One of the useful library for crypto primitives in Python is called cryptography. It contain both "secure" primitives and a "hazmat" layer. Overall the "hazmat" layer should be treated with care, as it could contain security vulnerabilities. In this case we will implement a number of hashing primitives with the "hazmat" layer.


## Hashing

Within hashing methods, we take data in the form of a byte array, and then create a fixed length hash value. For MD5, the length of the hash is 128 bits, for SHA-1 it is 160 bits, and for SHA-256, it is 256 bits. 

<img src='hash01.png' width="800px">

These hashes include MD5, SHA-1 and SHA-256. With MD5 we get a 128-bit output, and which is 32 hex characters. SHA-1 has an output of 160 bits, and SHA-256 has an output of 256 bits. MD5 should not be used in production environments as the method has weaknesses, along with the output hash begin too short. SHA-1, too, has been shown to have weaknesses, and thus we should use SHA-2 methods. These include SHA224, SHA-256, SHA-384 and SHA-512. A newer standard is known as SHA-3.  In the following we will use the hashing methods supported by the Hazmat primitive. You can change the input string by modifying Line 6, and replacing the string.

In [3]:
from cryptography.hazmat.primitives import hashes
import binascii
import sys
from cryptography.hazmat.backends import default_backend

st = "hello"


try:
    data=st.encode()

    digest = hashes.Hash(hashes.MD5(),backend=default_backend())
    digest.update(data)
    res=digest.finalize()
    hexval=binascii.b2a_hex(res).decode()
    b64val=binascii.b2a_base64(res).decode()


    print ("Data: ",st)
    print (" Hex: ",binascii.b2a_hex(data).decode())
    print (f"MD5: {hexval} {b64val}")

except Exception as e:
    print(e)

Data:  hello
 Hex:  68656c6c6f
MD5: 5d41402abc4b2a76b9719d911017c592 XUFAKrxLKna5cZ2REBfFkg==



Now modify the program above to give SHA1() and SHA255(). 

## 

In [1]:
from cryptography.hazmat.primitives import hashes
import binascii
import sys
from cryptography.hazmat.backends import default_backend

st = "hello"
hex=False
showhex="No"

def show_hash(name,type,data):
  digest = hashes.Hash(type,backend=default_backend())
  digest.update(data)
  res=digest.finalize()
  hex=binascii.b2a_hex(res).decode()
  b64=binascii.b2a_base64(res).decode()
  print (f"{name}: {hex} {b64}")

if (showhex=="yes"): hex=True

try:
	if (hex==True): data = binascii.a2b_hex(st)
	else: data=st.encode()


	print ("Data: ",st)
	print (" Hex: ",binascii.b2a_hex(data).decode())
	print()

	show_hash("Blake2p (64 bytes)",hashes.BLAKE2b(64),data)
	show_hash("Blake2s (32 bytes)",hashes.BLAKE2s(32),data)
	show_hash("MD5",hashes.MD5(),data)
	show_hash("SHA1",hashes.SHA1(),data)	
	show_hash("SHA224",hashes.SHA224(),data)
	show_hash("SHA256",hashes.SHA256(),data)
	show_hash("SHA384",hashes.SHA384(),data)
	show_hash("SHA3_224",hashes.SHA3_224(),data)
	show_hash("SHA3_256",hashes.SHA3_256(),data)
	show_hash("SHA3_384",hashes.SHA3_384(),data)
	show_hash("SHA3_512",hashes.SHA3_512(),data)
	show_hash("SHA512",hashes.SHA512(),data)
	show_hash("SHA512_224",hashes.SHA512_224(),data)
	show_hash("SHA512_256",hashes.SHA512_256(),data)
	show_hash("SHAKE128 (64 bytes)",hashes.SHAKE128(64),data)
	show_hash("SHAKE256 (64 bytes)",hashes.SHAKE256(64),data)

except Exception as e:
    print(e)

Data:  hello
 Hex:  68656c6c6f

Blake2p (64 bytes): e4cfa39a3d37be31c59609e807970799caa68a19bfaa15135f165085e01d41a65ba1e1b146aeb6bd0092b49eac214c103ccfa3a365954bbbe52f74a2b3620c94 5M+jmj03vjHFlgnoB5cHmcqmihm/qhUTXxZQheAdQaZboeGxRq62vQCStJ6sIUwQPM+jo2WVS7vlL3Sis2IMlA==

Blake2s (32 bytes): 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8997eb00be456f140ca25 GSE7rMWN7m294865pHy7Mws9hvjMqJl+sAvkVvFAyiU=

MD5: 5d41402abc4b2a76b9719d911017c592 XUFAKrxLKna5cZ2REBfFkg==

SHA1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d qvTGHdzF6KLavt4PO0gs2a6pQ00=

SHA224: ea09ae9cc6768c50fcee903ed054556e5bfc8347907f12598aa24193 6gmunMZ2jFD87pA+0FRVblv8g0eQfxJZiqJBkw==

SHA256: 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824 LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ=

SHA384: 59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f WeF0h3dEjGnea4ANejO7+5/xtGPkQ1TDVTvNucZm+pASWjx5+QOXvfX2oT3oKGhP

SHA3_224: b87f88c72702fff1748e58b87e9141a42c0dbedc29a78cb0d4

In this case the input data is "00". Can you run the program again, and this time use the data input of "The quick brown fox jumps over the lazy dog". Prove that:

- MD5 hash value is "9e107d9d372bb6826bd81d3542a419d6"
- SHA-1 hash value is "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12"
- SHA-256 hash value is "d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592"

## HMAC

HMAC (hash-based message authentication code) supports the usage of a key to hash data. This key is kept secret between Bob and Alice, and can be used to authentication both the data and that the sender still knows the secret. Overall HMAC can be used with a range of different hashing methods, such as MD5, SHA-1, SHA-256 (SHA-2) and SHA-3. This page outlines the main HMAC methods used in the Hazmat cryptography layer. You can either enter as a hexademical string or an ASCII string, and the output is displayed in a hexademical and a Base-64 format.

In [27]:
from cryptography.hazmat.primitives import hashes, hmac
import binascii
import sys
from cryptography.hazmat.backends import default_backend

st = "The quick brown fox jumps over the lazy dog"
hex=False
showhex="No"
k="key"

def show_hmac(name,type,data,key):
  digest = hmac.HMAC(key, type,backend=default_backend())
  digest.update(data)
  res=digest.finalize()
  hex=binascii.b2a_hex(res).decode()
  b64=binascii.b2a_base64(res).decode()
  print (f"HMAC-{name}: {hex} {b64}")

if (showhex=="yes"): hex=True


try:
	if (hex==True): data = binascii.a2b_hex(st)
	else: data=st.encode()

	if (hex==True): key = binascii.a2b_hex(k)
	else: key=k.encode()

	print ("Data: ",st)
	print (" Hex: ",binascii.b2a_hex(data).decode())
	print ("Key: ",k)
	print (" Hex: ",binascii.b2a_hex(key).decode())
	print()

	show_hmac("Blake2p (64 bytes)",hashes.BLAKE2b(64),data,key)
	show_hmac("Blake2s (32 bytes)",hashes.BLAKE2s(32),data,key)
	show_hmac("MD5",hashes.MD5(),data,key)
	show_hmac("SHA1",hashes.SHA1(),data,key)	
	show_hmac("SHA224",hashes.SHA224(),data,key)
	show_hmac("SHA256",hashes.SHA256(),data,key)
	show_hmac("SHA384",hashes.SHA384(),data,key)
	show_hmac("SHA3_224",hashes.SHA3_224(),data,key)
	show_hmac("SHA3_256",hashes.SHA3_256(),data,key)
	show_hmac("SHA3_384",hashes.SHA3_384(),data,key)
	show_hmac("SHA3_512",hashes.SHA3_512(),data,key)
	show_hmac("SHA512",hashes.SHA512(),data,key)
	show_hmac("SHA512_224",hashes.SHA512_224(),data,key)
	show_hmac("SHA512_256",hashes.SHA512_256(),data,key)


except Exception as e:
    print(e)

Data:  The quick brown fox jumps over the lazy dog
 Hex:  54686520717569636b2062726f776e20666f78206a756d7073206f76657220746865206c617a7920646f67
Key:  key
 Hex:  6b6579

HMAC-Blake2p (64 bytes): 92294f92c0dfb9b00ec9ae8bd94d7e7d8a036b885a499f149dfe2fd2199394aaaf6b8894a1730cccb2cd050f9bcf5062a38b51b0dab33207f8ef35ae2c9df51b kilPksDfubAOya6L2U1+fYoDa4haSZ8Unf4v0hmTlKqva4iUoXMMzLLNBQ+bz1Bio4tRsNqzMgf47zWuLJ31Gw==

HMAC-Blake2s (32 bytes): f93215bb90d4af4c3061cd932fb169fb8bb8a91d0b4022baea1271e1323cd9a0 +TIVu5DUr0wwYc2TL7Fp+4u4qR0LQCK66hJx4TI82aA=

HMAC-MD5: 80070713463e7749b90c2dc24911e275 gAcHE0Y+d0m5DC3CSRHidQ==

HMAC-SHA1: de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9 3nybhbi3iqa8ino29wqQcBydtNk=

HMAC-SHA224: 88ff8b54675d39b8f72322e65ff945c52d96379988ada25639747e69 iP+LVGddObj3IyLmX/lFxS2WN5mIraJWOXR+aQ==

HMAC-SHA256: f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8 97yD9DBThCSxMpjmqm+xQ+9NWaFJRhdZl0edvC0aPNg=

HMAC-SHA384: d7f4727e2c0b39ae0f1e40cc96f60242d5b7801841cea6fc59

## HKDF

HKDF (HMAC Key Derivation Function) is used to generate an encryption key based on a password. We can use a range of hashing methods to dervie the encryption key. In this case we will use a range of hashing methods, and derive a key of a given size.

