<a href="https://colab.research.google.com/github/hoaha110405/Dino_game/blob/main/Untitled0.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [1]:
!pip install cryptography pyjwt




In [2]:
from cryptography.hazmat.primitives.ciphers.aead import AESGCM
import os

def aes_gcm_decrypt(key_hex: str, nonce_hex: str, ct_hex: str, aad: bytes | None = None) -> bytes:
    key = bytes.fromhex(key_hex)
    nonce = bytes.fromhex(nonce_hex)
    ct = bytes.fromhex(ct_hex)  # ciphertext + tag (GCM)
    aesgcm = AESGCM(key)
    return aesgcm.decrypt(nonce, ct, aad)

# ==== DEMO tự chạy ====
# Tạo dữ liệu demo (mã hóa trước rồi giải mã) để kiểm tra môi trường OK
key = os.urandom(32)           # AES-256
nonce = os.urandom(12)         # 12 bytes cho GCM
aad = b"header-optional"
pt_demo = b"Hello AES-GCM!"

aesgcm = AESGCM(key)
ct_demo = aesgcm.encrypt(nonce, pt_demo, aad)

print("Demo AES:")
print("  key_hex  =", key.hex())
print("  nonce_hex=", nonce.hex())
print("  ct_hex   =", ct_demo.hex())

# Giải mã lại
pt_out = AESGCM(key).decrypt(nonce, ct_demo, aad)
print("  plaintext:", pt_out)

# ==== DÙNG DỮ LIỆU THẬT ====
# Thay 3 dòng dưới bằng dữ liệu của bạn (hex). Nếu không có AAD thì để aad_real = None
key_hex_real   = key.hex()     # TODO: thay bằng key thật (hex)
nonce_hex_real = nonce.hex()   # TODO: thay bằng nonce thật (hex, 12 bytes)
ct_hex_real    = ct_demo.hex() # TODO: thay bằng ciphertext+tag thật (hex)
aad_real = aad                  # hoặc None

try:
    plaintext_real = aes_gcm_decrypt(key_hex_real, nonce_hex_real, ct_hex_real, aad_real)
    print("\n✅ AES-GCM giải mã OK (dữ liệu thật):", plaintext_real)
except Exception as e:
    print("\n❌ AES-GCM lỗi:", e)


Demo AES:
  key_hex  = a496083eeedfb8a1691d966ed4a5b4194cc644c2c17001a0de0c09e9f67ced8e
  nonce_hex= 78156414492df4c1c0b9fe89
  ct_hex   = d58e17103aebdb81f32ee43fc81011caf6ec6c3afb71969ab75636c4432e
  plaintext: b'Hello AES-GCM!'

✅ AES-GCM giải mã OK (dữ liệu thật): b'Hello AES-GCM!'


In [3]:
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.asymmetric import padding, rsa

def rsa_oaep_decrypt_pem(private_pem_bytes: bytes, ciphertext_hex: str, passphrase: bytes|None=None) -> bytes:
    private_key = serialization.load_pem_private_key(private_pem_bytes, password=passphrase)
    ciphertext = bytes.fromhex(ciphertext_hex)
    return private_key.decrypt(
        ciphertext,
        padding.OAEP(mgf=padding.MGF1(hashes.SHA256()), algorithm=hashes.SHA256(), label=None)
    )

# ==== DEMO tự chạy ====
# 1) Tạo cặp khóa RSA
priv = rsa.generate_private_key(public_exponent=65537, key_size=2048)
pub = priv.public_key()

priv_pem = priv.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.NoEncryption()
)
pub_pem = pub.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo
)

msg = b"Hello RSA-OAEP!"
# 2) Mã hóa bằng public key để có ciphertext demo
cipher_demo = pub.encrypt(
    msg,
    padding.OAEP(mgf=padding.MGF1(hashes.SHA256()), algorithm=hashes.SHA256(), label=None)
)
print("Demo RSA-OAEP:")
print("  ciphertext_hex =", cipher_demo.hex()[:80]+"...")  # rút gọn in

# 3) Giải mã bằng private key
pt = rsa_oaep_decrypt_pem(priv_pem, cipher_demo.hex())
print("  plaintext      =", pt)

# ==== DÙNG DỮ LIỆU THẬT ====
# Nếu bạn có file PEM trong Colab, có thể upload:
# from google.colab import files
# up = files.upload()  # chọn file 'rsa_private.pem'
# private_pem_bytes_real = next(iter(up.values()))
# ciphertext_hex_real = "..."  # TODO: thay bằng hex thật
# plaintext_real = rsa_oaep_decrypt_pem(private_pem_bytes_real, ciphertext_hex_real, passphrase=None)
# print("✅ RSA-OAEP plaintext:", plaintext_real)


Demo RSA-OAEP:
  ciphertext_hex = 2aceebc4f04c676bc5cb004df7ddbdf9ff3ebf7a3d29004636c12601ff833c6078924efe1d6ff7f8...
  plaintext      = b'Hello RSA-OAEP!'


