In [2]:
import base64

In [3]:
with open('informe_de_gestion_julio_original.pdf', 'rb') as f:
    blob1 = base64.b64encode(f.read())
    
with open('informe_de_gestion_julio_original_impreso.pdf', 'rb') as f:
    blob2 = base64.b64encode(f.read())

with open('informe_de_gestion_julio_exportado.pdf', 'rb') as f:
    blob3 = base64.b64encode(f.read())
    
with open('informe_de_gestion_julio_editado.pdf', 'rb') as f:
    blob4 = base64.b64encode(f.read())

#text_file = open('test_blob.txt', "wb")
#text_file.write(blob)
#text_file.close()

In [None]:
#print(blob1)
#print(blob2)
print(blob1 == blob3)

In [None]:
with open('test_blob.txt', 'r') as f:
    blob=f.read()
blob = base64.b64decode(blob)
text_file = open('result.pdf','wb')
text_file.write(blob)
text_file.close()

# **Candidato 1**

**Ejemplo de firma criptográfica asimetrica de un blob en un método.**

- Generación de pares de claves RSA 4096 bits públicos y privados
- SHA-512 con firma RSA de texto usando relleno PSS y MGF1
- Codificación BASE64 como representación de las matrices de bytes
- Codificación UTF-8 de cadenas
- Manejo de excepciones


In [9]:
import base64
from cryptography.exceptions import InvalidSignature
from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization

def firmar(plain_text):
    try:
        # genera un par de claves 
        objeto = []
        private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048,
            backend=default_backend()
        )
        public_key = private_key.public_key()

        #serializacion de llaves 
        pem_privada = private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.NoEncryption()
        )
        
        pem_publica = public_key.public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo
        )

        # firma el documento
        signature = private_key.sign(
            data=plain_text.encode('utf-8'),
            padding=padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            algorithm=hashes.SHA256()
        )
        
        #print("llave publica \n"+str(base64.urlsafe_b64encode(pem_publica)))
        mascara = abs(hash(str(pem_publica)))        
        #print(mascara)
        #print("llave privada \n"+str(base64.urlsafe_b64encode(pem_privada)))
        #print("firma digital \n"+str(base64.urlsafe_b64encode(signature)))
                

        #print("llave publica: "+str(base64.urlsafe_b64encode(publica)))
        objeto.append({
            "codigo_autenticidad": mascara,
            "certificado": {
                "llave_publica": pem_publica.decode("utf-8"),
                "llave_privada": base64.urlsafe_b64encode(pem_privada).decode("utf-8"),
                "firma": base64.urlsafe_b64encode(signature).decode("utf-8")
            }
        })
        print(type(objeto[0]["codigo_autenticidad"]))
        print(type(objeto[0]["certificado"]["llave_publica"]))
        print(type(objeto[0]["certificado"]["llave_privada"]))
        print(type(objeto[0]["certificado"]["firma"]))
        print(objeto)
        return objeto
    except UnsupportedAlgorithm:
        print("paila")

def validar(llave, texto):
    #public_key = llave[0]["Public_key"]
    public_key_pem = llave[0]["certificado"]["llave_publica"].encode()
    signature = base64.urlsafe_b64decode(llave[0]["certificado"]["firma"])
    plain_text = texto
    try:
        public_key = serialization.load_pem_public_key(
            data=public_key_pem,
            backend=default_backend()
        )
        public_key.verify(
            signature=signature,
            data=plain_text.encode('utf-8'),
            padding=padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            algorithm=hashes.SHA256()
        )
        is_signature_correct = True
        print("firma valida: "+str(is_signature_correct))
        #logger.info("Signature is correct: %s", is_signature_correct)
        
    except InvalidSignature:
        is_signature_correct = False        
        print("firma valida: "+str(is_signature_correct))

if __name__ == '__main__':
    # demonstrate method
    #firmado = firmar("Text that should be signed to prevent unknown tampering with its content.")
    #texto = "Text that should be signed to prevent unknown tampering with its content."
    firmado = firmar(str(blob1))
    texto = str(blob4)
    #print(firmado)
    validar(firmado, texto)    

AttributeError: 'dict' object has no attribute 'append'

# **Candidato 2**

In [None]:
from Crypto.PublicKey import RSA
from Crypto.Signature.pkcs1_15 import PKCS115_SigScheme
from Crypto.Hash import SHA256
import binascii

# Generate 1024-bit RSA key pair (private + public key)
keyPair = RSA.generate(bits=1024)
pubKey = keyPair.publickey()

# Sign the message using the PKCS#1 v1.5 signature scheme (RSASP1)
msg = b'Message for RSA signing'
hash = SHA256.new(msg)
signer = PKCS115_SigScheme(keyPair)
signature = signer.sign(hash)
print("Signature:", binascii.hexlify(signature))

# Verify valid PKCS#1 v1.5 signature (RSAVP1)
msg = b'Message for RSA signing'
hash = SHA256.new(msg)
verifier = PKCS115_SigScheme(pubKey)
try:
    verifier.verify(hash, signature)
    print("Signature is valid.")
except:
    print("Signature is invalid.")

