## Background code

### PNG encryption with RSA 

In [145]:
import os
import zlib
import struct
import random
import datetime
from classes.rsa import RSA 
from classes.png import PNG 

### Helper functions

In [146]:
def writeEncrypted(data, name, timestamp):
    filename_no_ext = name[:-4]
    new_name = f"{timestamp}_{filename_no_ext}_encrypted.png"
    with open(new_name, 'wb') as new_file:
        for chunk in data:
            new_file.write(chunk)
    return new_name

def writeDecrypted(data, name):
    filename_no_ext = name[:-14]
    new_name = f"{filename_no_ext}_decrypted.png"
    with open(new_name, 'wb') as new_file:
        for chunk in data:
            new_file.write(chunk)

def saveKeys(keys, name, timestamp):
    filename_no_ext = name[:-4]
    new_name = f"{timestamp}_{filename_no_ext}_keys.txt"
    pubkey = keys[0]
    privkey = keys[1]
    with open(new_name, 'w') as new_file:
        new_file.write(f"Public key:\n{pubkey[0]}\n{pubkey[1]}\n")
        new_file.write(f"Private key:\n{privkey[0]}\n{privkey[1]}\n")
    return new_name

def loadKeys(filename):
    with open(filename, 'r') as keyfile:
        lines = keyfile.readlines()
        n_pub = int(lines[1])
        e_pub = int(lines[2])
        d_priv = int(lines[4])
        e_priv = int(lines[5])

        pubkey = (n_pub, e_pub)
        privkey = (d_priv, e_priv)

        return (pubkey, privkey)  

## Encryption & Decryption demos

#### Keypair generation

In [147]:
keypair = RSA.generateKeypair()
print(keypair)

((13909940961693866445550290157351, 65537), (13909940961693866445550290157351, 5656770168165534639980920197857))


#### Path to image

In [148]:
filename = "linux.png"
img_path = f"media/{filename}"

### Szyfrowanie danych zdekompresowanych

##### Encryption

In [149]:
png = PNG(img_path)
png_name = os.path.basename(img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)
pubkey = keypair[0]

encrypted_idat_chunks = []
for idat in idat_chunks:
    idat_data = idat[8:-4]

    try:
        decompressed_data = zlib.decompress(idat_data)
    except zlib.error:
        decompressed_data = idat_data

    encrypted_uncompressed = RSA.encryptData(decompressed_data, pubkey)
    encrypted_compressed = zlib.compress(encrypted_uncompressed)

    idat_type = b'IDAT'
    new_len = len(encrypted_compressed).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + encrypted_compressed))
    new_chunk = new_len + idat_type + encrypted_compressed + new_crc

    encrypted_idat_chunks.append(new_chunk)

crit_chunks_no_data.insert(0, png.png_signature)
for chunk in encrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
all_chunks = crit_chunks_no_data

encrypt_img_path = writeEncrypted(all_chunks, png_name, "decompressed")
keyfile = saveKeys(keypair, png_name, "decompressed")

##### Decryption

In [150]:

keys = loadKeys(keyfile)
privkey = keys[1]

png = PNG(encrypt_img_path)
png_name = os.path.basename(encrypt_img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
encrypted_idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)

decrypted_idat_chunks = []
for chunk in encrypted_idat_chunks:
    encrypted_uncompressed  = zlib.decompress(chunk[8:-4])
    decrypted_uncompressed  = RSA.decryptData(encrypted_uncompressed, privkey)
    decrypted_compressed = zlib.compress(decrypted_uncompressed)

    idat_type = b'IDAT'
    new_len = len(decrypted_compressed).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + decrypted_compressed))
    new_chunk = new_len + idat_type + decrypted_compressed + new_crc

    decrypted_idat_chunks.append(new_chunk)

crit_chunks_no_data.insert(0, png.png_signature)
for chunk in decrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
all_chunks = crit_chunks_no_data

writeDecrypted(all_chunks, png_name)

##### Data lengths check

In [151]:
for i, j, k in zip(idat_chunks, encrypted_idat_chunks, decrypted_idat_chunks):
    print(f"orig: {len(i)} encrypted: {len(j)} decrypted: {len(k)}")

orig: 11261 encrypted: 30718 decrypted: 12815


### Szyfrowanie danych bez dekompresji danych z pliku

Czy obie metody są równoważne? - Nie!

##### Encryption

In [152]:
png = PNG(img_path)
png_name = os.path.basename(img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)
pubkey = keypair[0]

orig_data = []
encrypted_idat_chunks = []
for idat in idat_chunks:
    idat_data = idat[8:-4]

    orig_data.append(idat_data)
    encrypted_data = RSA.encryptData(idat_data, pubkey)

    idat_type = b'IDAT'
    new_len = len(encrypted_data).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + encrypted_data))
    new_chunk = new_len + idat_type + encrypted_data + new_crc

    encrypted_idat_chunks.append(new_chunk)

crit_chunks_no_data.insert(0, png.png_signature)
for chunk in encrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
    
all_chunks = crit_chunks_no_data

encrypt_img_path = writeEncrypted(all_chunks, png_name, "compressed")
keyfile = saveKeys(keypair, png_name, "compressed")