In [4]:
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.exceptions import InvalidSignature

def rsa_pss_verify(public_pem_bytes: bytes, message: bytes, signature_hex: str) -> bool:
    public_key = serialization.load_pem_public_key(public_pem_bytes)
    sig = bytes.fromhex(signature_hex)
    try:
        public_key.verify(
            sig,
            message,
            padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
            hashes.SHA256()
        )
        return True
    except InvalidSignature:
        return False

# ==== DEMO tự chạy ====
msg = b"Verify me (RSA-PSS)"
signature_demo = priv.sign(  # dùng private key từ ô RSA trước (đã tạo)
    msg,
    padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH),
    hashes.SHA256()
)
ok = rsa_pss_verify(pub_pem, msg, signature_demo.hex())
print("Demo RSA-PSS verify:", "✅ Hợp lệ" if ok else "❌ Sai chữ ký")

# ==== DÙNG DỮ LIỆU THẬT ====
# public_pem_bytes_real = pub_pem   # TODO: thay bằng public PEM thật (bytes)
# message_real = b"..."
# signature_hex_real = "..."
# print("Thực tế:", "OK" if rsa_pss_verify(public_pem_bytes_real, message_real, signature_hex_real) else "Fail")


Demo RSA-PSS verify: ✅ Hợp lệ


In [5]:
from cryptography.hazmat.primitives.asymmetric import ed25519

def ed25519_verify(public_pem_or_raw: bytes, message: bytes, signature_hex: str) -> bool:
    sig = bytes.fromhex(signature_hex)
    try:
        try:
            # Thử parse PEM
            public_key = serialization.load_pem_public_key(public_pem_or_raw)
        except ValueError:
            # Nếu không phải PEM, giả định là raw 32 bytes public key
            public_key = ed25519.Ed25519PublicKey.from_public_bytes(public_pem_or_raw)
        public_key.verify(sig, message)
        return True
    except Exception:
        return False

# ==== DEMO tự chạy ====
ed_priv = ed25519.Ed25519PrivateKey.generate()
ed_pub = ed_priv.public_key()
ed_pub_pem = ed_pub.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo
)

msg2 = b"Verify me (Ed25519)"
sig2 = ed_priv.sign(msg2)
print("Demo Ed25519 verify:", "✅ Hợp lệ" if ed25519_verify(ed_pub_pem, msg2, sig2.hex()) else "❌ Sai")


Demo Ed25519 verify: ✅ Hợp lệ


In [6]:
import jwt
from datetime import datetime, timedelta, timezone

# RS256 DEMO: tạo cặp khóa & ký JWT → rồi verify
rs_priv = rsa.generate_private_key(public_exponent=65537, key_size=2048)
rs_pub = rs_priv.public_key()
rs_priv_pem = rs_priv.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.NoEncryption()
)
rs_pub_pem = rs_pub.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo
)

payload_demo = {
    "sub": "user123",
    "iat": int(datetime.now(timezone.utc).timestamp()),
    "exp": int((datetime.now(timezone.utc) + timedelta(minutes=5)).timestamp()),
    "iss": "https://issuer.example.com",
    "aud": "your-aud"
}

token_rs256 = jwt.encode(payload_demo, rs_priv_pem, algorithm="RS256")
print("Demo RS256 token:", token_rs256[:80], "...")

# Verify RS256
try:
    decoded = jwt.decode(
        token_rs256,
        rs_pub_pem,
        algorithms=["RS256"],
        options={"require": ["exp","iat"]},
        audience="your-aud",
        issuer="https://issuer.example.com"
    )
    print("✅ RS256 JWT hợp lệ. Payload:", decoded)
except Exception as e:
    print("❌ RS256 JWT lỗi:", e)

# HS256 DEMO (nếu bạn dùng shared secret)
secret = "supersecret"
token_hs256 = jwt.encode(payload_demo, secret, algorithm="HS256")
try:
    decoded_hs = jwt.decode(
        token_hs256,
        secret,
        algorithms=["HS256"],
        options={"require": ["exp","iat"]},
        audience="your-aud",
        issuer="https://issuer.example.com"
    )
    print("✅ HS256 JWT hợp lệ. Payload:", decoded_hs)
except Exception as e:
    print("❌ HS256 JWT lỗi:", e)

# ==== DÙNG DỮ LIỆU THẬT ====
# token_real = "eyJ..."   # JWT nhận được
# public_key_pem_real = rs_pub_pem  # TODO: thay bằng public key thật (PEM) nếu RS256
# print(jwt.decode(token_real, public_key_pem_real, algorithms=["RS256"], options={"require":["exp","iat"]}))


Demo RS256 token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJ1c2VyMTIzIiwiaWF0IjoxNzU3OTQyODM ...
✅ RS256 JWT hợp lệ. Payload: {'sub': 'user123', 'iat': 1757942836, 'exp': 1757943136, 'iss': 'https://issuer.example.com', 'aud': 'your-aud'}
✅ HS256 JWT hợp lệ. Payload: {'sub': 'user123', 'iat': 1757942836, 'exp': 1757943136, 'iss': 'https://issuer.example.com', 'aud': 'your-aud'}
