<center><h1>CS356 Lab 3 <br /><br />Introduction to Cryptographic Tools<br /><br />Part 2</h1></center>

### Overview

This *crytopgraphic tools* notebook continues the previous CS356 jupyter lab and includes a number of exercises and  assignments designed to give you a better understanding of the following topics:


1. Diffie-Hellman Key Exchange
2. Asymmetric Encryption
 * RSA 
 * Elliptic Curve
3. Digital Digests (secure digital hashing)
4. Data Integrity and Authentication using Digital Signatures
5. Student Assignment


You must have successfully completed *Cryptographic Tools, Part 1* before starting this notebook, since we will re-use some of the techniques and tools used in that lab.  When you finish this assignment, you must turn in your results to Canvas as described at the end of this notebook.

#### Acknowledgements and Citations

This jupyter notebook contains original material as well as material adapted from wikipedia, tutorialspoint, and various other sources cited in-line. 




----

### Part 1:  Diffie-Hellman Key Exchange 

Our first jupyter lab on cryptographic tools explored *symmetric enryption*.  This method uses a single key, a *shared secret*, that is used to both encrypt and decrypt a plaintext message to/from ciphertext.  Symmetric encryption is fast and efficient, but has a distinct disadvantage: how do we communicate the key from one party to the other without someone compromising the key by eavesdropping or altering it?  

The Diffie-Hellman key exchange, invented in 1976,  is a famous example of how symmetric keys can be created and shared between two people.   This key can then be used to encrypt subsequent communications using a symmetric key cipher.

Diffie-Hellman is a way of generating a shared secret (key) between two people in such a way that the secret can’t be seen by observing the communication. You’re not sharing information during this key exchange. Instead you’re creating a key together.  In fact, the two parties can create a new and different key each time they wish to communicate, making it harder for attackers to perform cryptographic analysis to break their codes.  These "on-demand" keys are known as *"session keys"*.

Traditionally we name these two people "Alice" and "Bob". A third person, named "Eve", is a malicious actor attempting to compromise the system.  The conceptual diagram and explanation given below (source: wikipedia) illustrates the general idea of the key exchange by using colors instead of very large numbers.


<img src="http://www.cs.colostate.edu/~gersch/cs356/jupyter/images/DiffieHelmanColorTutorial.png" alt="Diffie-Hellman" width="300px" />

The process begins by having the two parties, Alice and Bob, agree on an arbitrary starting color that does not need to be kept secret (but should be different every time); in this example, the color is yellow. Each of them also selects a secret color that they keep to themselves – in this case, red and blue-green. The crucial part of the process is that Alice and Bob each mix their own secret color together with their mutually shared color, resulting in orange-tan and light-blue mixtures respectively, and then publicly exchange the two mixed colors. Finally, each of the two mixes the color they received from the partner with their own private color. The result is a final color mixture (yellow-brown in this case) that is identical to the partner's final color mixture.

If a third party listened to the exchange, it would only know the common color (yellow) and the first mixed colors (orange-tan and light-blue), but it would be computationally difficult for this party to determine the final secret color (yellow-brown). In fact, when using large numbers rather than colors, this action is computationally expensive: It is impossible to do in a reasonable amount of time even for modern supercomputers.

Now let's switch from colors to numbers.

Diffie-Hellman is a way of generating a shared secret between two people in such a way that the secret can't be seen by observing the communication. That's an important distinction: You're not sharing information during the key exchange, you're creating a key together.

This is particularly useful because you can use this technique to create an encryption key with someone, and then start encrypting your traffic with that key. And even if the traffic is recorded and later analyzed, there's absolutely no way to figure out what the key was, even though the exchanges that created it may have been visible. This is where perfect forward secrecy comes from. Nobody analyzing the traffic at a later date can break in because the key was never saved, never transmitted, and never made visible anywhere.

The way it works is reasonably simple. A lot of the math is the same as you see in public key crypto in that a trapdoor function is used. And while the discrete logarithm problem is traditionally used (the xy mod p business), the general process can be modified to use elliptic curve cryptography as well.

But even though it uses the same underlying principles as public key cryptography, this is not asymmetric cryptography because nothing is ever encrypted or decrypted during the exchange. It is, however, an essential building-block, and was in fact the base upon which asymmetric crypto was later built.


Now let's explain the algorithm using numbers instead of colors.  The basic idea works like this (*from security.stackexchange.com*):

1. I come up with a prime number **p** and a number **g** which is coprime to **p-1** and tell you what they are.
2. You then pick a secret number **(a)**, but you don't tell anyone. Instead you compute **g<sup>a</sup> mod p** and send that result back to me. (We'll call that **A** since it came from **a**).
3. I do the same thing, but we'll call my secret number **b** and the computed number **B**. So I compute **g<sup>b</sup> mod p** and send you the result (called "**B**")
4. Now, you take the number I sent you and do the exact same operation with it. So that's **B<sup>a</sup> mod p**.
5. I do the same operation with the result you sent me, so: **A<sup>b</sup> mod p**.

The "magic" here is that the answer I get at step 5 is the same number you got at step 4. Now it's not really magic, it's just math, and it comes down to a fancy property of modulo exponents. Specifically:


> <span style="background-color: #FFFF00">(g<sup>a</sup> mod p)<sup>b</sup> mod p = g<sup>ab</sup> mod p </span>
<br />
> <span style="background-color: #FFFF00">(g<sup>b</sup> mod p)<sup>a</sup> mod p = g<sup>ba</sup> mod p </span>


Which, if you examine closer, means that you'll get the same answer no matter which order you do the exponentiation in. So I do it in one order, and you do it in the other. I never know what secret number you used to get to the result and you never know what number I used, but we still arrive at the same result.

That result, that number we both stumbled upon in step 4 and 5, is our shared secret key. We can use that as our password for AES or Blowfish, or any other algorithm that uses shared secrets. And we can be certain that nobody else, nobody but us, knows the key that we created together. 

Now let's try a simple example with small numbers using the following python code.  Execute the following cell and examine the output to see how Bob and Alice calculate the identical secret key:

In [6]:
# Diffie-Hellman key-exchange for small numbers

# Variables Used
sharedPrime = 23    # p
sharedBase = 5      # g
 
aliceSecret = 6     # a
bobSecret = 15      # b
 
# Begin
print( "Publicly Shared Variables:")
print( "    Publicly Shared Prime: " , sharedPrime )
print( "    Publicly Shared Base:  " , sharedBase )
 
# Alice Sends Bob A = g^a mod p
A = (sharedBase**aliceSecret) % sharedPrime
print( "\n  Alice Sends Over Public Chanel: " , A )
 
# Bob Sends Alice B = g^b mod p
B = (sharedBase ** bobSecret) % sharedPrime
print( "    Bob Sends Over Public Channel: ", B )
 
print( "\n------------\n" )
print( "Privately Calculated Shared Secret:" )
# Alice Computes Shared Secret: s = B^a mod p
aliceSharedSecret = (B ** aliceSecret) % sharedPrime
print( "    Alice Shared Secret: ", aliceSharedSecret )
 
# Bob Computes Shared Secret: s = A^b mod p
bobSharedSecret = (A**bobSecret) % sharedPrime
print( "    Bob Shared Secret: ", bobSharedSecret )

Publicly Shared Variables:
    Publicly Shared Prime:  23
    Publicly Shared Base:   5

  Alice Sends Over Public Chanel:  8
    Bob Sends Over Public Channel:  19

------------

Privately Calculated Shared Secret:
    Alice Shared Secret:  2
    Bob Shared Secret:  2


Now let's try performng Diffie-Hellman with larger numbers.  Alice and Bob will generate a 256 bit session key in this next exercise.  First execute the cell below to create a Python class structure for Diffie-Hellman. 

In [7]:
#    The following is copied from the github repository for pyDH module.