# Verify invalid PKCS#1 v1.5 signature (RSAVP1)
msg = b'A tampered message'
hash = SHA256.new(msg)
verifier = PKCS115_SigScheme(pubKey)
try:
    verifier.verify(hash, signature)
    print("Signature is valid.")
except:
    print("Signature is invalid.")

# **Fuentes de referencia**

### https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/
### https://www.cryptoexamples.com/python_cryptography_string_signature_rsa.html
### https://riptutorial.com/python/example/19025/generating-rsa-signatures-using-pycrypto
### https://stackoverflow.com/questions/51228645/how-can-i-encrypt-with-a-rsa-private-key-in-python
### https://nitratine.net/blog/post/asymmetric-encryption-and-decryption-in-python/
### https://www.google.com/search?q=python+sign+message+with+public+key&hl=es&source=lnt&tbs=qdr:y&sa=X&ved=2ahUKEwjXtMugh-7yAhXrkmoFHar_D1g4ChCnBXoECAEQKQ&biw=1920&bih=949
### https://www.tutorialsbuddy.com/encryption-and-decryption-of-strings-in-python
### https://www.cryptoexamples.com/python_cryptography_asymmetric_key_storage.html
### https://www.py4u.net/discuss/262289 

In [None]:
#!/usr/bin/env python

from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import base64

def generate_keys():
    modulus_length = 1024

    key = RSA.generate(modulus_length)
    #print (key.exportKey())

    pub_key = key.publickey()
    #print (pub_key.exportKey())

    return key, pub_key

def encrypt_private_key(a_message, private_key):
    encryptor = PKCS1_OAEP.new(private_key)
    encrypted_msg = encryptor.encrypt(a_message)
    #print(encrypted_msg)
    encoded_encrypted_msg = base64.b64encode(encrypted_msg)
    #print(encoded_encrypted_msg)
    return encoded_encrypted_msg

def decrypt_public_key(encoded_encrypted_msg, public_key):
    encryptor = PKCS1_OAEP.new(public_key)
    decoded_encrypted_msg = base64.b64decode(encoded_encrypted_msg)
    #print(decoded_encrypted_msg)
    decoded_decrypted_msg = encryptor.decrypt(decoded_encrypted_msg)
    print(decoded_decrypted_msg)
    #return decoded_decrypted_msg

def main():
    
    private, public = generate_keys()
    message = b'Hello world'
    encoded = encrypt_private_key(message, public)
    decrypt_public_key(encoded, private)

if __name__== "__main__":
    main()

In [None]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.exceptions import *

def keygen():
    private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048, backend=default_backend())
    public_key = private_key.public_key()
    return private_key, public_key

def sign_(message, private_key):
    signature = private_key.sign(message,
                                 padding.PSS(
                                     mgf=padding.MGF1(hashes.SHA256()),
                                     salt_length=padding.PSS.MAX_LENGTH),
                                 hashes.SHA256())
    return signature

def verify(message, signature, public_key):
    try:         
        public_key.verify(signature,
                          message,
                          padding.PSS(mgf=padding.MGF1(hashes.SHA256()),
                                      salt_length=padding.PSS.MAX_LENGTH),
                          hashes.SHA256())
        return True
    except InvalidSignature: 
        return False
if __name__ == '__main__':
    priv, pub = keygen()
    message = b' I authorise $1,000 dollars to be sent to Ben'
    signature = sign_(message, priv)
    correct = verify(message, signature, pub)
     
    if correct:
        print('message verified - send the money ')
    else:
        print('this does not open with the public key. Bad signature.')
         
    priv2, pub2 = keygen()
    signature2 = sign_(message, priv2)
    correct = verify(message, signature2, pub)
    if correct:
        print('message verified - send the money ')
    else:
        print('this has been signed by someone else. Do not send money')
         
    tamper = message + b'give me money'
    correct = verify(tamper, signature, pub)
    if correct:
        print('message verified - send the money ')
    else:
        print('this is not the original message')

