=5

=== Private Key PEM format ===
Private key:  --

## RSA Key Formats

We need ways to distribute our public keys, private keys and digital certificates in a portable format. One of the most common forms is Distinguished Encoding Rules (DER) encoding of ASN.1. Overall it is truly binary representation of the encoded data. The other common format is PEM, and which converts the binary encoding into a text readable format. With PEM we can encode cryptographic infromation in a Base64 ASCII format and with plain-text headers and footers of "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----", whereas with DER we have binary format. In this page, we will read in a DER encoded hex string and determine its contents. 

In [2]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
import sys
import binascii
from cryptography.hazmat.backends import default_backend

size=512

try:
  private_key = rsa.generate_private_key(public_exponent=65537,key_size=size,backend=default_backend())


  pub = private_key.public_key()

  print("\n=== Private Key PEM format ===")
  pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())

  der= private_key.private_bytes(encoding=serialization.Encoding.DER,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())


  print ("\nPrivate key (PEM):\n",pem.decode())
  print ("\nPrivate key (DER):\n",binascii.b2a_hex(der).decode())


  pem = pub.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo).decode("utf-8")

  openssh = pub.public_bytes(encoding=serialization.Encoding.OpenSSH,format=serialization.PublicFormat.OpenSSH)


  print("\n=== Public Key format ===")

  der=''.join(pem.split('\n')[1:-2])
  print ("Public key (PEM):\n",pem)
  print ("\nPublic key (DER):\n",binascii.b2a_hex(binascii.a2b_base64(der)).decode())
  print ("\nPublic key (OpenSSL):\n",openssh.decode())

except Exception as e:
    print(e)

name 'default_backend' is not defined


## RSA Signatures

At the core of digital trust is the usage of digital signatures. With this we can verify the creator of the data, and also that it has not been modified. We do this using public key encryption, and in this article we will look at how we can use the hazmat primitives in the Python cryptograpy library. With public key encryption we create a key pair: a public key and a private key. If Alice is sending data to Bob, she can add her digital signature, and which will prove that she is the sender and also verify that the data has not been changed. She does this by signing the data with her private key, and then Bob can prove the signature with Alices's public key. In this example we will use RSA keys to sign a message, and then verify the correct signature, but verify that an incorrect signature will fail. 

In [5]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
from cryptography import exceptions
from cryptography.hazmat.backends import default_backend

import sys
import binascii

size=512
message = b"Hello world"


print("Message: ",message)
print("Key size: ",size)
try:
  private_key = rsa.generate_private_key(public_exponent=65537,key_size=size,backend=default_backend())


  pub = private_key.public_key()



  signature = private_key.sign(message,padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())

  print ("\nSignature: ",binascii.b2a_hex(signature).decode())

  try:
    rtn=pub.verify(signature,message,padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())
  except exceptions.InvalidSignature:
    print("A bad signature failed")
  else:
    print("Good signature verified")


  try:
    pub.verify(signature,b"test",padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())
  except exceptions.InvalidSignature:
    print("A bad signature failed")
  else:
    print("Bad signature verified")



  print ("\nVerified: ",rtn)
  print("\n=== Private Key PEM format ===")
  pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())


  print ("\nPrivate key (PEM):\n",pem.decode())


  pem = pub.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo).decode("utf-8")



  print("\n=== Public Key format ===")
  print ("Public key (PEM):\n",pem)


except Exception as e:
    print(e)

Message:  b'Hello world'
Key size:  512

Signature:  a01c26461569ecc39e6b66527789510d8a311f642e85c3bd7635a7974d1d58ac3d571439ed8fef4682df3c38759192f3bc255162be81e6c1c2b08fecbf7772da
Good signature verified
A bad signature failed

Verified:  None

=== Private Key PEM format ===

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA2Ywlcqf634Jsqt9Y
GJFKTDiXoYWuZ8zI4LqT9191ZpOqkUK4vaPwJONDx1rng4YDsclSMU7RFXesDRbi
a5ksuwIDAQABAkBm+RRcsjBojYa8Vt2PO25sp7j2Rp2oGmHXJdmWFQQwGcQGDBJv
Ct1se31q3aXK50/ATMdVkKuENL98G1YvSaLZAiEA8KGLf27nltaRpLt3/TiYVg7g
opp677t37V2w1MendiUCIQDncSvm0JxXh15wLX1rvIf4KM8n39hzlAL/t0GoT7Zx
XwIhAL8ajP8XxTU2E1UQzap9V/6AskZxCVF7QTNyRQ23wndBAiEAkEVu3XoLC1D6
IKlqtn8Wry4ZPD0Ae8O3PtpollfiXbcCIBGFaDpLQxDacjdJlQFQxO4EEtk4icLx
6uPLf87z2l7c
-----END PRIVATE KEY-----


=== Public Key format ===
Public key (PEM):
 -----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANmMJXKn+t+CbKrfWBiRSkw4l6GFrmfM
yOC6k/dfdWaTqpFCuL2j8CTjQ8da54OGA7HJUjFO

## RSA Encryption

With public-key encryption, we create a key pair: a public key and a private key. If Alice is sending data to Bob, she can add her digital signature, and which will prove that she is the sender and also verify that the data has not been changed. She does this by signing the data with her private key, and then Bob can prove the signature with Alice's public key. In this example, we will use RSA keys to sign a message, and then verify the correct signature, but verify that an incorrect signature will fail.