#			   Apache License
#         Version 2.0, January 2004
#     Copyright 2015 Amirali Sanatinia

""" Pure Python Diffie Hellman implementation """

import os
import binascii
import hashlib

# RFC 3526 - More Modular Exponential (MODP) Diffie-Hellman groups for 
# Internet Key Exchange (IKE) https://tools.ietf.org/html/rfc3526 

primes = {
	
	# 1536-bit
	5: { 
	"prime": 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF,
	"generator": 2
	},

	# 2048-bit
	14: {
	"prime": 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF,
	"generator": 2
	},

	# 3072-bit 
	15: {
	"prime": 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF,
	"generator": 2
	},

	# 4096-bit
	16: {
	"prime": 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199FFFFFFFFFFFFFFFF,
	"generator": 2
	},

	# 6144-bit
	17: {
	"prime": 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF,
	"generator": 2
	},

	# 8192-bit
	18: {
	"prime": 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6BF12FFA06D98A0864D87602733EC86A64521F2B18177B200CBBE117577A615D6C770988C0BAD946E208E24FA074E5AB3143DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D788719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA993B4EA988D8FDDC186FFB7DC90A6C08F4DF435C93402849236C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BDF8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1BDB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F323A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AACC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE32806A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55CDA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E438777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F5683423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD922222E04A4037C0713EB57A81A23F0C73473FC646CEA306B4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A364597E899A0255DC164F31CC50846851DF9AB48195DED7EA1B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F924009438B481C6CD7889A002ED5EE382BC9190DA6FC026E479558E4475677E9AA9E3050E2765694DFC81F56E880B96E7160C980DD98EDD3DFFFFFFFFFFFFFFFF,
	"generator": 2
	}
}


class DiffieHellman:
	""" Class to represent the Diffie-Hellman key exchange protocol """
	# Current minimum recommendation is 2048 bit.
	def __init__(self, group=14):
		if group in primes:
			self.p = primes[group]["prime"]
			self.g = primes[group]["generator"]
		else:
			raise Exception("Group not supported")

		self.__a = int(binascii.hexlify(os.urandom(32)), base=16)

	def get_private_key(self):
		""" Return the private key (a) """
		return self.__a

	def gen_public_key(self):
		""" Return A, A = g ^ a mod p """
		# calculate G^a mod p
		return pow(self.g, self.__a, self.p)

	def check_other_public_key(self, other_contribution):
		# check if the other public key is valid based on NIST SP800-56
		# 2 <= g^b <= p-2 and Lagrange for safe primes (g^bq)=1, q=(p-1)/2

		if 2 <= other_contribution and other_contribution <= self.p - 2:
			if pow(other_contribution, (self.p - 1) // 2, self.p) == 1:
				return True
		return False

	def gen_shared_key(self, other_contribution):
		""" Return g ^ ab mod p """
		# calculate the shared key G^ab mod p
		if self.check_other_public_key(other_contribution):
			self.shared_key = pow(other_contribution, self.__a, self.p)
			return hashlib.sha256(str(self.shared_key).encode()).hexdigest()
		else:
			raise Exception("Bad public key from other party")

Now Bob and Alice can use this class structure to create a shared secret key.  Execute the next cell to see how the two keys are identical.

In [8]:
#  Create instances of the DH object for both Bob and Alice
AliceDH = DiffieHellman()
BobDH   = DiffieHellman()

#  Create their public keys that they will share with each other
#  Their private keys are not shared publicly and are stored in the class structure
Alice_pubkey = AliceDH.gen_public_key()
Bob_pubkey   = BobDH.gen_public_key()
print ("Alice's public key:\n", Alice_pubkey)
print ("Alice's private key:\n", AliceDH.get_private_key())
print ()
print ("Bob's public key:\n", Bob_pubkey)
print ("Bob's private key:\n", BobDH.get_private_key())
print ()

#  Finally, both Bob and Alice generate the shared key.  Check to see if they are identical.
Alice_sharedkey = AliceDH.gen_shared_key(Bob_pubkey)
Bob_sharedkey  = BobDH.gen_shared_key(Alice_pubkey)
print ("The shared secret key that Alice generated:\n", Alice_sharedkey)
print ()
print ("The shared secret key that Bob generated:\n", Bob_sharedkey)
print ()
print ("\nThe length of the shared key in bits is:", len(Alice_sharedkey)*4)
print ("\nAre the shared keys the same?", Alice_sharedkey == Bob_sharedkey)

Alice's public key:
 23318313781398780126374865877951455719815401996162902678393179381894561274888532973662585525342930494029596356207696525941497927875561734811193741991181863818595710750690330356722847328391575402100828045049631480400883058802978988179706773028248660612729615278198609605043005056047458216911443294895799649550650018347863196708449692900513558793887514328910376742232181416176983594740913801203445706567296931033868574363911037999642504118015808239079670025887050673204161656748257558899712203567728141909010599564264568647705779087917115391105777032551190454337039659121753050249564143138571571061550543052894456230934
Alice's private key:
 109916104443576520602562465865011529529851822631975942899208279887385929526952

Bob's public key:
 109781193380271955417793181070763713637840340103625926316207978685178220593731743036624911478107273495101365421701173196502819955832144973763699590222376566179819431782161483448709759836477044956750678467408942644332500624354749660511583648

Although Diffie–Hellman key agreement itself is a non-authenticated key-agreement protocol (there could still be a man-in-the-middle attack sending the wrong colors or numbers), it provides the basis for a variety of authenticated protocols, and is used to provide forward secrecy in Transport Layer Security's (TLS) ephemeral modes. 

Even though Diffie-Hellman uses the same underlying principles as public key cryptography, this is not asymmetric cryptography because nothing is ever encrypted or decrypted during the exchange. It is, however, an essential building-block, and was in fact the base upon which asymmetric crypto was later built.  The Diffie-Hellman method was followed shortly afterwards by RSA, an implementation of public-key cryptography using asymmetric algorithms.

----

### Part 2:  Asymmetric Encryption using Keypairs 

Asymmetric encryption, also known as *public key encryption*,  is a cryptographic system that uses pairs of keys: a public key which may be disseminated widely, and a private key which is known only to the owner.  The public key is used for encrypting and the private key is used for decrypting.

<img src="http://www.cs.colostate.edu/~gersch/cs356/jupyter/images/key-generation.png" alt="generating keypairs" width="300px" />

<img src="http://www.cs.colostate.edu/~gersch/cs356/jupyter/images/PublicPrivate.png" alt="public private keypairs" width="400px" />

Keypairs are generated using mathematical "trap door" functions.  The RSA algorithm uses very large prime numbers.  The Elliptic Curve algorithm uses an intriguing exponential formula.  These algorithms will be explained in a class lecture.

Due to its key length and the math involved, asymmetric encryption is slower than symmetric encryption.  It is typically only used to encrypt small amounts of data.  We will talk more about this later.  

This jupyter lab will explore the following topics:

* Generating keypairs using linux commands and python code
* Using keypairs to encrypt and decrypt.



#### 2A) Generating keypairs with Linux shell commands 

The `ssh-keygen` command is the simplest way to generate public/private keypairs and save them to a file.  This command was originally intended to be used to generate keys to be used by the `SSH` command.  This provides a more secure SSH login mechanism than a simple password scheme.  In this situation, The `SSH` key is  stored in a users hidden directory `$HOME/.ssh/`.  Nothing prevents us from using the keypair in a more generic fashion and saving it to any directory/file that we choose.  Let's generate several keypairs using the **RSA algorithm** as well as the **elliptic curve algorithm** and store them in the same directory as this Jupyter notebook.

We are using the `-N ""` option to avoid setting a password for the private keys.  Normally you would set a password to protect the private key from prying eyes.  We just don't need to protect these keys because we will be deleting them soon.  

Execute the next two code modules to generate and examine the keypairs.

In [9]:
! ssh-keygen -t rsa -b 2048 -N "" -f myRSAkeypair2048
! ssh-keygen -t rsa -b 1024 -N "" -f myRSAkeypair1024
! ssh-keygen -t ecdsa -b 521 -N "" -f myEllipticCurve521
! echo "\n\nDirectory Listing:\n"
! ls -l my*

Generating public/private rsa key pair.
Your identification has been saved in myRSAkeypair2048
Your public key has been saved in myRSAkeypair2048.pub
The key fingerprint is:
SHA256:9Gg7Tv5/+48aXQaQ3+XHf6hy0oSBYQ7Rmv3sMucL+Do elita@Elitas-MacBook-Pro.local
The key's randomart image is:
+---[RSA 2048]----+
|      .o    ..   |
|      . +   ..  .|
|       B.o   ..+.|
|      o.+o.   ..=|
|        So.o   .=|
|       o .+ ...oo|
|      . =. o... .|
|      E=oo= +... |
|      .o+*+*oooo+|
+----[SHA256]-----+
Generating public/private rsa key pair.
Your identification has been saved in myRSAkeypair1024
Your public key has been saved in myRSAkeypair1024.pub
The key fingerprint is:
SHA256:TqAwSpgvw/4nOrnhZkrEOGJ89C3sm0JlSY3isWpDB3E elita@Elitas-MacBook-Pro.local
The key's randomart image is:
+---[RSA 1024]----+
| ..E  o          |
|.o.o o .         |
|o.=.= o          |
|*+.*o=..         |
|O*+.++ .S        |
|=B... .o         |
|.++  .  .        |
|o=oo .o          |
|=++.+o           |
+----[SH

Let's take a look at the files.  Notice the size of the files.  Which is biggest?  Which is smallest?  What format is used to encode the keys so that they print properly?  