In [28]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives.kdf.concatkdf import ConcatKDFHash,ConcatKDFHMAC
from cryptography.hazmat.primitives.kdf.x963kdf import X963KDF
from cryptography.hazmat.backends import default_backend


import binascii
import sys

st = "test"
hex=False
showhex="No"
k="00"
length=16
slt=""

def show_hash(name,type,data,length,salt):

  hkdf = HKDF(algorithm=type, length=length,salt=salt, info=b"",backend=default_backend())
  mykey=hkdf.derive(data)
  hex=binascii.b2a_hex(mykey).decode()
  b64=binascii.b2a_base64(mykey).decode()
  print (f"HKDF {name}: {hex} {b64}")

def show_hash_pbkdf2(name,type,data,length,salt):

  hkdf = PBKDF2HMAC(algorithm=type, length=length,salt=salt, iterations=1000,backend=default_backend())
  mykey=hkdf.derive(data)
  hex=binascii.b2a_hex(mykey).decode()
  b64=binascii.b2a_base64(mykey).decode()
  print (f"HKDF {name}: {hex} {b64}")

def show_hash_scrypt(name,data,length,salt):

  hkdf = Scrypt(length=length,salt=salt,n=2**14,r=8, p=1,backend=default_backend())
  mykey=hkdf.derive(data)
  hex=binascii.b2a_hex(mykey).decode()
  b64=binascii.b2a_base64(mykey).decode()
  print (f"HKDF {name}: {hex} {b64}")

def show_hash_concat(name,type,data,length,salt):

  hkdf = ConcatKDFHash(algorithm=type, length=length,otherinfo=b"",backend=default_backend())
  mykey=hkdf.derive(data)
  hex=binascii.b2a_hex(mykey).decode()
  b64=binascii.b2a_base64(mykey).decode()
  print (f"HKDF {name}: {hex} {b64}")


if (showhex=="yes"): hex=True



try:
	if (hex==True): data = binascii.a2b_hex(st)
	else: data=st.encode()
	if (hex==True): salt = binascii.a2b_hex(slt)
	else: salt=slt.encode()


	print ("Key: ",st)
	print (" Hex: ",binascii.b2a_hex(data).decode())

	print ("Salt: ",slt)
	print (" Hex: ",binascii.b2a_hex(salt).decode())

	print()


	show_hash("Blake2p (64 bytes)",hashes.BLAKE2b(64),data,length,salt)
	show_hash("Blake2s (32 bytes)",hashes.BLAKE2s(32),data,length,salt)
	show_hash("MD5",hashes.MD5(),data,length,salt)
	show_hash("SHA1",hashes.SHA1(),data,length,salt)	
	show_hash("SHA224",hashes.SHA224(),data,length,salt)
	show_hash("SHA256",hashes.SHA256(),data,length,salt)
	show_hash("SHA384",hashes.SHA384(),data,length,salt)
	show_hash("SHA3_224",hashes.SHA3_224(),data,length,salt)
	show_hash("SHA3_256",hashes.SHA3_256(),data,length,salt)
	show_hash("SHA3_384",hashes.SHA3_384(),data,length,salt)
	show_hash("SHA3_512",hashes.SHA3_512(),data,length,salt)
	show_hash("SHA512",hashes.SHA512(),data,length,salt)
	show_hash("SHA512_224",hashes.SHA512_224(),data,length,salt)
	show_hash("SHA512_256",hashes.SHA512_256(),data,length,salt)
	show_hash_pbkdf2("PBKDF2",hashes.SHA256(),data,length,salt)
	show_hash_scrypt("Scrypt SHA256",data,length,salt)
	show_hash_concat("Concat SHA256",hashes.SHA256(),data,length,salt)

except Exception as e:
    print(e)

Key:  test
 Hex:  74657374
Salt:  
 Hex:  

HKDF Blake2p (64 bytes): 8f372bc847c2940843f8086d4dbf5acf jzcryEfClAhD+AhtTb9azw==

HKDF Blake2s (32 bytes): 5bca0d548d6e85aafc2fbbec5a8093f5 W8oNVI1uhar8L7vsWoCT9Q==

HKDF MD5: c86c155b5dc28eddb37a95205a58662e yGwVW13Cjt2zepUgWlhmLg==

HKDF SHA1: a1dd66f74543371850b7a82d91530c7d od1m90VDNxhQt6gtkVMMfQ==

HKDF SHA224: 9b9dada7f6c2b48040ac2fa9677b1a27 m52tp/bCtIBArC+pZ3saJw==

HKDF SHA256: 578aa064bafda09ccd91c44698ae2537 V4qgZLr9oJzNkcRGmK4lNw==

HKDF SHA384: c5ef81301332c2adccdc102e5679de43 xe+BMBMywq3M3BAuVnneQw==

HKDF SHA3_224: ce525a89491a2de63946afcb681f35fe zlJaiUkaLeY5Rq/LaB81/g==

HKDF SHA3_256: dbca097bd653c24d7dcd35cf25e2de27 28oJe9ZTwk19zTXPJeLeJw==

HKDF SHA3_384: fa44e24b8e3e3de669ac7d6a5fc39161 +kTiS44+PeZprH1qX8ORYQ==

HKDF SHA3_512: ac0d3f9cc5bc50948f3ae4962968b6c6 rA0/nMW8UJSPOuSWKWi2xg==

HKDF SHA512: 818e212ef59c12d7102669739686d23a gY4hLvWcEtcQJmlzlobSOg==

HKDF SHA512_224: 647a9fb1447253c51200b3b404ed92a3 ZHqfsURyU8USALO

## Symmetric Key

Symmetric key encryption involves the same key being used to encrypt and decrypt. Apart from ECB mode, we also normally apply a salt value known as an IV (Initialization Vector). The main modes are ECB (Electronic Code Book), CBC (Cipher Block Chaining), CTR (Counter), OFB (Output Feedback) and GCM (Galois/Counter Mode). In this case we will use the cryptography library in Python, and implement AES, Chacha20, Camellia, 3DES, IDEA, CAST5 and Blowfish. The Python program will use a random 256-bit encryption key, and a random 128-bit IV value. In most of the modes, we need to pad the plaintext to the size of the block (typically this is 128 bits or 16 bytes), but AES GCM mode we do not need to pad the cipher as it is a stream cipher.

In [29]:
import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes 
from cryptography.hazmat.primitives import padding
import sys
from cryptography.hazmat.backends import default_backend

import binascii

def go_encrypt(msg,method,mode):
  cipher = Cipher(method, mode,backend=default_backend())
  encryptor = cipher.encryptor()
  ct = encryptor.update(msg) + encryptor.finalize()
  return (ct)


def go_decrypt(ct,method,mode):
  cipher = Cipher(method, mode,backend=default_backend())
  decryptor = cipher.decryptor()
  return (decryptor.update(ct) + decryptor.finalize())

def go_encrypt_with_auth(msg,method,mode,add):
  cipher = Cipher(method, mode,backend=default_backend())
  encryptor = cipher.encryptor()
  encryptor.authenticate_additional_data(add)
  ct = encryptor.update(msg) + encryptor.finalize()
  return (ct,encryptor.tag)


def go_decrypt_with_auth(ct,method,mode,add):
  cipher = Cipher(method, mode,backend=default_backend())
  decryptor = cipher.decryptor()
  decryptor.authenticate_additional_data(add)
  pl=decryptor.update(ct) + decryptor.finalize()
  return (pl)

def pad(data,size=128):
  padder = padding.PKCS7(size).padder()
  padded_data = padder.update(data)
  padded_data += padder.finalize()
  return(padded_data)

def unpad(data,size=128):
  padder = padding.PKCS7(size).unpadder()
  unpadded_data = padder.update(data)
  unpadded_data += padder.finalize()
  return(unpadded_data)


key = os.urandom(32)
iv = os.urandom(16)
msg=b"Hello"
tag= b"Some data for the authentication tag"


print ("Message:\t",msg.decode())
print ("Key:\t",binascii.b2a_hex(key))
print ("IV:\t",binascii.b2a_hex(iv))

padded_data=pad(msg)


print ("\n\n=== AES ECB === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.ECB())

plain=go_decrypt(cipher,algorithms.AES(key), modes.ECB())
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CBC(iv))

print ("=== AES CBC === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CBC(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.CBC(iv))
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CBC(iv))

print ("=== AES OFB === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.OFB(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.OFB(iv))
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== AES CFB === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CFB(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.CFB(iv))
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== AES CTR === ")
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.CTR(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.CTR(iv))
data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== AES GCM === ")
# In GCM mode we convert to a stream cipher, so there is no need for padding
cipher,auth_tag=go_encrypt_with_auth(msg,algorithms.AES(key), modes.GCM(iv),tag)

plain=go_decrypt_with_auth(cipher,algorithms.AES(key), modes.GCM(iv,auth_tag),tag)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {plain.decode()}")


print ("=== AES XTS === ")
# In XTS the iv value is known as a tweak - and relates to the sector number
# The keys are double length, so that a 32 byte key (256 bits) is actually AES-128
cipher=go_encrypt(padded_data,algorithms.AES(key), modes.XTS(iv))

plain=go_decrypt(cipher,algorithms.AES(key), modes.XTS(iv))
data=unpad(plain)
print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")


print ("\n=== Blowfish ECB === ")

cipher=go_encrypt(padded_data,algorithms.Blowfish(key), modes.ECB())

plain=go_decrypt(cipher,algorithms.Blowfish(key), modes.ECB())

data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== Blowfish CBC === ")

cipher=go_encrypt(padded_data,algorithms.Blowfish(key), modes.CBC(iv[:8]))

plain=go_decrypt(cipher,algorithms.Blowfish(key), modes.CBC(iv[:8]))

data=unpad(plain)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")


print ("\n=== ChaCha20 === ")

cipher=go_encrypt(msg,algorithms.ChaCha20(key,iv), None)

plain=go_decrypt(cipher,algorithms.ChaCha20(key,iv), None)

