## Asymmetric Encryption
More info: https://github.com/pyca/cryptography

In [1]:
import cryptography

In [2]:
print(cryptography.__version__)

3.3.1


### Generate Keys

In [3]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa

# Private key
private_key = rsa.generate_private_key(
    public_exponent = 65537,  # Default
    key_size = 4096,  # The length of the modulus in bits # Default: 2048
    backend = default_backend()
)

# Public key
public_key = private_key.public_key()

### Storing Keys

#### Private Key

In [4]:
from cryptography.hazmat.primitives import serialization

# Serialization of the key to bytes
pem = private_key.private_bytes(
    encoding = serialization.Encoding.PEM,  # base64 format with delimiters
    format = serialization.PrivateFormat.PKCS8,  # modern format for serializing keys
    encryption_algorithm = serialization.NoEncryption()  # The encryption algorithm that should be used for the key and certificate 
    #encryption_algorithm = serialization.BestAvailableEncryption(b'your_Pas$worD')
)

# Save the key
with open('private_key.pem', 'wb') as f:
    f.write(pem)
    
pem

b'-----BEGIN PRIVATE KEY-----\nMIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDZiu/dyQRDBnN3\n0LDb/cMsvHi/m4Q+l1lEMHkpU8j97Ljgs3mee/lEKeMBkE/Vq/iVQD8y5wPev4mM\nYS0m7sVzXqXhZx0KjWwrlXpt9jpB9iEvxunqOoLun7Ubn7JWDlDZFNw3QtvayO49\nS8x2oCZ8mWx9EVxyxc3gqkhTRrOqR0Gx6bR2US1JCdi/kuWEYybNJ44RHd++Kw6Q\nMa24ByAKM4Tiq5hnjmCRVT0x4iad6+JefkWtcLnGpZv+4N+pqY0YHLKlsRDrqFMD\nROrPRz2YgQjMAmiqUxcygoIlepWiC8F7o7SVBfUnt2UzTJNJRtxwAtbesqkJprts\npD5DLIbLTzpkbxG74SnHragn3YLZRrykPclDWgUqZWBW7gQF5/vqsoKAVkpEuHmM\nxsOX+FPRpuY11nwvGY2VhOudObX9CfMa7lsjsR8eXwSV+C/9jV575n5FnQvSgR/q\nSdJfbiaWG+4ms9ALrdkC9Hph+uSimIXQ2Uqg7ZXt9BZEEo3yLoWGxTtUMehNHKHJ\nQ1pzL92rkp/cWsUHUZkK+n+xTxuZ+/lsFJ1ah6T/4w7isFLfPWf3CtPs39knbVul\ns5nbUh2AohRXwvlyrOX1IASBpm/Eh8qMoizfhWEvav7oKOVEdwWAm8bLGz8znKX/\nbOWKFmu94S9laC+tgVVn+1IDivE4ZQIDAQABAoICABp/qQ48AS/k5kXO/uwdMhwN\n7Stx1x8EspPyz59wHEiKAE8mrYbXlRpve75iBMeDRilwBQK/TyJf9HJMGALpDNYr\nzkrxk4EIjweUErC4UIpeX9aBBVdJv08v1xDBWCjRX5nBx71XgI5a8WI4DHTatzVw\nPt3RMpCsdZKLS3oRX6s7OM5iKGBNLRX7hBJ540lIBp7w1

#### Public Key

In [5]:
# Serialization of the key to bytes
pem = public_key.public_bytes(
    encoding = serialization.Encoding.PEM,
    format = serialization.PublicFormat.SubjectPublicKeyInfo
)

# Save the key
with open('public_key.pem', 'wb') as f:
    f.write(pem)
    
pem

b'-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2Yrv3ckEQwZzd9Cw2/3D\nLLx4v5uEPpdZRDB5KVPI/ey44LN5nnv5RCnjAZBP1av4lUA/MucD3r+JjGEtJu7F\nc16l4WcdCo1sK5V6bfY6QfYhL8bp6jqC7p+1G5+yVg5Q2RTcN0Lb2sjuPUvMdqAm\nfJlsfRFccsXN4KpIU0azqkdBsem0dlEtSQnYv5LlhGMmzSeOER3fvisOkDGtuAcg\nCjOE4quYZ45gkVU9MeImneviXn5FrXC5xqWb/uDfqamNGByypbEQ66hTA0Tqz0c9\nmIEIzAJoqlMXMoKCJXqVogvBe6O0lQX1J7dlM0yTSUbccALW3rKpCaa7bKQ+QyyG\ny086ZG8Ru+Epx62oJ92C2Ua8pD3JQ1oFKmVgVu4EBef76rKCgFZKRLh5jMbDl/hT\n0abmNdZ8LxmNlYTrnTm1/QnzGu5bI7EfHl8Elfgv/Y1ee+Z+RZ0L0oEf6knSX24m\nlhvuJrPQC63ZAvR6YfrkopiF0NlKoO2V7fQWRBKN8i6FhsU7VDHoTRyhyUNacy/d\nq5Kf3FrFB1GZCvp/sU8bmfv5bBSdWoek/+MO4rBS3z1n9wrT7N/ZJ21bpbOZ21Id\ngKIUV8L5cqzl9SAEgaZvxIfKjKIs34VhL2r+6CjlRHcFgJvGyxs/M5yl/2zlihZr\nveEvZWgvrYFVZ/tSA4rxOGUCAwEAAQ==\n-----END PUBLIC KEY-----\n'

### Reading Keys

#### Private Key

In [6]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization

with open("private_key.pem", "rb") as key_file:
    private_key = serialization.load_pem_private_key(
        key_file.read(),
        password = None,  # Unless BestAvailableEncryption was applied
        backend = default_backend()
    )

#### Public Key

In [7]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization

with open("public_key.pem", "rb") as key_file:
    public_key = serialization.load_pem_public_key(
        key_file.read(),
        backend = default_backend()
    )

### Encrypting

In [8]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding

message = b'This is a super secret message!'  # Message to be encrypted

encrypted = public_key.encrypt(  # Public Key must be read before
    message, # Message to encrypt
    padding.OAEP( # Optimal Asymmetric Encryption Padding
        mgf = padding.MGF1(algorithm = hashes.SHA256()),
        algorithm = hashes.SHA256(),
        label = None
    )
)

### Decrypting

In [9]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding

original_message = private_key.decrypt(  # Private Key must be read before
    encrypted,  # Encrypted Message
    padding.OAEP(
        mgf = padding.MGF1(algorithm = hashes.SHA256()),
        algorithm = hashes.SHA256(),
        label = None
    )
)

print(original_message)

b'This is a super secret message!'


### Encrypting & Decrypting Files

In [10]:
# Write encrypted message to a file
f = open('test.encrypted', 'wb')
f.write(encrypted)
f.close()

In [11]:
# Decrypt encrypted message in file
f = open('test.encrypted', 'rb')
encrypted_message = f.read()

decrypted_message = private_key.decrypt(  # Private Key must be read before
    encrypted_message,
    padding.OAEP(
        mgf = padding.MGF1(algorithm = hashes.SHA256()),
        algorithm = hashes.SHA256(),
        label = None
    )
)

print(decrypted_message)

f.close()

b'This is a super secret message!'