In [10]:
! echo "1024 bit RSA private key\n"
! cat myRSAkeypair1024
! echo "\n1024 bit RSA public key\n"
! cat myRSAkeypair1024.pub
! echo "\n\n2048 bit RSA private key\n"
! cat myRSAkeypair2048
! echo "\n2048 bit RSA public key\n"
! cat myRSAkeypair2048.pub
! echo "\n\n521 bit elliptic curve private key\n"
! cat myEllipticCurve521
! echo "\n521 bit elliptic curve public key\n"
! cat myEllipticCurve521.pub

#  Delete the key files, we don't need them anymore

! rm myRSAkeypair*
! rm myEllipticCurve*
! echo "\nbye-bye keypair files.  We will miss you"


1024 bit RSA private key

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAIEA+KghioZKrSa5zE72yQprzX5prR55wuJVjgnroP+4l+g0lljMdY2X
k+kyyYLnDXpZmJ2RlyiIsoNP3z+yrx8zjrQmYr/GDQDKW2qCTY3UmTi4vFGZEkKmgAYmao
Y/eU88l7Z8jxOu09vCY1dNx4sbw6AQUL7lr0cre5TE56TaXvsAAAIY/hIh5v4SIeYAAAAH
c3NoLXJzYQAAAIEA+KghioZKrSa5zE72yQprzX5prR55wuJVjgnroP+4l+g0lljMdY2Xk+
kyyYLnDXpZmJ2RlyiIsoNP3z+yrx8zjrQmYr/GDQDKW2qCTY3UmTi4vFGZEkKmgAYmaoY/
eU88l7Z8jxOu09vCY1dNx4sbw6AQUL7lr0cre5TE56TaXvsAAAADAQABAAAAgQCu13oOL3
Ne4TYP5Q4+OqemrNadtioj0IYcA/m9EVK47bvcY8AQgGkuxfDCJNtWbMuHNnRi90t3SkHl
VqLL5IKY2FdRyc5kb9omhDSrfAvT39OdtRThHtfjYKb8XVli66D/TqfRmKxXVyJrUiYUXL
uA4rJ6ZTt6lUbjoGj+Pb/ZwQAAAEEA4M3HtX6DposdToyDQckSmsvysPQUcfeODUojMOkt
M69/rQeM+dUBm5ERXpN/9AyFRMlfdUJW3kzP1ZxjmfJ5ggAAAEEA/5s08Uddo/Uz2/QXBP
+Z0+vSVQIbEqTg8dqSPjaToXCm1YVbXpwasjdY89f2DTdb5Zt5gPydc8RHEaM2/F0PawAA
AEEA+QovDk1dE3GUOlpC7hNtvxaXV4m+KIBFLiBf2faQKnVW6Nvpsln0FbkdI93HE5vSUp
YwVu6oyB4gIMyRY

#### 2B) Generating keypairs in python

To generate keypairs in Python we will make use of the  `Crypt` module.  The lab machines should already have this module installed.  If your laptop does not have `Crypt` installed, use the linux command: `pip install pyCrypt` to install the library.  

Execute the cell below to import the Crypto library routines and to define some useful subroutines.  We will use these routines in the next few cells.  

In [11]:
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA512, SHA384, SHA256, SHA, MD5
from Crypto import Random
from base64 import b64encode, b64decode
hash = "SHA-256"

def newkeys(keysize):
   random_generator = Random.new().read
   key = RSA.generate(keysize, random_generator)
   private, public = key, key.publickey()
   return public, private

def importKey(externKey):
   return RSA.importKey(externKey)

def getpublickey(priv_key):
   return priv_key.publickey()

Now let's use the first routine, `newkeys`, to generate a keypair and take a look at the public and private keys generated.  You can generate keys of various sizes: 1024,2048 or 4096 bits.  

We will generate a 2048 bit key, the current minimum RSA key size as recommended by NIST.  The generated keys are stored as python objects, not files.  Notice that the key objects store data in numeric format, *NOT* in base64.

In [12]:
#  create a private and public keypair

pub,priv = newkeys(2048)

#  show what they look like

print (repr(priv))  # print the key object; it contains the public key, exponents and private key
print ()
print (repr(pub))  # print the public key

RsaKey(n=20088094463091668435035689571537104243665807838757624387270632872172069601789699999132759194674053432199360224028760837427817063975950396685769914305643102605326060267917622447978556343582139383375611544627827161886985470438674209196202219066995129143767993748236791069042406430371040199439798076523211698645963963432299634894165483456671977809496529678460085677495913633206958825664060521315050574347099825964508952050400427384335320487493120573976317174192343140723843479710532172311336446744406117652897491921912756996348384881999855044000809798648423756829623532926108123800125541822710406514558707296514246573759, e=65537, d=6622263467584654417183363187101318906638994436064489904740559122377856230017646039355833535269129261373989923861961607834169822652858817467935044304338300987046546715418164288700683732900378738389460723281264107795113006222859701995574239634747238432505416862698260082803014952289032508489812433332071787680850778040598924088737903260756679910404856498737090703

To store the keys into a file, we have to convert to PEM format (Privacy Extensions for Mail), which will convert the key to base64 along with some extra information.  

Before we write a file, execute the next cell to see the conversion to PEM format.  Notice that the exported format is a byte array, *not* a string.

In [13]:
print(priv.exportKey(format='PEM'))    # print the base64 PEM format key

b'-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAnyDcNrk2iFSfJ0EHBWuIvo1g+0Pq00Su3qh6jBpl38r9QLEc\nm3RgwSb5RmbT638At9DXkDw/FkvSYeNP3QwqrGXMO/gEMNcSLyIKK4YtCwrSiILq\nNUV4r1ZstspkZuqqrHewh3Q1jCcK5dv9r4PaaL5cXLNaUMe6AmFdydotR9ssoK1b\n/N7t6dNPuj2AGoOSBSIxxonxWVTMVILPWlIyHzLa7RFjENedf8k2g0xhFj4Hwgcj\nogWHGun+JGdUaIu/q4I5gLuqn6hzkPQDc/RsR5fIIEOyHOb8YFOkg3ICDtPNpaDS\nNUzBJwMSIVdbX6sOFKyMkvN+f7r+wPgyycH+vwIDAQABAoIBAAU+75OMQox3AbIp\nFiKrG1xwy7gs0oJ5eqxTcIrK2f3pMrUdwZwsV342mzQjcqwKSUtGAr06BzhkcoCQ\nnlLisktxpax6biTwCiTsodoyd6ysBCnE6xSrgCGDn1zdSjcMWGkMHxEwFw3SQa03\nNeNB3QLj96aEsR8Fno+yhwV/AEwkk71pL8u4Uu8ZINN4XRO+RZ4q9y9/uJMHka8b\npWaRxJ6RaJxRtrgs7b1EoU9qilg9foOW1y72R2sTpsfW2VXCYDBGFRo8994dZTkP\nKeSI0pj1qGx+CPv89Qvz4Kd/RwWXd2betb4//9peXsHe/yd3oyd1z+CYjpr0csHH\nzaB5RbkCgYEAvsXkpu8DS+zuOwHKQnvaxO587b9sibY1x3uWb81w8TRbLy5DHrYb\nhKHgNnSzQN771Q0pRV3fwcAjsBi1U9XpxFT0kvblZjTCZA7tFUED7G1vCECIsXCf\nMkkK+hN7SoN6o0OFgjEG1RBuKPOKpJcZOFTaUYyAWdMu2ScOjL3+GucCgYEA1Ykn\nAGzuz2ESWoAGo1Tqo67WZc1NYpJWcoyTcdTnCYrNV

You should *NEVER* store a private key without encrypting it with a passphrase.  The private key should stay private and well-protected from prying eyes... like Eve's.   ... or mine...  

Let's print it again, this time encrypted in DES format using a passphrase.  