In [4]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
import binascii
import sys
from cryptography.hazmat.backends import default_backend


size=1024
message = b"Hello world"


print("Message: ",message)
print("Key size: ",size)
try:
  private_key = rsa.generate_private_key(public_exponent=65537,key_size=size,backend=default_backend())


  pub = private_key.public_key()

  ciphertext = pub.encrypt(message,padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),algorithm=hashes.SHA256(),label=None))

  print ("\nCiphertext:\n",binascii.b2a_hex(ciphertext).decode())

  plaintext = private_key.decrypt(ciphertext,padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),algorithm=hashes.SHA256(),label=None))
  print("\nDecrypted Message: ",plaintext.decode())

  print("\n=== Private Key PEM format ===")
  pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())


  print ("\nPrivate key (PEM):\n",pem.decode())


  pem = pub.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo).decode("utf-8")



  print("\n=== Public Key format ===")
  print ("Public key (PEM):\n",pem)


except Exception as e:
    print(e)

Message:  b'Hello world'
Key size:  1024

Ciphertext:
 a03bc31a7e3fca1abaecff8dd7a252def14ae50faeeb28989f69978acc71395059b4bdee36028dd3707418b21d08c2aec311165725ead1374551807c574ad425fa946475396f1abe4acba69da0ab1c71e417df74648f077f2d58e70eb88fa5123d96638e2ace9e6b9a3b46245d8f97bdba67c1c89a5c8b21ea75c2775a1d74e3

Decrypted Message:  Hello world

=== Private Key PEM format ===

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAM9h+pN2k/Vyrb24
uLh89E8QzoOXszBpkQYVqMTnZHcLpJarAcNmlP15Hx6YtDfQWL47FapqCWBbUr2E
gwFhzFZbIz4t8DnUROwQLAJcsz/aQ0zxEJUS8taOg9oFUvHYg7MdD2FnG30tEBSx
roXMT1Mt4RhxK9YA2+27gF0IHSA3AgMBAAECgYEAvSPjYbL4ZxfclfhvoPN17tap
QyOMbk8Z0a7Xah6QZnLb/f6hcRGSOUvKsiEb3PvMtFM3A2IKgzNHV0oQIaaMsWHC
XL8yeRLFpkTkWKWvfzaIdYj0VO5KTtsPtiJN4iaToZV/DVQjtADd2GdNRm26FCO4
8NLt8Z2LUojf/Bv3oQECQQDpPHLCV6CvzKBaFO2XmiN3y3TcGjpBfQ0hp8EnZX0P
T320exTt5KIoHqTc5tnYyZ6htBsAROjHq0tGn/jz2gjXAkEA45+RLsgae2KETcN9
F/sgXh46PajO7RRsDR3POdbkRwvYclvaxf6Tu0klY4PBAq6Fs5vC/O

## EC Key Generation

 With Elliptic Curve Cryptography we have a private key value, and where we generate a public key on the point on the curve.

In [8]:
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
import binascii
import sys
from cryptography.hazmat.backends import default_backend

private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())
type =1


if (type==1): private_key = ec.generate_private_key(ec.SECP192R1(),backend=default_backend())
elif (type==2): private_key = ec.generate_private_key(ec.SECP224R1(),backend=default_backend())
elif (type==3): private_key = ec.generate_private_key(ec.SECP256K1(),backend=default_backend())
elif (type==4): private_key = ec.generate_private_key(ec.SECP256R1(),backend=default_backend())
elif (type==5): private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())
elif (type==6): private_key = ec.generate_private_key(ec.SECP521R1(),backend=default_backend())
elif (type==7): private_key = ec.generate_private_key(ec.BrainpoolP256R1(),backend=default_backend())
elif (type==8): private_key = ec.generate_private_key(ec.BrainpoolP384R1(),backend=default_backend())
elif (type==9): private_key = ec.generate_private_key(ec.BrainpoolP512R1(),backend=default_backend())

vals = private_key.private_numbers()
no_bits=vals.private_value.bit_length()
print (f"Private key value: {vals.private_value}. Number of bits {no_bits}")