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("\n=== 3DES ECB === ")
cipher=go_encrypt(padded_data,algorithms.TripleDES(key[:16]), modes.ECB())

plain=go_decrypt(cipher,algorithms.TripleDES(key[:16]), modes.ECB())

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== 3DES CBC === ")
cipher=go_encrypt(padded_data,algorithms.TripleDES(key[:16]), modes.CBC(iv[:8]))

plain=go_decrypt(cipher,algorithms.TripleDES(key[:16]), modes.CBC(iv[:8]))

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")


print ("\n=== Camellia ECB === ")
cipher=go_encrypt(padded_data,algorithms.Camellia(key), modes.ECB())

plain=go_decrypt(cipher,algorithms.Camellia(key), modes.ECB())

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")


print ("=== Camellia CBC === ")
cipher=go_encrypt(padded_data,algorithms.Camellia(key), modes.CBC(iv))

plain=go_decrypt(cipher,algorithms.Camellia(key), modes.CBC(iv))

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== IDEA ECB === ")
cipher=go_encrypt(padded_data,algorithms.IDEA(key[:16]), modes.ECB())

plain=go_decrypt(cipher,algorithms.IDEA(key[:16]), modes.ECB())

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== IDEA CBC === ")
cipher=go_encrypt(padded_data,algorithms.IDEA(key[:16]), modes.CBC(iv[:8]))

plain=go_decrypt(cipher,algorithms.IDEA(key[:16]), modes.CBC(iv[:8]))

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("\n=== CAST5 ECB === ")
cipher=go_encrypt(padded_data,algorithms.CAST5(key[:16]), modes.ECB())

plain=go_decrypt(cipher,algorithms.CAST5(key[:16]), modes.ECB())

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

print ("=== CAST5 CBC === ")
cipher=go_encrypt(padded_data,algorithms.CAST5(key[:16]), modes.CBC(iv[:8]))

plain=go_decrypt(cipher,algorithms.CAST5(key[:16]), modes.CBC(iv[:8]))

print ("Cipher: ",binascii.b2a_hex(cipher))
print (f"Decrypted: {data.decode()}")

Message:	 Hello
Key:	 b'aadf6776193ecb603b0888f771372a974bd2dd755728b60a6e50a424149c506d'
IV:	 b'8ac6a7052ff4c7decffbfe56016dfb58'


=== AES ECB === 
Cipher:  b'3fc096adac58cb4d78bd9a8bb22bff20'
Decrypted: Hello
=== AES CBC === 
Cipher:  b'22659757540ac2a054217be0f8afbf07'
Decrypted: Hello
=== AES OFB === 
Cipher:  b'd4b745dc83d2860c5d5e404a0f4153a8'
Decrypted: Hello
=== AES CFB === 
Cipher:  b'd4b745dc83d2860c5d5e404a0f4153a8'
Decrypted: Hello
=== AES CTR === 
Cipher:  b'd4b745dc83d2860c5d5e404a0f4153a8'
Decrypted: Hello
=== AES GCM === 
Cipher:  b'004c28b9e7'
Decrypted: Hello
=== AES XTS === 
Cipher:  b'6f8d360d31d9b508b08ee7843f1b7839'
Decrypted: Hello

=== Blowfish ECB === 
Cipher:  b'1c2bee0ab72737122d7dbe9621dc5314'
Decrypted: Hello
=== Blowfish CBC === 
Cipher:  b'5de707152bec4c3baba6dfd7a5a498e6'
Decrypted: Hello

=== ChaCha20 === 
Cipher:  b'593cc1c0ea'
Decrypted: Hello

=== 3DES ECB === 
Cipher:  b'953eddfffc532a65f26d20f75ab04c2e'
Decrypted: Hello
=== 3DES CBC === 
Cipher:  

## RSA Keys 

With RSA, we have the magic of public key encryption, and where Bob can generate a key pair: a public key and a private key, and then send Alice his public key. If she wants to encrypt something for him, she encrypts it with his public key, and then the only key which can decrypt it is his private key. A truly wonderful concept, and it was Rivest, Shamir and Adleman who made it come alive with the RSA method. In RSA, we start by generating two prime numbers (p,q) and then calculate the modulus (N) of N=pq. It is this modulus (N) that provides the core of the security of RSA, and it must be difficult to determine the prime numbers for a given modulus value. Our prime numbers must thus be of a size that makes it difficult to factorize, and they must be randomly generated.

In [30]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
import sys
from cryptography.hazmat.backends import default_backend

size=512
M=5


try:
	print(f"RSA key size: {size}\nM={M}\n")

	private_key = rsa.generate_private_key(public_exponent=65537,key_size=size,backend=default_backend())

	priv= private_key.private_numbers()
	p=priv.p
	q=priv.q 
	d=priv.d
	n=p*q
	print("=== RSA Private key ===")
	print (f"p={p} q={q} d={d} N={n}")
	print (f"\nBit length of p and q is {p.bit_length()}")
	print (f"Bit length of N is {n.bit_length()}")

	print("\n=== RSA Public key ===")
	pub = private_key.public_key()
	e=pub.public_numbers().e
	n=pub.public_numbers().n
	print (f"\nN={n} e={e}")



	C = pow(M,e,n)
	Plain = pow(C,d,n)
	print (f"\nMessage={M}")
	print (f"Cipher={C}")
	print (f"Decrypt={Plain}")



	print("\n=== Private Key PEM format ===")
	pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())
	print ("Private key: ",pem.decode())


	pem = pub.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)

	print("\n=== Public Key PEM format ===")
	print ("Public key: ",pem.decode())

except Exception as e:
    print(e)

RSA key size: 512
M=5

=== RSA Private key ===
p=112348730429620639877796417123882277639038040535342553040767086879276412419821 q=92155777665904962212551010993484933028940220126341340734398071908398375669481 d=6263778883657297958855935652417113163573407845152428161324550093064436758598240812956596893172529387911188359735565611291416116716920992022501571046920673 N=10353584622518810974540125976757556190600278189809444990005474020761280028456228821861282001625396319723397236362216906788633083961288874311066054109182901

Bit length of p and q is 256
Bit length of N is 512

=== RSA Public key ===

N=10353584622518810974540125976757556190600278189809444990005474020761280028456228821861282001625396319723397236362216906788633083961288874311066054109182901 e=65537

Message=5
Cipher=9829217790948765279644728766276372285354553074993311287671162286192576871140412237212507484491410168581784121028506344220967642570481393995253596491253625
Decrypt=5

=== Private Key PEM format ===
Private key:  ----

## RSA Key Formats

We need ways to distribute our public keys, private keys and digital certificates in a portable format. One of the most common forms is Distinguished Encoding Rules (DER) encoding of ASN.1. Overall it is truly binary representation of the encoded data. The other common format is PEM, and which converts the binary encoding into a text readable format. With PEM we can encode cryptographic infromation in a Base64 ASCII format and with plain-text headers and footers of "-----BEGIN RSA PRIVATE KEY-----" and "-----END RSA PRIVATE KEY-----", whereas with DER we have binary format. In this page, we will read in a DER encoded hex string and determine its contents. 

In [31]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
import sys
import binascii
from cryptography.hazmat.backends import default_backend

size=512

try:
  private_key = rsa.generate_private_key(public_exponent=65537,key_size=size,backend=default_backend())


  pub = private_key.public_key()

  print("\n=== Private Key PEM format ===")
  pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())

  der= private_key.private_bytes(encoding=serialization.Encoding.DER,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())


  print ("\nPrivate key (PEM):\n",pem.decode())
  print ("\nPrivate key (DER):\n",binascii.b2a_hex(der).decode())


  pem = pub.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo).decode("utf-8")

  openssh = pub.public_bytes(encoding=serialization.Encoding.OpenSSH,format=serialization.PublicFormat.OpenSSH)


  print("\n=== Public Key format ===")

  der=''.join(pem.split('\n')[1:-2])
  print ("Public key (PEM):\n",pem)
  print ("\nPublic key (DER):\n",binascii.b2a_hex(binascii.a2b_base64(der)).decode())
  print ("\nPublic key (OpenSSL):\n",openssh.decode())

except Exception as e:
    print(e)


=== Private Key PEM format ===

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEA3jtd2vMWqvREEzsz
wF3vXk0krlkAqNtPojPn/yWtConlZQdOtBV9pTbUn4pQ/e0s9nxCHhnnpJBbuj+U
7q79OwIDAQABAkB/NgaMzfgc1gSd6Za/OEZMeeZUcxhAkIHuPL5BvMRoMeRECuNO
aIMGM6vCcWjt3/ntOvZdVOKKJPdVUIs4oOVBAiEA9v8pBL/6ac5O7G+40s74U9ld
CqRQgypz6ITKik2qohsCIQDmVR1P+GD43czWMPhtgPeXubKrzScsu2frZZuUV3fD
YQIhANw/3AvoRRxkY+xiE6Wn+biLc3Qx4bmU+Za2EwYRC79RAiEArHOVmsZwdGQ8
dTH9Dp+8wNC8QX08k3VM/SX6Mjq65IECIQC9fGTAE9Fjf1uzT8QLeU75OZS7t5Ic
uE9J1H0mM4vQlQ==
-----END PRIVATE KEY-----


Private key (DER):
 30820156020100300d06092a864886f70d0101010500048201403082013c020100024100de3b5ddaf316aaf444133b33c05def5e4d24ae5900a8db4fa233e7ff25ad0a89e565074eb4157da536d49f8a50fded2cf67c421e19e7a4905bba3f94eeaefd3b020301000102407f36068ccdf81cd6049de996bf38464c79e6547318409081ee3cbe41bcc46831e4440ae34e68830633abc27168eddff9ed3af65d54e28a24f755508b38a0e541022100f6ff2904bffa69ce4eec6fb8d2cef853d95d0aa450832a73e88

## RSA Signatures

At the core of digital trust is the usage of digital signatures. With this we can verify the creator of the data, and also that it has not been modified. We do this using public key encryption, and in this article we will look at how we can use the hazmat primitives in the Python cryptograpy library. With public key encryption we create a key pair: a public key and a private key. If Alice is sending data to Bob, she can add her digital signature, and which will prove that she is the sender and also verify that the data has not been changed. She does this by signing the data with her private key, and then Bob can prove the signature with Alices's public key. In this example we will use RSA keys to sign a message, and then verify the correct signature, but verify that an incorrect signature will fail. 