In [14]:
print(priv.exportKey(format='PEM', passphrase="cs356")) # show what happens when we use a passphrase

b'-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,2BBF69605E0BC9F5\n\nhu7ueoyOeuqn9zRWrLs7x6EYzrjGVoXalbXIWGEf3oq/hc82bWT2zbXoZbvXXRY7\noI8LBW0tjIoWpNm5mgHNl93AKh+gQUaKkz6v937IvBmHPGa2UDT+AenR0BHVMR20\nkUGvAm0h8GdGVxnVyTdc1B6sSGE6Ga1xtMKCT6uhJiXvodsDQtdmnuV1JjkyCUgN\nNysw6yEOaGfatPRvKeioBjP55iwT1qsetbei+lg5ZYdXe13bqLKbFXD3b3kcjiQ9\neeQLwQtqw84sNh9GNmnjZ7qpypSeq11tZO8i7JYwgJqSyPllei1I0yEH8X9U3Ac5\nRsQoAKXi1cR4yB9y9OGOq+1yvWp1NX3cPL/BDJA1yba1PILQc0S4UHwNFNw7prxp\noYwuqeOLBxrl7b/RtbdZCWFNHGzUSwI/CRBZI+HSrWrVheUSdq0YiEM2fJgp8dHr\nc+8PfjIBV+TmcktXcxBjYHvLnX2UKnbVpzHWRHo7s2ZoG/UMc74Yx/XdMitgfUsC\nMtcUzi7seNdoNzf0o9/cuaQaYbBAOCEiHMqFVnt93MtqXjgo7dQXMdrZORvVbT8/\nhDt59pHt00kO+rEHu7rcqZfv1L0vNEdMnBKY1tB8P6vuO9c5AECExyyy2RUDk8iq\n7wWPhJl7cnCmgY6iubglaDwKUvUGRgvjCNaW2uS/B8KX4AiJBakis3Nha9H//5Q0\n5b5BMOBp1pfDOtFw5kO13AYJOajJjD3B6SrPY5aJ8o/L33Tcd3hhlvnrEXXohZ+S\nksLcGLUdIUtJKnZS9Fj6BZ/PLVFDt5uo+Jyg76n25stUF7VHxYlGE6fh+sbyoLWu\nntTPsXm13nxT5hu/QooviaJAHavXov8GrzPY/jkT

Finally, let's write the keys to a passphrase protected file. We then look at the file contents using the `cat` command.

In [15]:
with open("cs356key.pem","wb") as fd:
    fd.write(priv.exportKey(format="PEM"))

! echo "Contents of key file:\n"
! cat cs356key.pem 

Contents of key file:

-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAnyDcNrk2iFSfJ0EHBWuIvo1g+0Pq00Su3qh6jBpl38r9QLEc
m3RgwSb5RmbT638At9DXkDw/FkvSYeNP3QwqrGXMO/gEMNcSLyIKK4YtCwrSiILq
NUV4r1ZstspkZuqqrHewh3Q1jCcK5dv9r4PaaL5cXLNaUMe6AmFdydotR9ssoK1b
/N7t6dNPuj2AGoOSBSIxxonxWVTMVILPWlIyHzLa7RFjENedf8k2g0xhFj4Hwgcj
ogWHGun+JGdUaIu/q4I5gLuqn6hzkPQDc/RsR5fIIEOyHOb8YFOkg3ICDtPNpaDS
NUzBJwMSIVdbX6sOFKyMkvN+f7r+wPgyycH+vwIDAQABAoIBAAU+75OMQox3AbIp
FiKrG1xwy7gs0oJ5eqxTcIrK2f3pMrUdwZwsV342mzQjcqwKSUtGAr06BzhkcoCQ
nlLisktxpax6biTwCiTsodoyd6ysBCnE6xSrgCGDn1zdSjcMWGkMHxEwFw3SQa03
NeNB3QLj96aEsR8Fno+yhwV/AEwkk71pL8u4Uu8ZINN4XRO+RZ4q9y9/uJMHka8b
pWaRxJ6RaJxRtrgs7b1EoU9qilg9foOW1y72R2sTpsfW2VXCYDBGFRo8994dZTkP
KeSI0pj1qGx+CPv89Qvz4Kd/RwWXd2betb4//9peXsHe/yd3oyd1z+CYjpr0csHH
zaB5RbkCgYEAvsXkpu8DS+zuOwHKQnvaxO587b9sibY1x3uWb81w8TRbLy5DHrYb
hKHgNnSzQN771Q0pRV3fwcAjsBi1U9XpxFT0kvblZjTCZA7tFUED7G1vCECIsXCf
MkkK+hN7SoN6o0OFgjEG1RBuKPOKpJcZOFTaUYyAWdMu2ScOjL3+GucCgYEA1Ykn
AGzuz2ESWoAGo1Tqo67WZc1NYpJWcoyTcdT

We can now read the file and use the `importKey` subroutine to convert from PEM back to a key object.  You can compare the imported key object with the original key generated earlier.  They will be identical, of course.

In [16]:
with open("cs356key.pem","r") as fd:
    key = importKey(fd.read())
    
print ("This is the key read from file and converted back to a key object:\n")
print (repr(key))

This is the key read from file and converted back to a key object:

RsaKey(n=20088094463091668435035689571537104243665807838757624387270632872172069601789699999132759194674053432199360224028760837427817063975950396685769914305643102605326060267917622447978556343582139383375611544627827161886985470438674209196202219066995129143767993748236791069042406430371040199439798076523211698645963963432299634894165483456671977809496529678460085677495913633206958825664060521315050574347099825964508952050400427384335320487493120573976317174192343140723843479710532172311336446744406117652897491921912756996348384881999855044000809798648423756829623532926108123800125541822710406514558707296514246573759, e=65537, d=66222634675846544171833631871013189066389944360644899047405591223778562300176460393558335352691292613739899238619616078341698226528588174679350443043383009870465467154181642887006837329003787383894607232812641077951130062228597019955742396347472384325054168626982600828030149522890325084898124

----

#### 2C)  Asymmetric Encryption and Decryption

Finally, let's learn how to encrypt and decrypt data using public-key cryptography in Python.  Recall that you can encrypt plaintext data with either key, and decrypt the ciphertext message using the corresponding member of the keypair.

1.  encrypt with public key, decrypt with private key
2.  encrypt with private key, decrypt with public key

 

Let's start with encryption.  Let's assume Bob wants to send an encrypted message to Alcice.  Which key should he use?  Bob has four choices:

1. Bob's private key  
2. Bob's public key
3. Alice's private key *(let's hope Alice doesn't have access to this key.  Alice needs to keep her key private.)*
4. Alice's public key


This is a message for Alice.  Alice should be the **only** person able to read the message.  Therefore Bob must use Alice's public key to encrypt the message.  Alice can then use her private key to decrypt the message. No one else has access to her private key, so only she can see the message.

See the diagram: below:

<img src="http://www.cs.colostate.edu/~gersch/cs356/jupyter/images/RSAEncryption.png"  width="300px" />


Add a couple of convenient routines to our code to generate RSA keys and then perform encryption and decryption using the `Crypto` libraries.  Now execute the following cell to perform asymmetric encryption and decryption.

In [17]:
from Crypto import Random
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import base64

def generate_keys():
   # key length must be a multiple of 256 and >= 1024
   modulus_length = 256*4
   privatekey = RSA.generate(modulus_length, Random.new().read)
   publickey = privatekey.publickey()
   return privatekey, publickey

def encrypt(message, pub_key):
   cipher = PKCS1_OAEP.new(pub_key)
   return cipher.encrypt(message)

def decrypt(ciphertext, priv_key):
   cipher = PKCS1_OAEP.new(priv_key)
   return cipher.decrypt(ciphertext)


# first generate some keys for Alice.  Alice publishes her public key for the entire world to see
# but of course, she keeps her private key to herself.  