In [None]:
from Crypto.PublicKey import DSA
from Crypto.Hash import SHA256
from Crypto.Signature import DSS

KEYSIZE = 1024

message = "hola".encode()

key = DSA.generate(KEYSIZE)

public_key = key.public_key()
print(public_key.export_key())


message_hash = SHA256.new(message)
signer = DSS.new(key, 'fips-186-3')
signature = signer.sign(message_hash)

print(int.from_bytes(signature, "big", signed=False))

verifier = DSS.new(public_key, 'fips-186-3')

try:
    verifier.verify(message_hash, signature)
    print("bueno")
    
except ValueError:
    print("paila")


In [None]:

import rsa
  
# generate public and private keys with 
# rsa.newkeys method,this method accepts 
# key length as its parameter
# key length should be atleast 16
publicKey, privateKey = rsa.newkeys(512)
# this is the string that we will be encrypting
message = "hello geeks"
  
# rsa.encrypt method is used to encrypt 
# string with public key string should be 
# encode to byte string before encryption 
# with encode method
encMessage = rsa.encrypt(message.encode(), 
                         publicKey)
  
print("original string: ", message)
print("encrypted string: ", encMessage)
  
# the encrypted message can be decrypted 
# with ras.decrypt method and private key
# decrypt method returns encoded byte string,
# use decode method to convert it to string
# public key cannot be used for decryption
decMessage = rsa.decrypt(encMessage, privateKey).decode()
  
print("decrypted string: ", decMessage)

In [None]:
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256
from Crypto.Signature import PKCS1_v1_5
import base64

def sign_message(a_message, privatekey):
    digest = SHA256.new()
    digest.update(a_message.encode("utf-8"))
    privatekey = PKCS1_v1_5.new(privatekey)
    sign = base64.b64encode(privatekey.sign(digest))
    return sign

def generate_keys():
    modulus_length = 2048
    privatekey = RSA.generate(modulus_length, Random.new().read)
    publickey = privatekey.publickey()
    return privatekey, publickey

privatekey, publickey = generate_keys()
print(publickey.export_key())
a_message = "Hello" # message that we need to sign
sign = sign_message(a_message, privatekey)

In [None]:
import logging
from random import SystemRandom

from cryptography.exceptions import UnsupportedAlgorithm
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa

# set up logger
logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)


def demonstrate_asymmetric_key_storage(password=""):
    """
    Example for key storage of a asymmetric key in one method.
    - Random password generation using strong secure random number generator
    - Generation of public and private RSA 4096 bit keypair
    - Serialization of the private key using PEM encoding, PKCS8 format and a password
    - Serialization of the public key using PEM encoding and Subject Public Key Info
    - Writing and loading of the keys
    - Exception handling
    """
    try:
        # GENERATE password (not needed if you have a password already)
        if not password:
            alphabet = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
            password = "".join(SystemRandom().choice(alphabet) for _ in range(20))
        logger.info(password)
        password_bytes = password.encode('utf-8')

        # GENERATE NEW KEYPAIR
        private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=4096,
            backend=default_backend()
        )
        public_key = private_key.public_key()

        # SERIALIZATION
        pem_private = private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.BestAvailableEncryption(password_bytes)
        )
        pem_public = public_key.public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo
        )

        # WRITE KEYS
        with open("private_key.pem", 'wb') as key_file:
            key_file.write(pem_private)
        with open("public_key.pem", 'wb') as key_file:
            key_file.write(pem_public)

        # LOAD KEYS
        with open("private_key.pem", "rb") as key_file:
            private_key_after = serialization.load_pem_private_key(
                data=key_file.read(),
                password=password_bytes,
                backend=default_backend()
            )
        with open("public_key.pem", "rb") as key_file:
            public_key_after = serialization.load_pem_public_key(
                data=key_file.read(),
                backend=default_backend()
            )

        # CHECK whether keys are the same
        private_before = private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.NoEncryption()
        )
        private_after = private_key_after.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.NoEncryption()
        )
        public_before = pem_public
        public_after = public_key_after.public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo
        )

        logger.info("Private Key before and after storage is the same: %s",
                    private_before == private_after)
        logger.info("Public Key before and after storage is the same: %s",
                    public_before == public_after)
    except (UnsupportedAlgorithm, ValueError, TypeError):
        logger.exception("Asymmetric key storage failed")


if __name__ == '__main__':
    # demonstrate method
    demonstrate_asymmetric_key_storage("")