In [32]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
from cryptography import exceptions
from cryptography.hazmat.backends import default_backend

import sys
import binascii

size=512
message = b"Hello world"


print("Message: ",message)
print("Key size: ",size)
try:
  private_key = rsa.generate_private_key(public_exponent=65537,key_size=size,backend=default_backend())


  pub = private_key.public_key()



  signature = private_key.sign(message,padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())

  print ("\nSignature: ",binascii.b2a_hex(signature).decode())

  try:
    rtn=pub.verify(signature,message,padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())
  except exceptions.InvalidSignature:
    print("A bad signature failed")
  else:
    print("Good signature verified")


  try:
    pub.verify(signature,b"test",padding.PSS(mgf=padding.MGF1(hashes.SHA256()),salt_length=padding.PSS.MAX_LENGTH),hashes.SHA256())
  except exceptions.InvalidSignature:
    print("A bad signature failed")
  else:
    print("Bad signature verified")



  print ("\nVerified: ",rtn)
  print("\n=== Private Key PEM format ===")
  pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())


  print ("\nPrivate key (PEM):\n",pem.decode())


  pem = pub.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo).decode("utf-8")



  print("\n=== Public Key format ===")
  print ("Public key (PEM):\n",pem)


except Exception as e:
    print(e)

Message:  b'Hello world'
Key size:  512

Signature:  7d72d66677c070ae29dfb669438d9a63201bfa5079aecd1cfdd663cc7d9101783ba7606ac8a533a62307a7f0a48968a0b1066c37c6c53f09b0e8a528933ebaf8
Good signature verified
A bad signature failed

Verified:  None

=== Private Key PEM format ===

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEA7InAt++KFIM++jcD
nFNF061AFQVqum711Db08xM9uKANffBYHyAz1xq0oZWaJMi5eQ2cyynh6Fzs5VjO
o08rywIDAQABAkEAmUFPal17W3sF7NyELF8P2Oxhnr0Zv51xDYRmBLAsx1c9F3H9
aZapidNfVh4cvy+41ZusNBbIRiXva6Yry10P0QIhAP6Tyszy+hfizNBVbn2S00An
xdor5WD0K4tj+/zf/eu1AiEA7dwnLaeGNBEqTVYdqkQcUvpEk/7z4gB3bW7bM3JC
aX8CIGXBBvdiSwpPEdRXwWEZ1aw3+YIZt4ZIMjt1zFun4CNdAiEAiYZ0kIz/pzMV
hkl4NW3UApX4+Ki8Ubt7UaZ6zrANffkCIQDn+aMxkWX/KfaSm1IfLoY4HhUPdu3u
+Uj6iQKcOg55Jw==
-----END PRIVATE KEY-----


=== Public Key format ===
Public key (PEM):
 -----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAOyJwLfvihSDPvo3A5xTRdOtQBUFarpu
9dQ29PMTPbigDX3wWB8gM9catKGVmiTIuXkN

## RSA Encryption

With public-key encryption, we create a key pair: a public key and a private key. If Alice is sending data to Bob, she can add her digital signature, and which will prove that she is the sender and also verify that the data has not been changed. She does this by signing the data with her private key, and then Bob can prove the signature with Alice's public key. In this example, we will use RSA keys to sign a message, and then verify the correct signature, but verify that an incorrect signature will fail.

In [33]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
import binascii
import sys
from cryptography.hazmat.backends import default_backend


size=1024
message = b"Hello world"


print("Message: ",message)
print("Key size: ",size)
try:
  private_key = rsa.generate_private_key(public_exponent=65537,key_size=size,backend=default_backend())


  pub = private_key.public_key()

  ciphertext = pub.encrypt(message,padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),algorithm=hashes.SHA256(),label=None))

  print ("\nCiphertext:\n",binascii.b2a_hex(ciphertext).decode())

  plaintext = private_key.decrypt(ciphertext,padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),algorithm=hashes.SHA256(),label=None))
  print("\nDecrypted Message: ",plaintext.decode())

  print("\n=== Private Key PEM format ===")
  pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())


  print ("\nPrivate key (PEM):\n",pem.decode())


  pem = pub.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo).decode("utf-8")



  print("\n=== Public Key format ===")
  print ("Public key (PEM):\n",pem)


except Exception as e:
    print(e)

Message:  b'Hello world'
Key size:  1024

Ciphertext:
 2a4f5aad10de7c1d19dc1ade37790da0094654e744c63929d233d91c130a8f385bfe5784a65f0788eaed7ee7752d4c8894d80b03742db9e3cbe0d114a21d9736d1fff2dfd5deef73c39096c6c8237b5366b351ad1fd280d566c08e8d0c83107ab444aa8eb8803a7c71940f7beb5d09a0d932fe3ff6e2310f01b55325c9cc8ad1

Decrypted Message:  Hello world

=== Private Key PEM format ===

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALiTUvfWd5m/x8EN
766GfcmK1vpGHT/JR/bYPQeJsnmk49XAsVah+Mle5UXeOWOflwBcX4VVWh33OG4Z
wxqFxlaOhfYgSCL9TVqve0Qyp0xZVF7NgLb3vRfUaFa3Q9BhzsYJ5Ww+zkU/1A0i
yVqqZpoa53mh2tvn5kMqP3JUOvT3AgMBAAECgYB1pzs4zdW5BJ1g+vAwMHyX7s9w
Ayd71GLx/w6P8n74uVmdlFG2ZlK+kaXV7nxoe372dOtSg4CJH2AyFmveSS2OQ/MS
wLQqbQX913KKLX5oGhT3fSEwezCrTzy6vPGtYtaXpQlNoKnePde2aMf0WqwT6k4B
D1Nm+vt5cUzzYpK00QJBANszCxscDZaOcX/ldbANd/HcOvIrSH7/4IRJ3A9r9/tg
nwOeAjArUK2gwADBYxx7sBob68bxJ16pBEAIqbzvg18CQQDXkC6h7bxgtQCsDM3E
uaxyOUAWk2HuaMrx3oCTzUQotWHTWuQvAhHVmnD18Y5LewlW9l5ile

## EC Key Generation

 With Elliptic Curve Cryptography we have a private key value, and where we generate a public key on the point on the curve.

In [34]:
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
import binascii
import sys
from cryptography.hazmat.backends import default_backend

private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())
type =1


if (type==1): private_key = ec.generate_private_key(ec.SECP192R1(),backend=default_backend())
elif (type==2): private_key = ec.generate_private_key(ec.SECP224R1(),backend=default_backend())
elif (type==3): private_key = ec.generate_private_key(ec.SECP256K1(),backend=default_backend())
elif (type==4): private_key = ec.generate_private_key(ec.SECP256R1(),backend=default_backend())
elif (type==5): private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())
elif (type==6): private_key = ec.generate_private_key(ec.SECP521R1(),backend=default_backend())
elif (type==7): private_key = ec.generate_private_key(ec.BrainpoolP256R1(),backend=default_backend())
elif (type==8): private_key = ec.generate_private_key(ec.BrainpoolP384R1(),backend=default_backend())
elif (type==9): private_key = ec.generate_private_key(ec.BrainpoolP512R1(),backend=default_backend())

vals = private_key.private_numbers()
no_bits=vals.private_value.bit_length()
print (f"Private key value: {vals.private_value}. Number of bits {no_bits}")

public_key = private_key.public_key()
vals=public_key.public_numbers()

enc_point=binascii.b2a_hex(vals.encode_point()).decode()

print (f"\nPublic key encoded point: {enc_point} \nx={enc_point[2:(len(enc_point)-2)//2+2]} \ny={enc_point[(len(enc_point)-2)//2+2:]}")


pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())

der = private_key.private_bytes(encoding=serialization.Encoding.DER,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())



print ("\nPrivate key (PEM):\n",pem.decode())
print ("Private key (DER):\n",binascii.b2a_hex(der))

pem = public_key.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)

der = public_key.public_bytes(encoding=serialization.Encoding.DER,format=serialization.PublicFormat.SubjectPublicKeyInfo)

print ("\nPublic key (PEM):\n",pem.decode())
print ("Public key (DER):\n",binascii.b2a_hex(der))

Private key value: 3630644299349730984070910194452467201303606494471675822755. Number of bits 192

Public key encoded point: 04274ba26bf8609960680c36f9b79a06edbd42a9e0c72a3982d96e8f8afd464cd2595932a8965529eb349f4be3bd80fc78 
x=274ba26bf8609960680c36f9b79a06edbd42a9e0c72a3982 
y=d96e8f8afd464cd2595932a8965529eb349f4be3bd80fc78

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBiUEbH1TI2+P5I68DpZ
aRptXNHO9/R1wqOhNAMyAAQnS6Jr+GCZYGgMNvm3mgbtvUKp4McqOYLZbo+K/UZM
0llZMqiWVSnrNJ9L472A/Hg=
-----END PRIVATE KEY-----

Private key (DER):
 b'306f020100301306072a8648ce3d020106082a8648ce3d0301010455305302010104189411b1f54c8dbe3f923af03a59691a6d5cd1cef7f475c2a3a13403320004274ba26bf8609960680c36f9b79a06edbd42a9e0c72a3982d96e8f8afd464cd2595932a8965529eb349f4be3bd80fc78'

Public key (PEM):
 -----BEGIN PUBLIC KEY-----
MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEJ0uia/hgmWBoDDb5t5oG7b1CqeDH
KjmC2W6Piv1GTNJZWTKollUp6zSfS+O9gPx4
-----END PUBLIC KEY-----

Public key (DER)



## ECDSA

With ECDSA (Elliptic Curve Digital Signature Algorithm) we use a private key to sign data, and then the public key can prove it. 