Alice_publicKey, Alice_privateKey = newkeys(2048)

# Bob's top-secret message for Alice.  
# ... straight out of a soap opera.  So sad....

msg = b"Boo hoo hoo, please don't leave me, Alice"  
print (msg)
print ("binary array message length: ", len(msg))
print ()

# encrypt our soap opera with Alice's public key 

encrypted_msg = encrypt(msg, Alice_publicKey)  # soap opera
print ("encrypted message: \n", encrypted_msg)
print ("length of encrypted message:", len(encrypted_msg))
encoded_encrypted_msg = b64encode(encrypted_msg)

# now encode it in base64
print ()
print ("base64 version of encrypted message:\n", encoded_encrypted_msg)
print ("length of base64 version:", len(encoded_encrypted_msg))

# decrypt it to get the original message back
# first decode from base64, then decrypt it with Alice's private key

print ()
decoded_encrypted_msg = b64decode(encoded_encrypted_msg)
print ("decoded from base64:\n", decoded_encrypted_msg)
print ("length of decoded message", len(decoded_encrypted_msg))

print()
decrypted_msg = decrypt(decoded_encrypted_msg, Alice_privateKey)
print ("Alice's decrypted message:\n", decrypted_msg)

# is the message the same as the original message sent by Bob?

assert decrypted_msg == msg

# what will Alice do?  Stay tuned for the next episode!!!  (Don't you just love cliff-hanger endings...)



b"Boo hoo hoo, please don't leave me, Alice"
binary array message length:  41

encrypted message: 
 b'\x85\x83\x10\x8a\xe1\xfb\xf3\xf4>Y\x18\x06\xcbt\x0c"\x07)\x8a\xb0\xa6c\xebCqK\xcb\xe6!\x80\n\x9d6+\xea\xeb\x9a\xc4\x1c\x17\x83\x91g\xe9*\xa49q\xf7\x17A;\x04\xd1\x96\xdd\xb5\xeb\xaf<\xc1\x98{/\xe9\x1a\xb0\x1b\\\xe2\x1aQ\xa9o\x8d\t\xd4\xd6\x8f\xa4\xd0w\xde\xf3&\xd0\xe74\xb1Qs\'$\xc6\x1d \xac\xa0\x060\x00*z\xffmV\xad\x9f\xfdn\xfaa\x11\x98e\x15\x97A\n\xf0}\xb0\x94\xc3\x88\xfc1z\xe1\xaec\xd8V\x0c>\x95\xc8\xbdz\xad\x9fe\xcbVV\'<\xc1&\x90^\xdec\x9b\x16\xb5[<\x84l\x03\x15\xb9\x02>\'\x06,x$\xbf\x16\xdaK\x19\xfb`\xd7\xae\x18\xf8o\xbe\xa6\x1a\x86\xa6VT\x01\xa5\xdd>\x14|Ma]C\xd4\xb1H%\xe4\xe7"|\xa3\x9f,\xb4\x81\xad\xcep\x00\xae\xbd5\x08\xf9I\x8cD\x8d\xbf\xfb(}c\xef@\x05\xc8\xf6\xa6 \xd5Q\x1aL+k6\x85K\xd3q\xbf\xe7\x91?\xdd\xae|?'
length of encrypted message: 256

base64 version of encrypted message:
 b'hYMQiuH78/Q+WRgGy3QMIgcpirCmY+tDcUvL5iGACp02K+rrmsQcF4ORZ+kqpDlx9xdBOwTRlt216688wZh7L+kasBtc4hpRq

See!  Asymmetric encyryption is easy-peasy!  

But there are limitations to public-key encryption.  No one would encrypt a long message using public-key encryption.   Public-key encryption is CPU intensive and slow.  It would take a very long time to encrypt a gigabyte video file using the RSA algorithm.  Symmetric encryption is much faster.  Later in this notebook we will show how to combine symmetric and asymmetric encryption together to send secret messages.  But first let's learn about digital signatures. 

----

### Part 3:  Data Integrity using Digital Digests 

#### Secure Digital Hashing (Digital Digests)

Suppose Alice sends Bob a message: "Please withdraw `$100` dollars from my account".  Now suppose Eve has intercepted the message and changed it to "Please withdraw `$1000` dollars from my account and send it to Eve".  How would you know the message has been changed?

One method is to create a digital hash of the data (also known as a "digital *digest*" of the data).  Hashing is the process of calculating a unique digital "*fingerprint*" of the data by performing various calculations on it.  THe final result are typically 160 bits, 256 bits, or 512 bits in length.  If Alice safely (more on this later) sends the message along with the hash, Bob could prove that the data hadn't changed.  Any change, no matter how tiny, would result in a different hash.  If Bob hashed Eve's fake message he would get a different fingerprint than the one that Alice sent. The inequality of the two hashes proves the message is **fake**.

You may have learned a little about hashing as a *data search* mechanism from a previous course in algorithms or data structures. As an example, you might have taken a string variable such as a student name, performed various calculations on it to come up with an integer from 0 to so 1024 (or some other size), and then used this integer to index into a table to find the data quickly.  If more than one string hashed to the same index, you would then have to traverse a linked list to find the data.  This process is illustrated below.

<img src="http://cs.colostate.edu/~gersch/cs356/jupyter/images/hashtable.png" width="300px" alt="hash table"/>

Digital digests, on the other hand, have no need for the hash table shown above.  We are only interested in the end result of the hash computation.  Furthermore, we don't want **ANY** collisions, if at all possible, for any data set, large or small.   This means we need a much larger size index (160 to 512 bits) and a very good hashing algorithm.  Some older hashing algorithms have already been deprecated due to failure.  The current algorithms have been vetted multiple times and seem to be up to the task.

#### How big is big?

Just how big is the hash space?  Consider a 256 bit digest.  This allows 2<sup>256</sup> unique value which is approximately equal to 10<sup>83</sup> in decimal.  That's 1 with 83 zeroes behind it.  In other words, it's **huge**.

How can we get an intuitive feel for how big 10<sup>83</sup> really is?  Consider a small cube 1 millimeter in size.  Pretty small.  How many of these can fit into a 1 meter-sized cube?  The answer is 10<sup>3</sup> x 10<sup>3</sup> x 10<sup>3</sup> = 10<sup>9></sup> (1 billion).  That's pretty far from 10<sup>83</sup>.  How about 1 cubic kilometer?  That calculates to 10<sup>18</sup> cubic millimeters.  Not good enough. 

How many cubic millimeters fit in a cube the size of the solar system?  The distance from the sun to Pluto (I still consider Pluto to be a planet) is 5 billion kilometers (5 x 10<sup>9</sup>). Multiply by two to cover the complete orbit = 10<sup>10</sup> kilometers.   This calculates to 10<sup>48</sup> cubic millimeters in this gigantic cube... still not big enough.  OK, how about a cube the size of the milky way galaxy, which is 10<sup>18></sup> kilometers across.  That would hold 10<sup>72</sup> cubic millimeters.   To get the rest of the way we would need a bit more than 1000 milky way galaxies in each of the 3 dimensions to equal 10<sup>83</sup> cubic millimeters.

Enough... By now you should have a feel for how big 2<sup>256</sup> really is.  Given this huge space, all we need now is a good function to spread out the calculated index for any input value, from files of 1 byte to gigabytes  of data  for video files or large software distributions. Remember... we want the possibility of a collision to be infinitesimally small.

...which brings up the concept that Secure Hashes are one-way functions.  You can provide an input and calculate its hash, but you cannot reverse a hash to come up with the original input.  Furthermore, it is computationally infeasible to perform a brute force attack to determine the original input.  We will talk more about collision resistance in the lectures.  

#### Linux SHASUM command

Let's take some data and create various size digests for it.  Then let's change the data a tiny bit and see how much the digest changes.  The Linux command to perform a SHA (Secure Hash). is `SHASUM`.  It takes a `-a` (algorithm) parameter to dictate the algorithm and size of the hash.

Execute the cell below and examine the results to see the different sized hashes as well as what happens when a small change is made to the original data.



In [18]:
#  We want to do a checksum on just the 10 character string "betty boop" so suppress the new line character 
#  that the echo command tacks on by using the -n option.

# note: I had to use /bin/echo to get -n to suppress the terminating newline character.  
#       The regular echo command didn't suppress the newline for some reason or other.

print ("Old SHA function: 160 bits (20 bytes)")
! /bin/echo -n "betty boop" | shasum

print ("\n SHA256 (32 bytes)")
! /bin/echo -n "betty boop" | shasum -a 256

print ("\n SHA512 (64 bytes)")
! /bin/echo -n "betty boop" | shasum -a 512
print ()

print ("Change just one character to upper case and see how much the digest changes")
! /bin/echo -n "Betty boop" | shasum -a 512
print ()

print ("Now do a 256 bit checksum on the file containing this jupyter notebook")
! shasum -a 256 CS356Lab03_CryptoPart2.ipynb

Old SHA function: 160 bits (20 bytes)
f781338f5806ea61bc9f443a74c51bf3ff1c63c2  -

 SHA256 (32 bytes)
75f95488fe09756c837d46abec07044994c13cd5ba7b0a2d949b4949174652ec  -

 SHA512 (64 bytes)
98ab659d9bdb6d7a2f3e89d16fbdd2aef2d0f7a0008d747e1ff91e65d34abc1369c5ed63f72e7b158c40ad1854c5898da5a9ed377967a53e4fdc2fd0b41f6a11  -

Change just one character to upper case and see how much the digest changes
013f04598dd459088701d8781d62fba7371bd58574d208c09604c294529d88a1b6a86986b549d4ae977c4a3cc3916ed0cf508bb3ab611be71bc4b14f03b78bad  -

Now do a 256 bit checksum on the file containing this jupyter notebook
10c6053bdd029ac7594f3552b9e81779df1da65db1c680aba4e3a57193e04842  CS356Lab03_CryptoPart2.ipynb


#### Python hash libraries

Let's do the same set of checksums, but this time using Python.  We import the pyCrypt library to make this easy.  We could just as easily use the `hashlib` library.  Careful examination of the hex output will show that the hashes are the same as calculated by the Linux `shasum` command.