public_key = private_key.public_key()
vals=public_key.public_numbers()

enc_point=binascii.b2a_hex(vals.encode_point()).decode()

print (f"\nPublic key encoded point: {enc_point} \nx={enc_point[2:(len(enc_point)-2)//2+2]} \ny={enc_point[(len(enc_point)-2)//2+2:]}")


pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())

der = private_key.private_bytes(encoding=serialization.Encoding.DER,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())



print ("\nPrivate key (PEM):\n",pem.decode())
print ("Private key (DER):\n",binascii.b2a_hex(der))

pem = public_key.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)

der = public_key.public_bytes(encoding=serialization.Encoding.DER,format=serialization.PublicFormat.SubjectPublicKeyInfo)

print ("\nPublic key (PEM):\n",pem.decode())
print ("Public key (DER):\n",binascii.b2a_hex(der))

Private key value: 2043558419001729619814474899588981766865054577966515345132. Number of bits 191

Public key encoded point: 049fe6e8fe419a6b3f815955073a759f9fc0e28e932a568f04cc8e3ce05e188159211fecef2567922028016dedaf8afc37 
x=9fe6e8fe419a6b3f815955073a759f9fc0e28e932a568f04 
y=cc8e3ce05e188159211fecef2567922028016dedaf8afc37

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBhTV77TSCWX4CwtVKtr
7i8MjmzmeWNZ1uyhNAMyAASf5uj+QZprP4FZVQc6dZ+fwOKOkypWjwTMjjzgXhiB
WSEf7O8lZ5IgKAFt7a+K/Dc=
-----END PRIVATE KEY-----

Private key (DER):
 b'306f020100301306072a8648ce3d020106082a8648ce3d0301010455305302010104185357bed3482597e02c2d54ab6bee2f0c8e6ce6796359d6eca134033200049fe6e8fe419a6b3f815955073a759f9fc0e28e932a568f04cc8e3ce05e188159211fecef2567922028016dedaf8afc37'

Public key (PEM):
 -----BEGIN PUBLIC KEY-----
MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEn+bo/kGaaz+BWVUHOnWfn8DijpMq
Vo8EzI484F4YgVkhH+zvJWeSICgBbe2vivw3
-----END PUBLIC KEY-----

Public key (DER)



## ECDSA

With ECDSA (Elliptic Curve Digital Signature Algorithm) we use a private key to sign data, and then the public key can prove it. 

In [10]:
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography import exceptions
import binascii
import sys
from cryptography.hazmat.backends import default_backend

private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())

data = b"test"




if (type==1): private_key = ec.generate_private_key(ec.SECP192R1(),backend=default_backend())
elif (type==2): private_key = ec.generate_private_key(ec.SECP224R1(),backend=default_backend())
elif (type==3): private_key = ec.generate_private_key(ec.SECP256K1(),backend=default_backend())
elif (type==4): private_key = ec.generate_private_key(ec.SECP256R1(),backend=default_backend())
elif (type==5): private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())
elif (type==6): private_key = ec.generate_private_key(ec.SECP521R1(),backend=default_backend())
elif (type==7): private_key = ec.generate_private_key(ec.BrainpoolP256R1(),backend=default_backend())
elif (type==8): private_key = ec.generate_private_key(ec.BrainpoolP384R1(),backend=default_backend())
elif (type==9): private_key = ec.generate_private_key(ec.BrainpoolP512R1(),backend=default_backend())
elif (type==10): private_key = ec.generate_private_key(ec.SECT163K1(),backend=default_backend())
elif (type==11): private_key = ec.generate_private_key(ec.SECT163R2(),backend=default_backend())
elif (type==12): private_key = ec.generate_private_key(ec.SECT233K1(),backend=default_backend())
elif (type==13): private_key = ec.generate_private_key(ec.SECT233R1(),backend=default_backend())
elif (type==14): private_key = ec.generate_private_key(ec.SECT283K1(),backend=default_backend())
elif (type==15): private_key = ec.generate_private_key(ec.SECT233R1(),backend=default_backend())

private_vals = private_key.private_numbers()
no_bits=private_vals.private_value.bit_length()

print (f"Private key value: {private_vals.private_value}. Number of bits {no_bits}")

public_key = private_key.public_key()
pub=public_key.public_numbers()
print ("Name of curve: ",pub.curve.name)

print ("Message: ",data.decode())
try:

  signature = private_key.sign(data,ec.ECDSA(hashes.SHA256()))
  print ("Good Signature: ",binascii.b2a_hex(signature).decode())
  public_key.verify(signature, data, ec.ECDSA(hashes.SHA256()))
except exceptions.InvalidSignature:
  print("A bad signature failed")
else:
  print("Good signature verified")

try:

  signature = private_key.sign(b"bad message",ec.ECDSA(hashes.SHA256()))
  print ("Bad Signature: ",binascii.b2a_hex(signature).decode())
  public_key.verify(signature, data, ec.ECDSA(hashes.SHA256()))
except exceptions.InvalidSignature:
  print("A bad signature failed")
else:
  print("Good signature verified")



pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())

der = private_key.private_bytes(encoding=serialization.Encoding.DER,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())



print ("\nPrivate key (PEM):\n",pem.decode())
print ("Private key (DER):\n",binascii.b2a_hex(der))

pem = public_key.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)

der = public_key.public_bytes(encoding=serialization.Encoding.DER,format=serialization.PublicFormat.SubjectPublicKeyInfo)

print ("\nPublic key (PEM):\n",pem.decode())
print ("Public key (DER):\n",binascii.b2a_hex(der))

Private key value: 1520095257287423441745410468085985957586179605404446742156. Number of bits 190
Name of curve:  secp192r1
Message:  test
Good Signature:  3035021879910e82df6a069d6ab007172d6918daa880e3f218a42079021900b83ff8e14ec7b38c8895897da92f173eecc74f4691efbe39
Good signature verified
Bad Signature:  303402183b7c44b272e9c1a2774d6d3f58fa6ea59b12471af019c51702185f142f21ababddfec36d7fcecd131926fac644439ef21596
A bad signature failed

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBg9/oj1rAm7twxSu7fI
KoQDLwC+8tPR1oyhNAMyAASWY2aP00uyPh0Hu2nx82wwQUnxKbfKIvlJDwb6yAdc
k/BQmOyP55WPPZZ0tgqMXvk=
-----END PRIVATE KEY-----

Private key (DER):
 b'306f020100301306072a8648ce3d020106082a8648ce3d0301010455305302010104183dfe88f5ac09bbb70c52bbb7c82a84032f00bef2d3d1d68ca134033200049663668fd34bb23e1d07bb69f1f36c304149f129b7ca22f9490f06fac8075c93f05098ec8fe7958f3d9674b60a8c5ef9'

Public key (PEM):
 -----BEGIN PUBLIC KEY-----
MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDM

## EdDSA

With Ed25519 we use a private key to sign data, and then the public key can prove it. We use Curve 25519 for the generation of the public key and for the signing process. 

In [11]:
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography import exceptions
from cryptography.hazmat.primitives import serialization
import binascii
import sys

data=b"Test"


private_key = Ed25519PrivateKey.generate()
public_key = private_key.public_key()


public_key = private_key.public_key()

print ("Message: ",data.decode())
try:

  signature = private_key.sign(data)
  print ("Good Signature: ",binascii.b2a_hex(signature).decode())
  public_key.verify(signature, data)
except exceptions.InvalidSignature:
  print("A bad signature failed")
else:
  print("Good signature verified")

try:

  signature = private_key.sign(b"Bad data")
  print ("Bad Signature: ",binascii.b2a_hex(signature).decode())
  public_key.verify(signature, data)
except exceptions.InvalidSignature:
  print("A bad signature failed")
else:
  print("Good signature verified")



pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())

der = private_key.private_bytes(encoding=serialization.Encoding.DER,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())



print ("\nPrivate key (PEM):\n",pem.decode())
print ("Private key (DER):\n",binascii.b2a_hex(der))

pem = public_key.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)

der = public_key.public_bytes(encoding=serialization.Encoding.DER,format=serialization.PublicFormat.SubjectPublicKeyInfo)

print ("\nPublic key (PEM):\n",pem.decode())
print ("Public key (DER):\n",binascii.b2a_hex(der))

Message:  -f
Good Signature:  a3ad2f0a47b055120e6b07f1da5c46fcc29290f5eae89d45821a501ceeb7a509db2bfe881e156080511c24d1fdfa6cf58d2caab7eee2764a3502ce9004a0690a
Good signature verified
Bad Signature:  54d68b1e1dbcfb26af2b47fbbdecbe7e928c8af26544a3aacde3207cacd4ef0a2a454b3c87e3332c4ff0f352d2d10cfe534f72a4805f1e93476ca1abf9bd710a
A bad signature failed

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINmf90gJ2jkVT5AxJtOTLbaXkxe+9IifEjAdzCiEjJ7D
-----END PRIVATE KEY-----

Private key (DER):
 b'302e020100300506032b657004220420d99ff74809da39154f903126d3932db6979317bef4889f12301dcc28848c9ec3'

Public key (PEM):
 -----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAf1sbNhi9c3jtiF5dshrMDNEHExVcUC19ikVMofdXpEE=
-----END PUBLIC KEY-----

Public key (DER):
 b'302a300506032b65700321007f5b1b3618bd7378ed885e5db21acc0cd10713155c502d7d8a454ca1f757a441'