In [35]:
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography import exceptions
import binascii
import sys
from cryptography.hazmat.backends import default_backend

private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())

data = b"test"




if (type==1): private_key = ec.generate_private_key(ec.SECP192R1(),backend=default_backend())
elif (type==2): private_key = ec.generate_private_key(ec.SECP224R1(),backend=default_backend())
elif (type==3): private_key = ec.generate_private_key(ec.SECP256K1(),backend=default_backend())
elif (type==4): private_key = ec.generate_private_key(ec.SECP256R1(),backend=default_backend())
elif (type==5): private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())
elif (type==6): private_key = ec.generate_private_key(ec.SECP521R1(),backend=default_backend())
elif (type==7): private_key = ec.generate_private_key(ec.BrainpoolP256R1(),backend=default_backend())
elif (type==8): private_key = ec.generate_private_key(ec.BrainpoolP384R1(),backend=default_backend())
elif (type==9): private_key = ec.generate_private_key(ec.BrainpoolP512R1(),backend=default_backend())
elif (type==10): private_key = ec.generate_private_key(ec.SECT163K1(),backend=default_backend())
elif (type==11): private_key = ec.generate_private_key(ec.SECT163R2(),backend=default_backend())
elif (type==12): private_key = ec.generate_private_key(ec.SECT233K1(),backend=default_backend())
elif (type==13): private_key = ec.generate_private_key(ec.SECT233R1(),backend=default_backend())
elif (type==14): private_key = ec.generate_private_key(ec.SECT283K1(),backend=default_backend())
elif (type==15): private_key = ec.generate_private_key(ec.SECT233R1(),backend=default_backend())

private_vals = private_key.private_numbers()
no_bits=private_vals.private_value.bit_length()

print (f"Private key value: {private_vals.private_value}. Number of bits {no_bits}")

public_key = private_key.public_key()
pub=public_key.public_numbers()
print ("Name of curve: ",pub.curve.name)

print ("Message: ",data.decode())
try:

  signature = private_key.sign(data,ec.ECDSA(hashes.SHA256()))
  print ("Good Signature: ",binascii.b2a_hex(signature).decode())
  public_key.verify(signature, data, ec.ECDSA(hashes.SHA256()))
except exceptions.InvalidSignature:
  print("A bad signature failed")
else:
  print("Good signature verified")

try:

  signature = private_key.sign(b"bad message",ec.ECDSA(hashes.SHA256()))
  print ("Bad Signature: ",binascii.b2a_hex(signature).decode())
  public_key.verify(signature, data, ec.ECDSA(hashes.SHA256()))
except exceptions.InvalidSignature:
  print("A bad signature failed")
else:
  print("Good signature verified")



pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())

der = private_key.private_bytes(encoding=serialization.Encoding.DER,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())



print ("\nPrivate key (PEM):\n",pem.decode())
print ("Private key (DER):\n",binascii.b2a_hex(der))

pem = public_key.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)

der = public_key.public_bytes(encoding=serialization.Encoding.DER,format=serialization.PublicFormat.SubjectPublicKeyInfo)

print ("\nPublic key (PEM):\n",pem.decode())
print ("Public key (DER):\n",binascii.b2a_hex(der))

Private key value: 160626563976540189495943736054304750745227706372132630961. Number of bits 187
Name of curve:  secp192r1
Message:  test
Good Signature:  3035021900ac784db5375d7dbaa0e6fd65c9a5989607c6690137858fd902183184f8b2c6623f6f804626e7a3b15127fcc9207a351c6d9b
Good signature verified
Bad Signature:  30360219008e4fb8ac4aab1855244f1b1accaa2a4fce0e1f517f8f9c7a021900f04f3a57e1b6993fadcc6513728450c32224ab98a1e66612
A bad signature failed

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MG8CAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQEEVTBTAgEBBBgGjQUC/sMgw8QB2LHu
vF0dXNvjB6rS8bGhNAMyAASEZ+IePhukhmGRnvfSLy0ji98tlNj5DNSkMwMIUrx8
CdS0Tvu3N79JAKyBUynLEWI=
-----END PRIVATE KEY-----

Private key (DER):
 b'306f020100301306072a8648ce3d020106082a8648ce3d030101045530530201010418068d0502fec320c3c401d8b1eebc5d1d5cdbe307aad2f1b1a134033200048467e21e3e1ba48661919ef7d22f2d238bdf2d94d8f90cd4a433030852bc7c09d4b44efbb737bf4900ac815329cb1162'

Public key (PEM):
 -----BEGIN PUBLIC KEY-----
MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQ

## EdDSA

With Ed25519 we use a private key to sign data, and then the public key can prove it. We use Curve 25519 for the generation of the public key and for the signing process. 

In [36]:
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography import exceptions
from cryptography.hazmat.primitives import serialization
import binascii
import sys

data=b"Test"


private_key = Ed25519PrivateKey.generate()
public_key = private_key.public_key()


public_key = private_key.public_key()

print ("Message: ",data.decode())
try:

  signature = private_key.sign(data)
  print ("Good Signature: ",binascii.b2a_hex(signature).decode())
  public_key.verify(signature, data)
except exceptions.InvalidSignature:
  print("A bad signature failed")
else:
  print("Good signature verified")

try:

  signature = private_key.sign(b"Bad data")
  print ("Bad Signature: ",binascii.b2a_hex(signature).decode())
  public_key.verify(signature, data)
except exceptions.InvalidSignature:
  print("A bad signature failed")
else:
  print("Good signature verified")



pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())

der = private_key.private_bytes(encoding=serialization.Encoding.DER,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())



print ("\nPrivate key (PEM):\n",pem.decode())
print ("Private key (DER):\n",binascii.b2a_hex(der))

pem = public_key.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)

der = public_key.public_bytes(encoding=serialization.Encoding.DER,format=serialization.PublicFormat.SubjectPublicKeyInfo)

print ("\nPublic key (PEM):\n",pem.decode())
print ("Public key (DER):\n",binascii.b2a_hex(der))

Message:  Test
Good Signature:  cd8e49fc998f84da067fd36bfad3449e24f9474dd77784848904e3ac79e973e28468fa97df86c586b3316e7455286cb44c9e49b7029bd4e562ff662fcaec6a04
Good signature verified
Bad Signature:  a56d372bc73b7dac5d2fc255c2f84c07aa7e481dcd14ccf24379ced8cfab1bb7b797c868aeacd44901630f2642fc24f5820aabf11d05dea4f83f49c65c16d60d
A bad signature failed

Private key (PEM):
 -----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIMzGFs3ILNc9eI/fI66GbY2DWlkZc143RXV2QVvn8EeE
-----END PRIVATE KEY-----

Private key (DER):
 b'302e020100300506032b657004220420ccc616cdc82cd73d788fdf23ae866d8d835a5919735e37457576415be7f04784'

Public key (PEM):
 -----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEADUjqNOJsYtTi5hXa4M/aTRs47YeB0cm10Lf/OOKzoa8=
-----END PUBLIC KEY-----

Public key (DER):
 b'302a300506032b65700321000d48ea34e26c62d4e2e615dae0cfda4d1b38ed8781d1c9b5d0b7ff38e2b3a1af'


## Hazmat Fernet Tokens with Scrypt

Fernet is a symmetric encryption method which makes sure that the message encrypted cannot be manipulated/read without the key. It uses URL safe encoding for the keys. Fernet also uses 128-bit AES in CBC mode and PKCS7 padding, with HMAC using SHA256 for authentication. The IV is created from os.random(). All of this is the kind of thing that good software needs. AES is top drawer encryption, and SHA-256 avoids many of the problems caused by MD5 and SHA-1 (as the length of the hash values is too small). With CBC (Cipher Block Chaining) we get a salted output, and which is based on a random value (the IV value). And with HMAC we can provide authenticated access from both sides. In this case we will use scrypt to generate the encryption key from a salt value and a password. To generate the same encryption key we need the salt value and the password. 