In [19]:
# perform SHA using the pyCrypt library
# note that you cannot pass a string to the library.  You must pass a byte array, so use the "b" specifier

from Crypto.Hash import SHA512, SHA384, SHA256, SHA, MD5
import binascii

message = b"betty boop"

for hash in ["SHA", "SHA-256", "SHA-512"]:
    if (hash == "SHA"):
        digest = SHA.new()
    elif (hash == "SHA-256"):
        digest = SHA256.new()
    elif (hash == "SHA-512"):
        digest = SHA512.new()
    else:
        break
        
    # side note: you can call update as many times as you want to keep adding data to the hash
    # and now is as good a time as any to learn about the hexlify capability in the binascii library
    
    digest.update(message)
    print ("algorithm:", hash, "\ndigest:", digest.digest())
    print ("hex digest:", binascii.hexlify(digest.digest()))
    print ()
    
    
# Change message to upper-case Betty's first name

digest = SHA512.new()
digest.update(b"Betty boop")
print ("Uppercase example:\nalgorithm: SHA-512\ndigest:", digest.digest())
print ("hex digest:", binascii.hexlify(digest.digest()))
print ()

#  Now let's do a hash on the contents of an entire file

#import hashlib

file = "./CS356Lab03_CryptoPart2.ipynb" 
BLOCK_SIZE = 65536 # The size of each read from the file

digest = SHA256.new()  # Create the hash object, can use something other than `.sha256()` if you wish
with open(file, 'rb') as f: # Open the file to read it's bytes
    fb = f.read(BLOCK_SIZE) # Read from the file. Take in the amount declared above
    while len(fb) > 0: # While there is still data being read from the file
        digest.update(fb) # Update the hash
        fb = f.read(BLOCK_SIZE) # Read the next block from the file

print ("File digest:", binascii.hexlify(digest.digest())) # get the hexadecimal digest of the hash

algorithm: SHA 
digest: b'\xf7\x813\x8fX\x06\xeaa\xbc\x9fD:t\xc5\x1b\xf3\xff\x1cc\xc2'
hex digest: b'f781338f5806ea61bc9f443a74c51bf3ff1c63c2'

algorithm: SHA-256 
digest: b'u\xf9T\x88\xfe\tul\x83}F\xab\xec\x07\x04I\x94\xc1<\xd5\xba{\n-\x94\x9bII\x17FR\xec'
hex digest: b'75f95488fe09756c837d46abec07044994c13cd5ba7b0a2d949b4949174652ec'

algorithm: SHA-512 
digest: b'\x98\xabe\x9d\x9b\xdbmz/>\x89\xd1o\xbd\xd2\xae\xf2\xd0\xf7\xa0\x00\x8dt~\x1f\xf9\x1ee\xd3J\xbc\x13i\xc5\xedc\xf7.{\x15\x8c@\xad\x18T\xc5\x89\x8d\xa5\xa9\xed7yg\xa5>O\xdc/\xd0\xb4\x1fj\x11'
hex digest: b'98ab659d9bdb6d7a2f3e89d16fbdd2aef2d0f7a0008d747e1ff91e65d34abc1369c5ed63f72e7b158c40ad1854c5898da5a9ed377967a53e4fdc2fd0b41f6a11'

Uppercase example:
algorithm: SHA-512
digest: b'\x01?\x04Y\x8d\xd4Y\x08\x87\x01\xd8x\x1db\xfb\xa77\x1b\xd5\x85t\xd2\x08\xc0\x96\x04\xc2\x94R\x9d\x88\xa1\xb6\xa8i\x86\xb5I\xd4\xae\x97|J<\xc3\x91n\xd0\xcfP\x8b\xb3\xaba\x1b\xe7\x1b\xc4\xb1O\x03\xb7\x8b\xad'
hex digest: b'013f04598dd459088701d8781d62

#### Optional Exercise:  Example of how a hash function works

We discussed this example in the lecture.  It shows a hash function that breaks data into 16 byte blocks and then performs shift and add functions to calculate the hash.  The end result is only 4 characters, so the hash is very likely to come up with collisions.  The only purpose of this example is to illustrate how a hash *could* work.  Real cryptographic hashes are more complex, but if you are interested, you can examine the open source to see how they work.

Execute the cell below several times, changing the input string to anything you like, short or long.  (For unknown reasons, the jupyter kernel may print the output, but CRASH and restart when executing this cell.  Ignore it and press on.  You may have to re-execute some old cells and skip over this one to continue the exercises.  Sorry about that...)

In [20]:
#
#
#   Python implementation of TTH "Toy Tetragraph Hash
#       problem 2.7 in Computer Security Textbook
#
#

import sys
import numpy as np

VALIDLETTERS = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'

#   define a TTH Hashing class with variables and methods

class TTHHash():

    def __init__(self, str):
        self.hash = np.array([0,0,0,0])
        self.data = None
        self.numBlocks = 0
        self.str = str.upper()


        #   Remove non-alphabetic characters and convert string to array of numbers from 0 to 25

        cleanString = ''.join([char for char in self.str if char in VALIDLETTERS])
        print (cleanString)
        numbers = []
        numbers = [ord(cleanString[i])-65 for i in range(len(cleanString))]
        self.data = np.array(numbers)
        print (self.data, "\n\n")

        # pad with zeros to make blocks of 16, then shape into nx4x4 array

        padLength = (16 - len(self.data) % 16) % 16
        self.data = np.pad(self.data, [0,padLength], mode='constant')
        self.numBlocks = int((len(self.data)-1) / 16) + 1
        self.data.shape = (self.numBlocks,4,4)
        print ("Data to be hashed: \n", self.data, "\n\n")

    # Method to convert hash array back to alpha string

    def alphaHash(self):
        s = ""
        for c in self.hash:
            s += chr(c+65)
        return s

    # Method to calculate hash for a single block

    def cookHash(self, i):

        # round 1: add columns mod 26, add to hash mod 26
        aSum = np.mod (self.data[i].sum(axis=0), 26)
        self.hash = np.mod( (self.hash + aSum), 26)

        # round 2:  rotate or flip, add columns mod 26, add to hash mod 26
        x = self.data[i]
        x[0] = np.roll(x[0], -1)
        x[1] = np.roll(x[1], -2)
        x[2] = np.roll(x[2], -3)
        x[3] = np.flip(x[3], axis=0)
        aSum = np.mod(self.data[i].sum(axis=0), 26)
        self.hash = np.mod((self.hash + aSum), 26)


#   MAIN routine

if __name__ == '__main__':
    str = "Big Bad Wolf vs Goldilocks: the fight of the century!"
    h = TTHHash(str)
    for i in range(h.numBlocks):
        h.cookHash(i)

    print ("number of blocks: ", h.numBlocks)
    print ("numeric hash: ", h.hash)
    print ()
    print ("alpha hash: ", h.alphaHash())
    exit()



BIGBADWOLFVSGOLDILOCKSTHEFIGHTOFTHECENTURY
[ 1  8  6  1  0  3 22 14 11  5 21 18  6 14 11  3  8 11 14  2 10 18 19  7
  4  5  8  6  7 19 14  5 19  7  4  2  4 13 19 20 17 24] 


Data to be hashed: 
 [[[ 1  8  6  1]
  [ 0  3 22 14]
  [11  5 21 18]
  [ 6 14 11  3]]

 [[ 8 11 14  2]
  [10 18 19  7]
  [ 4  5  8  6]
  [ 7 19 14  5]]

 [[19  7  4  2]
  [ 4 13 19 20]
  [17 24  0  0]
  [ 0  0  0  0]]] 


number of blocks:  3
numeric hash:  [23 15 16  0]

alpha hash:  XPQA


----

### Part 4:  Data Integrity using Digital Signatures

Good.  We can now create a digital digest of some data, and we can also perform asymmetric encryption using keypairs. Let's combine these two techniques to create something called a "*digital signature*".  Because of the nature of asymmetric keypairs, we will be able to definitively prove that a message has maintained its integrity and is unaltered (due to the digital hash), and that it came from a particular sender (due to signing the hash with a private key).    

#### Authentication:

Authentication is the process to confirm that the sender is the only one who have transmitted the message. The following picture explains this by showing that the hash has been signed by the sender's private key, and that the receiver verifies the hash by using the sender's public key:

<img src="http://www.cs.colostate.edu/~gersch/cs356/jupyter/images/RSASigning.png" alt="keypairs used for signing" width="300px" />

The following diagram gives a bit more detail:

<img src="http://www.cs.colostate.edu/~gersch/cs356/jupyter/images/DigitalSignature.png" alt="keypairs used for signing" width="600px" />

Execute the following cell to import the pyCrypto library and define the routines we will need.

In [6]:
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA512, SHA384, SHA256, SHA, MD5
from Crypto import Random
from base64 import b64encode, b64decode
hash = "SHA-256"

def newkeys(keysize):
   random_generator = Random.new().read
   key = RSA.generate(keysize, random_generator)
   private, public = key, key.publickey()
   return public, private

def importKey(externKey):
   return RSA.importKey(externKey)

def getpublickey(priv_key):
   return priv_key.publickey()

def encrypt(message, pub_key):
   cipher = PKCS1_OAEP.new(pub_key)
   return cipher.encrypt(message)

def decrypt(ciphertext, priv_key):
   cipher = PKCS1_OAEP.new(priv_key)
   return cipher.decrypt(ciphertext)

def sign(message, priv_key, hashAlg = "SHA-256"):
   global hash
   hash = hashAlg
   signer = PKCS1_v1_5.new(priv_key)
   
   if (hash == "SHA-512"):
      digest = SHA512.new()
   elif (hash == "SHA-384"):
      digest = SHA384.new()
   elif (hash == "SHA-256"):
      digest = SHA256.new()
   elif (hash == "SHA-1"):
      digest = SHA.new()
   else:
      digest = MD5.new()        
   digest.update(message)
   return signer.sign(digest)

def verify(message, signature, pub_key):
   signer = PKCS1_v1_5.new(pub_key)
   if (hash == "SHA-512"):
      digest = SHA512.new()
   elif (hash == "SHA-384"):
      digest = SHA384.new()
   elif (hash == "SHA-256"):
      digest = SHA256.new()
   elif (hash == "SHA-1"):
      digest = SHA.new()
   else:
      digest = MD5.new()
   digest.update(message)
   return signer.verify(digest, signature)

Now we will have Alice send a reply message to Bob in cleartext.  She doesn't care about privacy; anyone can read the message.  But she wants to prove that the message came from her, and that not one character in the message has been changed.

Execute the code below to show how to create and verify a digital signature.

In [18]:
Alice_msg = b"Oh, Bob!!!  I would never leave you.  Who told you I was leaving you?"  # pure soap opera shmaltz
msg = Alice_msg
signature = sign(msg, Alice_privateKey)
print ("This is the", len(signature), "bit digital signature signed by Alice:\n", signature)
encoded_signature = b64encode(signature)
print ()
print ("this is the base64 version of the signature that would be sent in an email:\n", encoded_signature)

#  Bad news... Eve intercepted and changed Alice's message, but sent the original signature, not knowing its purpose:

msg = b"Bob, I'm not good enough for you.  You deserve someone better.  Someone like Eve!"

#  Bob receives the forged message and the digital signature.  Let's see if this message can be verified.

verification = verify(msg, b64decode(encoded_signature), Alice_publicKey)
print ("\nThe verification proved to be", verification)
print ()

#  Bob knows that the message is a forgery.  He searches and finds the original message and checks its authenticity.  

msg = Alice_msg
verification = verify(msg, b64decode(encoded_signature), Alice_publicKey)
print ("\nThe verification proved to be", verification)

# Bob has found the authenticated email, proven to be from Alice.  
# He now knows that someone has been altering his email in the past!
# What will happen next?

# Stay tuned for our next exciting episode!


This is the 256 bit digital signature signed by Alice:
 b'o\xe67D\x90n\xa2\xc0H\xe3\xf5\x8d*\xc2\xafn\xc5\xac\xc7"\x96\x9a\xe2N\xed\x16\xa8]\xb8\x83 \x05\xb1\xa3\xc9\xc6\x99\xf4\xd9\xcc8$q\xd2\x97\x98\x1b\xe2t@\xe2*\x83\xe3\xe7g@4iQE\x085\xf2\xcd\xfcaL\xb8\xfd\x96$\xd9\xa9Z\xb6cY\xa4]\x11_(\x06\xc01\x93\x94V\xbc7\xa6U\xba\xd5\xc5[\xdd\xf3\x90\xab\xc0;\xef\xde\xe3{\xcd\xaf\xc8\\\x1f:L^\xa6\xfc\xcd\n\x94=\x97\x92s\xaa\x10)\xad8\xd3{[A\xc0Y\x96*p\xbb\x1c"D\xaf\x1a\xdc\x8c\x9dn\xa8\r\xfb8\x1d\xdb\x89h\xafS\x8f\x12i\x06\x146\x16\x15)\xc3\x99\x88\x94\x16h\x87\xfe\x89\xc1R\xf5\xac\x90e\xdc19"\xc1Q\xc4\xc3%k\xbb\x10\xc5\x83\xf0\xa3b\xc9[;\x08\xd0\xcb\xf6B\xd6J\xfa\x96\x8bT\xb3\x8a\x88\x93\xb2fJ\xc9\x8a\xd3\xaclK\xd5\xfa\x18\xaaTjhL\xe2\xb1\xb7\\\t\xf1\xef$\xd9\x04\xc8^o\xba\xd7\xd7,sC\x0c\xbf\xc9'

this is the base64 version of the signature that would be sent in an email:
 b'b+Y3RJBuosBI4/WNKsKvbsWsxyKWmuJO7RaoXbiDIAWxo8nGmfTZzDgkcdKXmBvidEDiKoPj52dANGlRRQg18s38YUy4/ZYk2alatmNZpF0RXygGwDGTlFa

 ----

### Part 4:  Your assignment

RSA is not very efficient for encrypting long messages; DES symmetric encryption is much faster.  You could use Diffie-Hellman to create a shared secret. But we can also use the RSA algorithm to encrypt a DES symmetric session key and safely send the DES key to our recipient.  We can then send our secret message using efficient symmetric encryption.  This is the method we will use in this assignment.

The basic goal is to simply encrypt and send a session key from Alice to Bob.  This is worth 100 points.  
 
The extra credit exercise is to use DES and the session key to encrypt an actual message between Alice and Bob (and completing the soap opera with some appropriate ending!).  This is worth 50 points.  You will have to copy and paste the DES code from the previous jupyter notebook in order to do this extra credit.  Don't forget to prepend an initialization vector to the encryped DES ciphertext.

You now have seen all the code snippets you need to complete this task.  Your goal is as follows:

* Generate keypairs for Bob and Alice


* Alice
 *  Hash a pass phrase to create a 256 bit (32 byte) *session key* 
 *  Generate a public and private keypair
 *  encrypt the session key with Bob's public key, convert to base64 and send the encoded, encrypted key to Bob
 *    EXTRA CREDIT:  Use AES and the session key to encrypt a long message to Bob
 *    EXTRA CREDIT:  Create a digital signature for the AES-encrypted file
 *  "send the file to Bob"  (basically do nothing, the info will be stored in program variables.  
 
 
* Bob
 * EXTRA CREDIT: verify the message is intact and came from Alice
 * decrypt the session key and decode it from base64
 * EXTRA CREDIT:  use the session key to decrypt Alice's message
 
 
 A skeleton framework for your code is given below.  Replace comments that begin with `####` with one or more lines of code to accomplish each task.  Make sure to put in print statements to show the program handles keys and ciphertext properly.
 