In [37]:
from cryptography.fernet import Fernet

from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
from cryptography.hazmat.backends import default_backend
import sys
import binascii
import base64
import os

password="hello"
val="hello world"


def get_key(password):
  salt = os.urandom(16)
  length=32
  kdf = Scrypt(length=length,salt=salt,n=2**14,r=8, p=1,backend=default_backend())
  key=base64.urlsafe_b64encode(kdf.derive(password))
  return (key,salt)



(key,salt) = get_key(password.encode())


print("Password:\t",password)
print("Key: ",binascii.hexlify(bytearray(key)))
print("Salt:\t",binascii.hexlify(salt))

cipher_suite = Fernet(key)
cipher_text = cipher_suite.encrypt(val.encode())

print ("\nToken: ",cipher_text.decode())

cipher=binascii.hexlify(bytearray(cipher_text))
print("\nToken (Hex): ",cipher)

print("\nVersion:\t",cipher[0:2])
print("Time stamp:\t",cipher[2:18])
print("IV:\t\t",cipher[18:50])
print("HMAC:\t\t",cipher[-64:])

plain_text = cipher_suite.decrypt(cipher_text)
print("\nPlain text: ",plain_text.decode())

Password:	 hello
Key:  b'52386c5f517464544255596f7a45756f6b6a7671495f626953525a4a614e37747a493531307554334b39383d'
Salt:	 b'52a1a406fe490ee3b5dffbfc59ef7c28'

Token:  gAAAAABg-cv2ctjwShNXke7J8XzjUZB7WnvPBH5YlOsHt7zjx3X8QTSVBXfOD1dOBVOEza5yVhR_q6q8uf9A-NTOqNHS20q-Ug==

Token (Hex):  b'67414141414142672d63763263746a7753684e586b65374a38587a6a555a4237576e7650424835596c4f734874377a6a78335838515453564258664f4431644f42564f457a6135795668525f71367138756639412d4e544f714e48533230712d55673d3d'

Version:	 b'67'
Time stamp:	 b'414141414142672d'
IV:		 b'63763263746a7753684e586b65374a38'
HMAC:		 b'7a6135795668525f71367138756639412d4e544f714e48533230712d55673d3d'

Plain text:  hello world


## ECDH

In the Diffie-Hellman (DH) key exchange method, we have a base of g and a shared prime number of p, and where Bob generates a random value of b and Alice generates a random value of a. Bob sends B=gb(modp) to Alice, and Alice sends A=ga(modp) to Bob. Alice then generates the shared key of Ba(modp) and Bob generates the same shared key of Ab(modp). The shared key is actually gab(modp). With ECDH (Elliptic Curve Diffie Hellman) Bob generates a random value of b and Alice generates a random value of a. Bob then sends Alice the public key point of B=bG and Alice sends Bob the point key point of A=aG, and where G is the base point on the curve. Bob then computes bA and Alice computes aB. They should get the same point and which is abG

In [38]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.backends import default_backend
import binascii
import sys

Bob_private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())

Alice_private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())
size=32 # 256 bit key


if (type==1): 
  Bob_private_key = ec.generate_private_key(ec.SECP192R1(),backend=default_backend())
  Alice_private_key = ec.generate_private_key(ec.SECP192R1(),backend=default_backend())
elif (type==2): 
  Bob_private_key = ec.generate_private_key(ec.SECP224R1(),backend=default_backend())
  Alice_private_key = ec.generate_private_key(ec.SECP224R1(),backend=default_backend())  
elif (type==3): 
  Bob_private_key = ec.generate_private_key(ec.SECP256K1(),backend=default_backend())
  Alice_private_key = ec.generate_private_key(ec.SECP256K1(),backend=default_backend())
elif (type==4): 
  Bob_private_key = ec.generate_private_key(ec.SECP256R1(),backend=default_backend())
  Alice_private_key = ec.generate_private_key(ec.SECP256R1(),backend=default_backend())  
elif (type==5): 
  Bob_private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())
  Alice_private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())  
elif (type==6): 
  Bob_private_key = ec.generate_private_key(ec.SECP521R1(),backend=default_backend())
  Alice_private_key = ec.generate_private_key(ec.SECP521R1(),backend=default_backend())  
elif (type==7): 
  Bob_private_key = ec.generate_private_key(ec.BrainpoolP256R1(),backend=default_backend())
  Alice_private_key = ec.generate_private_key(ec.BrainpoolP256R1(),backend=default_backend())  
elif (type==8): 
  Bob_private_key = ec.generate_private_key(ec.BrainpoolP384R1(),backend=default_backend())
  Alice_private_key = ec.generate_private_key(ec.BrainpoolP384R1(),backend=default_backend())
elif (type==9): 
  Bob_private_key = ec.generate_private_key(ec.BrainpoolP512R1(),backend=default_backend())
  Alice_private_key = ec.generate_private_key(ec.BrainpoolP512R1(),backend=default_backend())


Bob_shared_key = Bob_private_key.exchange(ec.ECDH(), Alice_private_key.public_key())

Bob_derived_key = HKDF(algorithm=hashes.SHA256(),length=size,salt=None,info=b'',backend=default_backend()).derive(Bob_shared_key)

Alice_shared_key = Alice_private_key.exchange(ec.ECDH(), Bob_private_key.public_key())

Alice_derived_key = HKDF(algorithm=hashes.SHA256(),length=size,salt=None,info=b'',backend=default_backend()).derive(Alice_shared_key)

print ("Name of curve: ",Bob_private_key.public_key().curve.name)
print (f"Generated key size: {size} bytes ({size*8} bits)")

vals = Bob_private_key.private_numbers()
print (f"\nBob private key value: {vals.private_value}")
vals=Bob_private_key.public_key().public_numbers()
enc_point=binascii.b2a_hex(vals.encode_point()).decode()
print("Bob's public key: ",enc_point)

vals = Alice_private_key.private_numbers()
print (f"\nAlice private key value: {vals.private_value}")
vals=Alice_private_key.public_key().public_numbers()
enc_point=binascii.b2a_hex(vals.encode_point()).decode()
print("Alice's public key: ",enc_point)


print ("\nBob's derived key: ",binascii.b2a_hex(Bob_derived_key).decode())
print("Alice's derived key: ",binascii.b2a_hex(Alice_derived_key).decode())

Name of curve:  secp192r1
Generated key size: 32 bytes (256 bits)

Bob private key value: 516409146083662137777682648454032442986549297002505244454
Bob's public key:  04d6237b0e9eb7e3a274d30ec02a7703e2c273d395b6cfd4ddb11252821397b2915e85fbcad0c936ffcf5a5672cbd40d34

Alice private key value: 1305313143458367869975839313320452127510331684066670606674
Alice's public key:  040abb9fe5d0b5848a37125cbe53f306b69e6e777765449bd4f062ed168f03d67c18067fe042a03b3ee52eca51c4ddc2ff

Bob's derived key:  9f7bcf773b26264fbc39a8f37d85ac76e6b610f8575f5bb6b04790d3951427bd
Alice's derived key:  9f7bcf773b26264fbc39a8f37d85ac76e6b610f8575f5bb6b04790d3951427bd




## Hazmat Key wrapping (RFC 3394 and RFC 5649)

The protection of encryption keys is important, and where they often have to be protected. This is especially important for symmetric keys and the private key of a public key pair. One standard for this is RFC 5649 [here], and which supports Advanced Encryption Standard (AES) Key Wrap algorithm [AES-KW1, AES-KW2]. We then use an AES key-encryption key (KEK) with a length of 128, 192, or 256 bits, and where we will get 64-bit blocks as an output. We can then encrypt data with a key (K1
) and which will then be wrapped to give WRAP(K1). To decrypt, we then need the KEK to recover K1. The unwrapping process also checks the integrity of the key. One method is to perhaps use a production environment, and where the keys are stored and wrapped within a Cloud-based system. The KEK will then be protected from access, and used to produce the actual encrytion key [article]. This page uses the Hazmat implementation of [RFC 3394]. With RFC 3394, the length of the key to be wrapped needs to be a multiple of 64 bits, whereas RFC 5549 eliminates this. For the KEK, we either need 128 bits, 192 bits or 256 bits. For this we will use a key derivation function (HKDF) to generate a 16 byte (128 bit) key. 

In [9]:
from cryptography.hazmat.primitives import keywrap
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend

import binascii
import os
import sys

password="qwerty123"

password=password.encode()

hkdf = HKDF(algorithm=hashes.SHA256(), length=32,salt=b"", info=b"",backend=default_backend())
wrappingkey=hkdf.derive(password)

key=os.urandom(16)

print ("\n==Now trying without padding (RFC 3394) ==")

wrappedkey=keywrap.aes_key_wrap(wrappingkey,key, backend=default_backend())

print ("Password: ",password)

print ("\nKey: ",binascii.b2a_hex(key))
print ("\nWrapped key: ",binascii.b2a_hex(wrappedkey))

rtn=keywrap.aes_key_unwrap(wrappingkey, wrappedkey,  backend=default_backend())

print ("\nKey recovered: ",binascii.b2a_hex(rtn))

print ("\n==Now trying with padding (RFC 5549 ) ==")


wrappedkey=keywrap.aes_key_wrap_with_padding(wrappingkey,key, backend=default_backend())



print ("\nKey: ",binascii.b2a_hex(key))
print ("\nWrapped key: ",binascii.b2a_hex(wrappedkey))

rtn=keywrap.aes_key_unwrap_with_padding(wrappingkey, wrappedkey,  backend=default_backend())

print ("\nKey recovered: ",binascii.b2a_hex(rtn))





==Now trying without padding (RFC 3394) ==
Password:  b'qwerty123'

Key:  b'a746a9ce94992c6cd10e488207181887'

Wrapped key:  b'93a9c8eb05ee16759f26be3af3482e7c6547cbfe8409eba9'

Key recovered:  b'a746a9ce94992c6cd10e488207181887'

==Now trying with padding (RFC 5549 ) ==

Key:  b'a746a9ce94992c6cd10e488207181887'

Wrapped key:  b'62c7ec4c3396fcd766b7897b630204e52bc562af4a75294d'

Key recovered:  b'a746a9ce94992c6cd10e488207181887'


## Hazmat Key wrapping for RSA private key

[Back] The protection of encryption keys is important, and where they often have to be protected. This is especially important for symmetric keys and the private key of a public key pair. One standard for this is RFC 5649 [here], and which supports Advanced Encryption Standard (AES) Key Wrap algorithm [AES-KW1, AES-KW2]. We then use an AES key-encryption key (KEK) with a length of 128, 192, or 256 bits, and where we will get 64-bit blocks as an output. We can then encrypt data with a key (K1) and which will then be wrapped to give WRAP(K1). To decrypt, we then need the KEK to recover K1. The unwrapping process also checks the integrity of the key. One method is to perhaps use a production environment, and where the keys are stored and wrapped within a Cloud-based system. The KEK will then be protected from access, and used to produce the actual encrytion key [article]. This page uses the Hazmat implementation of [RFC 3394]. With RFC 3394, the length of the key to be wrapped needs to be a multiple of 64 bits, whereas RFC 5549 eliminates this. For the KEK, we either need 128 bits, 192 bits or 256 bits. For this we will use a key derivation function (HKDF) to generate a 16 byte (128 bit) key. In this case we will wrap an RSA private key. 

In [14]:
from cryptography.hazmat.primitives import keywrap
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend

import binascii
import sys

size=512

password="qwerty123"

print ("Password: ",password)

password=password.encode()

hkdf = HKDF(algorithm=hashes.SHA256(), length=32,salt=b"", info=b"",backend=default_backend())
wrappingkey=hkdf.derive(password)


private_key = rsa.generate_private_key(public_exponent=65537,key_size=size,backend=default_backend())

pem = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption()
)

wrappedkey=keywrap.aes_key_wrap_with_padding(wrappingkey,pem, backend=default_backend())



print ("\nWrapping Key: ",binascii.b2a_hex(wrappingkey))
print ("\nWrapped key: ",binascii.b2a_hex(wrappedkey))

rtn=keywrap.aes_key_unwrap_with_padding(wrappingkey, wrappedkey,  backend=default_backend())

print ("\nKey recovered:\n",rtn.decode())

Password:  qwerty123

Wrapping Key:  b'5edc7cacd3fd7dc5c941ef84d4b89d0465bba40ad78c75d640d96d00cbef5ad4'

Wrapped key:  b'84a08097f59517639fd1d3cfeab26b3a577407b089d4aeb4fb7c4af429e17968609510ab53ea66ab07e2a87fb7ec5ea7d066f44627065a340d3eb0865ebe71a11fcf7813cbb9882e7c95c502012e54f6ecce9da38b9f5e651d8d7cdc87aa5be74938ad0b1178ceaff092a5ec73442995823fce7071970fb32e7cb0d80913acfad162d6f0524606c7ceb4ad033a7f06dd1a759294c73fed84b890bd1de80df63da7e5bc152c2db8918ef4e2d9f8831228e0364ffdc2cc26d3166cbd44193403e32ea4fdd92bc69b1a8b53b0de6463d48ab3a232619954a2060c5b0dfc490849b41410540ed0ad16effa3652e27b6be54793c6813a3da703c33b7c8cc6c976433650366ba84f8c37d8b5f1ef581888c1b6b84df2f7d5c17fcdba67bbe6083f165fd27f32f2d7e464b6d4e6e48dc0cf2ead7e905bffb6541f93cc50c789f8f812e7dbcef02565754e129f59b6542dc344585a2711c595b13e5fe51ec8217f353c3d1133dc4d726202e0e691ecef5584f932e5e7b4f3f7ba8696e8e19c23557f0dc583f60e87a3f7215e3a180c8e1a994aac856683721b979ffbb2370e5a1e3d73ec9f88e9f46e03b31e6f34e89b27609a7f42675137fb9d00

## Hazmat Key wrapping for ECC private key

The protection of encryption keys is important, and where they often have to be protected. This is especially important for symmetric keys and the private key of a public key pair. One standard for this is RFC 5649 [here], and which supports Advanced Encryption Standard (AES) Key Wrap algorithm [AES-KW1, AES-KW2]. We then use an AES key-encryption key (KEK) with a length of 128, 192, or 256 bits, and where we will get 64-bit blocks as an output. We can then encrypt data with a key (K1) and which will then be wrapped to give WRAP(K1). To decrypt, we then need the KEK to recover K1. The unwrapping process also checks the integrity of the key. One method is to perhaps use a production environment, and where the keys are stored and wrapped within a Cloud-based system. The KEK will then be protected from access, and used to produce the actual encrytion key [article]. This page uses the Hazmat implementation of [RFC 3394]. With RFC 3394, the length of the key to be wrapped needs to be a multiple of 64 bits, whereas RFC 5549 eliminates this. For the KEK, we either need 128 bits, 192 bits or 256 bits. For this we will use a key derivation function (HKDF) to generate a 16 byte (128 bit) key. In this case we will wrap an ECC private key. 

In [16]:
from cryptography.hazmat.primitives import keywrap
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend

import binascii
import sys

size=512

password="qwerty123"


print ("Password: ",password)

password=password.encode()

hkdf = HKDF(algorithm=hashes.SHA256(), length=32,salt=b"", info=b"",backend=default_backend())
wrappingkey=hkdf.derive(password)


private_key = ec.generate_private_key(ec.SECP256K1(),backend=default_backend())

if (type==1): private_key = ec.generate_private_key(ec.SECP192R1(),backend=default_backend())
elif (type==2): private_key = ec.generate_private_key(ec.SECP224R1(),backend=default_backend())
elif (type==3): private_key = ec.generate_private_key(ec.SECP256K1(),backend=default_backend())
elif (type==4): private_key = ec.generate_private_key(ec.SECP256R1(),backend=default_backend())
elif (type==5): private_key = ec.generate_private_key(ec.SECP384R1(),backend=default_backend())
elif (type==6): private_key = ec.generate_private_key(ec.SECP521R1(),backend=default_backend())
elif (type==7): private_key = ec.generate_private_key(ec.BrainpoolP256R1(),backend=default_backend())
elif (type==8): private_key = ec.generate_private_key(ec.BrainpoolP384R1(),backend=default_backend())
elif (type==9): private_key = ec.generate_private_key(ec.BrainpoolP512R1(),backend=default_backend())

public_key = private_key.public_key()
vals=public_key.public_numbers()
print ("Name of curve: ",vals.curve.name)

pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.PKCS8,encryption_algorithm=serialization.NoEncryption())

wrappedkey=keywrap.aes_key_wrap_with_padding(wrappingkey,pem,backend=default_backend())



print ("\nWrapping Key: ",binascii.b2a_hex(wrappingkey))
print ("\nWrapped key: ",binascii.b2a_hex(wrappedkey))

rtn=keywrap.aes_key_unwrap_with_padding(wrappingkey, wrappedkey,backend=default_backend())

print ("\nKey recovered:\n",rtn.decode())

Password:  qwerty123
Name of curve:  secp256k1

Wrapping Key:  b'5edc7cacd3fd7dc5c941ef84d4b89d0465bba40ad78c75d640d96d00cbef5ad4'

Wrapped key:  b'1a63f504b7ffa6edce2741ee8b9a9b3a539f11896f6cd991b065401f9c943a9d3a84949b9680201e2368914c2ce1ed6726b1ec6a45641bd24defc4f90af1716cd86c885d991d675283b1e143dfae09c267bde5aaaf684c1c8f8e96c77281186fba5e99dc195eb463e7183bb4bd427763b75bd0926b06c5b375d9654f00e8d1ce15819f442e09185ce0c0d9fb32e86de35366c1fb0f531d7550ee804dd59c3542060e13e0d701819556809212023244a63860bcadb19f87cee5f164462f30dca6d710baf50113890b13466eaecea45cae74dda04b24ef0e0dd72b0a60b513d122e2740df3138508e6fecae2d0179ba84e75b3df473ecebe1b'

Key recovered:
 -----BEGIN PRIVATE KEY-----
MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgxeeJp/8sHJWFtiU276cN
h0Qw8yI6v8nS6DHQgvRXrjihRANCAATVpJSik6LRHwRQe1mKVWQwEY1KF7DwcMRR
QTQCzHID1JtkQoYwAT+oThv8rOxvpLQw4Z9sXRZjHsH7j9e9n01K
-----END PRIVATE KEY-----



## Hazmat HOTP

One Time Passwords (OTP) are often used in two-factor authentication systems, and where a user must enter the value. One method is HOTP (HMAC-based one-time password) uses a Hash-based Message Authentication Code (HMAC). The seed of HOTP is generated by a random key, and then the hash is defined by a counter value. The Yubikey uses a HOTP and where a counter is used to generate the required authenication value. The valid hashing algorithms used are SHA-1 (160 bit hash), SHA-256 (256-bit hash) and SHA-512 (512-bit hash), and the output is a numeric value with between 6 and 8 characters. 

In [18]:
import os
from cryptography.hazmat.primitives.twofactor.hotp import HOTP
from cryptography.hazmat.primitives.hashes import SHA256, SHA1, SHA512
from cryptography.hazmat.primitives import twofactor
from cryptography.hazmat.backends import default_backend
import binascii
import sys

chars=6
htype=1
h=SHA256()




if (htype==1): h=SHA256()
if (htype==2): h=SHA1()
if (htype==3): h=SHA512()


key = os.urandom(20)
hotp = HOTP(key, chars, h,backend=default_backend())

print ("=== HOTP ===")
print ("Hash type: ",h.name)
print(f"Key: ",binascii.b2a_hex(key))
print()

print("=== Printing the first 10 tokens ===\n")

for count in range(0,10):
  try:
    hotp_value = hotp.generate(count)
    hotp.verify(hotp_value, count)
  except twofactor.InvalidToken:
    print("Incorrect token")
  else:
    print (f"{count} Val:{hotp_value.decode()}")

print("\n=== Now we will try an incorrect token ===\n")
for count in range(0,3):
  try:
    hotp_value = hotp.generate(count)
    hotp.verify(hotp_value, count+1)
  except twofactor.InvalidToken:
    print(f"{count+1} Val:{hotp_value.decode()} Incorrect token")
  else:
    print (f"{count+1} Val:{hotp_value.decode()}")

=== HOTP ===
Hash type:  sha256
Key:  b'27319827a61fce72322249f44dde3776c1337752'

=== Printing the first 10 tokens ===

0 Val:530420
1 Val:481739
2 Val:682821
3 Val:601739
4 Val:103752
5 Val:711518
6 Val:240445
7 Val:938411
8 Val:536320
9 Val:685211

=== Now we will try an incorrect token ===

1 Val:530420 Incorrect token
2 Val:481739 Incorrect token
3 Val:682821 Incorrect token


## Hazmat TOTP

TOTP (Timed One Time Passwords) are used to create a one time value which is only valid for a given time period. This is often used in two-factor authentication methods, and where a user has a given amount of time to enter a token value. In this case the time-out is after one second, and where we test every 0.25 seconds. The valid hashing algorithms used are SHA-1 (160 bit hash), SHA-256 (256-bit hash) and SHA-512 (512-bit hash), and the output is a numeric value with between 6 and 8 characters. 