In [20]:
# By: Elita Danilyuk

from Crypto.Hash import SHA256
import hashlib
import base64
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from Crypto.Cipher import AES
from Crypto.Signature import PKCS1_v1_5
from Crypto.Hash import SHA512, SHA384, SHA256, SHA, MD5
from Crypto import Random
from base64 import b64encode, b64decode
import random

hash = "SHA-256"

def newkeys(keysize):
   random_generator = Random.new().read
   key = RSA.generate(keysize, random_generator)
   private, public = key, key.publickey()
   return public, private

def importKey(externKey):
   return RSA.importKey(externKey)

def getpublickey(priv_key):
   return priv_key.publickey()

def encrypt(message, pub_key):
   cipher = PKCS1_OAEP.new(pub_key)
   return cipher.encrypt(message)

def decrypt(ciphertext, priv_key):
   cipher = PKCS1_OAEP.new(priv_key)
   return cipher.decrypt(ciphertext)

def sign(message, priv_key, hashAlg = "SHA-256"):
   global hash
   hash = hashAlg
   signer = PKCS1_v1_5.new(priv_key)
   
   if (hash == "SHA-512"):
      digest = SHA512.new()
   elif (hash == "SHA-384"):
      digest = SHA384.new()
   elif (hash == "SHA-256"):
      digest = SHA256.new()
   elif (hash == "SHA-1"):
      digest = SHA.new()
   else:
      digest = MD5.new()        
   digest.update(message)
   return signer.sign(digest)

def verify(message, signature, pub_key):
   signer = PKCS1_v1_5.new(pub_key)
   if (hash == "SHA-512"):
      digest = SHA512.new()
   elif (hash == "SHA-384"):
      digest = SHA384.new()
   elif (hash == "SHA-256"):
      digest = SHA256.new()
   elif (hash == "SHA-1"):
      digest = SHA.new()
   else:
      digest = MD5.new()
   digest.update(message)
   return signer.verify(digest, signature)

BS = 16
def pad(s): return s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
def unpad(s): return s[0:-ord(s[-1])]

class AESCipher(object):

    # initialize the class instance and creating a key from user's password
    def __init__(self, passPhrase):
        self.bs = AES.block_size
        # get a 256 bit key by hashing your password
        self.key = hashlib.sha256(passPhrase.encode()).digest()
        print()

    # method to perform AES encryption
    def encrypt(self, plainText):
        # the plaintext length must be a multiple of blocksize
        # Pad the data if necessary
        padded = self._pad(plainText)
        # Each time we encrypt we will need a random initialization vector
        iv = Random.new().read(AES.block_size)
        # Instantiate a cipher object from the AES library
        # Give it the key, set it to cipher-block-chaining mode, and
        # give it the initialization vector
        cipherObject = AES.new(self.key, AES.MODE_CBC, iv)
        # Encrypt the data/padding after converting to byte array
        encrypted = cipherObject.encrypt(padded.encode('utf-8'))
        # concatenate the iv and the ciphertext and convert to base64
        encoded = base64.b64encode(iv + encrypted)
        return encoded

    # method to perform AES decryption
    def decrypt(self, cipherText):
        # decode the base64 string which contains the IV and ciphertext
        encrypted = base64.b64decode(cipherText)
        # strip off the initialization vector
        iv = encrypted[:AES.block_size]
        # instantiate an AES cipher object with same parameters as before
        cipherObject = AES.new(self.key, AES.MODE_CBC, iv)
        # decrypt the string, strip off the padding and return the plaintext
        return self._unpad(cipherObject.decrypt(encrypted[AES.block_size:]))

    # method to pad a string to an even multiple of block size
    # the pad character is a hex digit indicating the length of the padding
    def _pad(self, s):
        return s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs)

    # method to strip the padding
    @staticmethod
    def _unpad(s):
        return s[:-ord(s[len(s)-1:])]


#
#    The rest is up to you....  make sure to print out appropriate values as necessary
#
#### DONE: Generate keypairs for Bob and Alice
Alice_publicKey, Alice_privateKey = newkeys(2048)
Bob_publicKey, Bob_privateKey = newkeys(2048)
print("Generated keypairs:\n\tAlice's public key:", repr(Alice_privateKey))
print("\tAlice's private key location: ", Alice_privateKey)
print("\tBob's public key:", repr(Bob_publicKey))
print("\tBob's private key location: ", Bob_privateKey)


#Alice tasks
#### DONE: Hash a pass phrase to create a 256 bit (32 byte) session key
#### DONE: Generate a public and private keypair
#### DONE: encrypt the session key with Bob's public key, convert to base64 and send the encoded, encrypted key to Bob
#### DONE: EXTRA CREDIT:  Use AES and the session key to encrypt a long message to Bob

# DONE: hash pass phrase
key = b"Guess What!"
msg = "Bob I heard Eve was spreading lies to make us split. Please come back, I miss you. I encrypted this message with the help of Elita Danilyuk (an amazing cybersecurity engineer) so Eve can't read it. Meet where we met for our first date. Tonight: 8:00PM"
session_key = SHA256.new()
session_key.update(key)
print("\nHashing the pass phrase to create a 256-bit session key:\n\talgorithm: ", hash, "\n\tsession key: ", session_key.digest())

# DONE: key pairs created above

print("\nEncrypting the session key with Bob's public key and converting it to base64:")

# DONE: encrypting session key with Bob's public key
encrypted_key = encrypt(session_key.digest(), Bob_publicKey)
print("\tencrypted key:", encrypted_key)
print("\t\tlength of encrypted key:", len(encrypted_key))

# DONE: convert to base64
encoded_encrypted_key = b64encode(encrypted_key)
print("\tbase64 version of encrypted key:", encoded_encrypted_key)
print("\t\tlength of base64 version:", len(encoded_encrypted_key))

# note: The message should give a good "soap opera" ending to our story of love and encryption
#### DONE: EXTRA CREDIT:  Use AES and the session key to encrypt a long message to Bob
myCipher = AESCipher(key.decode('UTF-8'))
encrypted_msg = myCipher.encrypt(msg)
print("EXTRA CREDIT: Using AES and the session key to encrypt a message to Bob:\n\tEncrypted message: ", encrypted_msg)


#### DONE: EXTRA CREDIT:  Create a digital signature for the AES-encrypted file
#### note: "send the file to Bob" (basically do nothing, the info will be stored in program variables.
signature = sign(encrypted_msg, Alice_privateKey)
print("\nEXTRA CREDIT: Creating a digital signature for AES-encrypted file:\n\tThis is the", len(signature), "bit digital signature signed by Alice: ", signature)
encoded_signature = b64encode(signature)
print("\tThis is the base64 version of the signature that would be sent in an email: ", encoded_signature)


#Bob tasks
#### DONE: EXTRA CREDIT:  verify the message is intact and came from Alice
#### DONE: decrypt the session key and decode it from base64
#### DONE: EXTRA CREDIT: use the session key to decrypt Alice's message

#### DONE: EXTRA CREDIT:  verify the message is intact and came from Alice
# encrypted_msg = b"updating the message to test a 'false' verification"
verification = verify(encrypted_msg, b64decode(
    encoded_signature), Alice_publicKey)
print("\nEXTRA CREDIT: verifying message is intact and from Alice:\n\tThe verification proved to be:", verification)

# DONE: decrypted and decoded session key
print("\nDecrypting the session key and decoding it from base64:")
decoded_encrypted_key = b64decode(encoded_encrypted_key)
decrypted_key = decrypt(decoded_encrypted_key, Bob_privateKey)
print("\tAlice's decrypted session key: ", decrypted_key)
print("\tDecoded from base64: ", decoded_encrypted_key)
print("\t\tlength of decoded session key: ", len(decoded_encrypted_key))

#### DONE: EXTRA CREDIT: use the session key to decrypt Alice's message
msg = myCipher.decrypt(encrypted_msg)
print("\nEXTRA CREDIT: decrypting Alice's message with the session key:\n\tThe plaintext message: ", msg)

Generated keypairs:
	Alice's public key: RsaKey(n=25052769815969874379678823934095904882303286820794686172171255846718875565999563641058694710650532857863255009689154197539955354553323432808852382708922879906251763794075666020144635151463091908739868636023185618235416882591059468405142474400280399177303775287382865953239576909556857880310329335445241047894574861249260552936402200916336204525450468894573423210264891959959931642657114250199202773850592790131798036226085385448493106584195921190617184372780652667451134466976783157711506340635216587554457980704444348813624364658169322998073311297274591059834656589617746536145709880597552848968532650896469130312761, e=65537, d=81744423721668644236851239911303054763442556933621247403102085085712869845024134290614328958077268509780405744418095634556724491778425665987838831781681624718142075006868492939068446538426653245722775060304835628781627876974413792571458362844743588508394331560095092168404887717467056611159510278035466159294871597667498

----

### What to turn in and Grading

Copy and paste your code in the cell above to a file named `sessionKey.py`.  Make sure it runs properly, then create a tarball of both your code and the output from the program.  Turn this in as a file to CANVAS.  You will receive 100 points for success.

You will receive an additional 50 point if you complete the extra credit portion.  Please include a README file in the tarball to mention that you also included the extra credit portion.