In [19]:
import os
import time
from cryptography.hazmat.primitives.twofactor.totp import TOTP
from cryptography.hazmat.primitives.hashes import SHA256, SHA1, SHA512
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import twofactor
import sys
import binascii


chars=6
h=SHA256()
htype=1


if (htype==1): h=SHA256()
if (htype==2): h=SHA1()
if (htype==3): h=SHA512()



key = os.urandom(20)
totp = TOTP(key, chars, h, 1,backend=default_backend())
time_value = time.time()
totp_value = totp.generate(time_value)

print ("=== TOTP ===")
print ("Hash type: ",h.name)
print(f"Key: ",binascii.b2a_hex(key))
print()
for count in range(0,8):
  try:
    time_value = time.time()
    
    totp.verify(totp_value, time_value)
    time.sleep(0.25)
  except twofactor.InvalidToken:
    print ("Invalid: ",totp_value,time_value)
  else:
    print ("Valid: ",totp_value,time_value)

=== TOTP ===
Hash type:  sha256
Key:  b'06a70570e33d8b4225dde19e542f16b5e302471b'

Valid:  b'713730' 1626982392.0131757
Valid:  b'713730' 1626982392.2644885
Valid:  b'713730' 1626982392.515736
Valid:  b'713730' 1626982392.766437
Invalid:  b'713730' 1626982393.0171232
Invalid:  b'713730' 1626982393.017314
Invalid:  b'713730' 1626982393.0173976
Invalid:  b'713730' 1626982393.0174727


## Hazmat with ChaCha/Poly1305

Chacha20 is a stream cipher which uses a 256-bit key and a 96-bit nonce. Currently AES has a virtual monopoly on secret key encryption. There would be major problems, though, if this was cracked. Along with this AES has been shown to be weak around cache-collision attacks. Google thus propose ChaCha20 as an alternative, and actively use it within TLS connections. Currently it is three times faster than software-enabled AES, and is not sensitive to timing attacks. It operates by creating a key stream which is then X-ORed with the plaintext. It has been standardised with RFC 7539. In this case we will use AEAD and where we can add an additional data element to the cipher, in order to authenticate the cipher. This data might relate to the network port number we are sending, or to the sequence number of an encrypted data packet. Poly1305 is a message authentication code for data integrity and message authenticity of a message. It is standardized in RFC 8439. 

In [20]:
import os
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
import sys
import binascii


msg = "a message"
add = "additional data"

print ("Data:\t",msg)
print ("Additional data:\t",add)

key = ChaCha20Poly1305.generate_key()
chacha = ChaCha20Poly1305(key)
nonce = os.urandom(12)
cipher = chacha.encrypt(nonce, msg.encode(), add.encode())
rtn=chacha.decrypt(nonce, cipher, add.encode())

print ("\nKey:\t",binascii.b2a_hex(key).decode())
print ("Nonce:\t",binascii.b2a_hex(nonce).decode())
print ("\nCipher:\t",binascii.b2a_hex(cipher).decode())
print ("Decrypted:\t",rtn.decode())

Data:	 a message
Additional data:	 additional data

Key:	 462fa22c3ec5da78f6c0cb681f553caea2524a177b04bbcfcd19655b5cfb9779
Nonce:	 13b40186c20a3d3e7dbd1761

Cipher:	 02df98712528c2b77121ca1ecd89360c4faf34078d0a8073e5
Decrypted:	 a message


## Hazmat with ChaCha/Poly1305 with Key Derivation

Chacha20 is a stream cipher which uses a 256-bit key and a 96-bit nonce. Currently AES has a virtual monopoly on secret key encryption. There would be major problems, though, if this was cracked. Along with this AES has been shown to be weak around cache-collision attacks. Google thus propose ChaCha20 as an alternative, and actively use it within TLS connections. Currently it is three times faster than software-enabled AES, and is not sensitive to timing attacks. It operates by creating a key stream which is then X-ORed with the plaintext. It has been standardised with RFC 7539. In this case we will use AEAD and where we can add an additional data element to the cipher, in order to authenticate the cipher. This data might relate to the network port number we are sending, or to the sequence number of an encrypted data packet. Poly1305 is a message authentication code for data integrity and message authenticity of a message. It is standardized in RFC 8439. In this case, we will use a HKDF (HMAC Key Derivation Function) to generate the encryption key from a password. We will not use any salt for this, but in practice we would generate a random salt value. 

In [21]:
import os
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
import sys
import binascii
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend


msg = "a message"
add = "additional data"
password="qwerty"
length=32 # 256 bits



hkdf = HKDF(algorithm=hashes.SHA256(), length=length,salt=b"", info=b"",backend=default_backend())

mykey=hkdf.derive(password.encode())

print ("Password: ",password)
print ("Data:\t",msg)
print ("Additional data:\t",add)

chacha = ChaCha20Poly1305(mykey)
nonce = os.urandom(12)
cipher = chacha.encrypt(nonce, msg.encode(), add.encode())
rtn=chacha.decrypt(nonce, cipher, add.encode())

print ("\nKey:\t",binascii.b2a_hex(mykey).decode())
print ("Nonce:\t",binascii.b2a_hex(nonce).decode())
print ("\nCipher:\t",binascii.b2a_hex(cipher).decode())
print ("Decrypted:\t",rtn.decode())

Password:  qwerty
Data:	 a message
Additional data:	 additional data

Key:	 697b0111081294978a075c6cae24729665be7f5a646007ac90aadc3954a484f8
Nonce:	 918df8f4b974965a6c21aa97

Cipher:	 29e8c671cfd4a33cc1c8aae09d26fdbfb79782cbe84ee3eb30
Decrypted:	 a message


## Hazmat with AES GCM

AES GCM converts the AES method into a stream cipher. It thus does not need padding and is faster than other modes. GCM can also support AEAD (Authenticated Encryption with Additional Data), and where we can add additional data into the cipher, and which can be used to authenticate the cipher. This addditional data might bind the cipher to a given network port or session. This means that an intruder cannot replay a cipher because they cannot create the same additional data. In this case we will generate a random 256-bit encryption key. 

In [22]:
import os
from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305
import sys
import binascii


msg = "a message"
add = "additional data"

print ("Data:\t",msg)
print ("Additional data:\t",add)

key = ChaCha20Poly1305.generate_key()
chacha = ChaCha20Poly1305(key)
nonce = os.urandom(12)
cipher = chacha.encrypt(nonce, msg.encode(), add.encode())
rtn=chacha.decrypt(nonce, cipher, add.encode())

print ("\nKey:\t",binascii.b2a_hex(key).decode())
print ("Nonce:\t",binascii.b2a_hex(nonce).decode())
print ("\nCipher:\t",binascii.b2a_hex(cipher).decode())
print ("Decrypted:\t",rtn.decode())

Data:	 a message
Additional data:	 additional data

Key:	 98042f18cc00e3a684a9221383adc6cbe77d06d484a41c57e30a8c7b19848dfa
Nonce:	 cf9b4a1006bdd3c35cae5112

Cipher:	 ac2869cb63d6a8ad366a422a64e0ced6a6c10a951edcb36ef2
Decrypted:	 a message


## Hazmat with AES GCM with Key Derivation

AES GCM converts the AES method into a stream cipher. It thus does not need padding and is faster than other modes. GCM can also support AEAD (Authenticated Encryption with Additional Data), and where we can add additional data into the cipher, and which can be used to authenticate the cipher. This addditional data might bind the cipher to a given network port or session. This means that an intruder cannot replay a cipher because they cannot create the same additional data. In this case we will use HDKF to generate a 256-bit encryption key. 

In [39]:
import os
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
import sys
import binascii
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend


msg = "a message"
add = "additional data"
password="qwerty"
length=32 # 256 bits



hkdf = HKDF(algorithm=hashes.SHA256(), length=length,salt=b"", info=b"",backend=default_backend())

mykey=hkdf.derive(password.encode())

print ("Password: ",password)
print ("Data:\t",msg)
print ("Additional data:\t",add)

# key = ChaCha20Poly1305.generate_key()
aesgcm = AESGCM(mykey)
nonce = os.urandom(12)
cipher = aesgcm.encrypt(nonce, msg.encode(), add.encode())
rtn=aesgcm.decrypt(nonce, cipher, add.encode())

print ("\nKey:\t",binascii.b2a_hex(mykey).decode())
print ("Nonce:\t",binascii.b2a_hex(nonce).decode())
print ("\nCipher:\t",binascii.b2a_hex(cipher).decode())
print ("Decrypted:\t",rtn.decode())

Password:  qwerty
Data:	 a message
Additional data:	 additional data

Key:	 697b0111081294978a075c6cae24729665be7f5a646007ac90aadc3954a484f8
Nonce:	 d33d5ab9c01d87f7970d5c83

Cipher:	 9eeec1295abad9429dd83f74288fa9c585e5cac484fb4a08cb
Decrypted:	 a message