##### Decryption

In [153]:
keys = loadKeys(keyfile)
privkey = keys[1]

png = PNG(encrypt_img_path)
png_name = os.path.basename(encrypt_img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
encrypted_idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)

decrypted_data = []
decrypted_idat_chunks = []
for chunk in encrypted_idat_chunks:
    chunk_data = chunk[8:-4]
    decrypted_chunk_data = RSA.decryptData(chunk_data, privkey)
    decrypted_data.append(decrypted_uncompressed)

    idat_type = b'IDAT'
    new_len = len(decrypted_chunk_data).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + decrypted_chunk_data))
    new_chunk = new_len + idat_type + decrypted_chunk_data + new_crc

    decrypted_idat_chunks.append(new_chunk)


crit_chunks_no_data.insert(0, png.png_signature)
for chunk in decrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
    
all_chunks = crit_chunks_no_data

writeDecrypted(all_chunks, png_name)

##### Data lengths check

In [154]:
for i, j, k in zip(idat_chunks, encrypted_idat_chunks, decrypted_idat_chunks):
    print(f"orig: {len(i)} encrypted: {len(j)} decrypted: {len(k)}")

orig: 11261 encrypted: 12206 decrypted: 11261


## Porównanie metod szyfrowania: ECB (Electronic CodeBook) oraz CBC (Cypher Clock Chaining)

##### Get new keypair

In [155]:
keypair = RSA.generateKeypair()

### ECB

#### Encryption

In [156]:
png = PNG(img_path)
png_name = os.path.basename(img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)
pubkey = keypair[0]

orig_data = []
encrypted_idat_chunks = []
for idat in idat_chunks:
    idat_data = idat[8:-4]

    orig_data.append(idat_data)
    # Decompress before encryption
    try:
        decompressed_data = zlib.decompress(idat_data)
    except zlib.error:
        decompressed_data = idat_data  # fallback if not compressed

    # Encrypt the decompressed data
    encrypted_data = RSA.encryptECB(decompressed_data, pubkey)

    # Compress after encryption
    encrypted_compressed = zlib.compress(encrypted_data)

    idat_type = b'IDAT'
    new_len = len(encrypted_compressed).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + encrypted_compressed))
    new_chunk = new_len + idat_type + encrypted_compressed + new_crc

    encrypted_idat_chunks.append(new_chunk)
crit_chunks_no_data.insert(0, png.png_signature)
for chunk in encrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
all_chunks = crit_chunks_no_data

encrypt_img_path = writeEncrypted(all_chunks, png_name, "ECB")
keyfile = saveKeys(keypair, png_name, "ECB")


#### Decryption

In [157]:

keys = loadKeys(keyfile)
privkey = keys[1]

png = PNG(encrypt_img_path)
png_name = os.path.basename(encrypt_img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
encrypted_idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)

decrypted_idat_chunks = []
for chunk in encrypted_idat_chunks:
    # 1. Decompress the encrypted data
    encrypted_data = zlib.decompress(chunk[8:-4])
    # 2. Decrypt the decompressed data
    decrypted_uncompressed = RSA.decryptECB(encrypted_data, privkey)
    # 3. Compress the decrypted data to restore PNG format
    decrypted_compressed = zlib.compress(decrypted_uncompressed)

    idat_type = b'IDAT'
    new_len = len(decrypted_compressed).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + decrypted_compressed))
    new_chunk = new_len + idat_type + decrypted_compressed + new_crc

    decrypted_idat_chunks.append(new_chunk)

crit_chunks_no_data.insert(0, png.png_signature)
for chunk in decrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
all_chunks = crit_chunks_no_data

writeDecrypted(all_chunks, png_name)

In [158]:
for i, j, k in zip(idat_chunks, encrypted_idat_chunks, decrypted_idat_chunks):
    print(f"orig: {len(i)} encrypted: {len(j)} decrypted: {len(k)}")

orig: 11261 encrypted: 30653 decrypted: 12815


### CBC

#### Encryption

In [159]:
png = PNG(img_path)
png_name = os.path.basename(img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)
pubkey = keypair[0]

block_size = (pubkey[0].bit_length() + 7) // 8
iv = random.randbytes(block_size)

orig_data = []
encrypted_idat_chunks = []
for idat in idat_chunks:
    idat_data = idat[8:-4]
    orig_data.append(idat_data)
        # Decompress before encryption
    try:
        decompressed_data = zlib.decompress(idat_data)
    except zlib.error:
        decompressed_data = idat_data  # fallback if not compressed

    # Encrypt the decompressed data
    encrypted_data = RSA.encryptCBC(idat_data, pubkey, iv)

    # Compress after encryption
    encrypted_compressed = zlib.compress(encrypted_data)

    idat_type = b'IDAT'
    new_len = len(encrypted_compressed).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + encrypted_compressed))
    new_chunk = new_len + idat_type + encrypted_compressed + new_crc

    encrypted_idat_chunks.append(new_chunk)

crit_chunks_no_data.insert(0, png.png_signature)
for chunk in encrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
all_chunks = crit_chunks_no_data

encrypt_img_path = writeEncrypted(all_chunks, png_name, "CBC")
keyfile = saveKeys(keypair, png_name, "CBC")


#### Decryption

In [160]:

keys = loadKeys(keyfile)
privkey = keys[1]

png = PNG(encrypt_img_path)
png_name = os.path.basename(encrypt_img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
encrypted_idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)

decrypted_data = []
decrypted_idat_chunks = []
for chunk in encrypted_idat_chunks:
    # 1. Decompress the encrypted data
    encrypted_data = zlib.decompress(chunk[8:-4])
    # 2. Decrypt the decompressed data
    decrypted_uncompressed = RSA.decryptCBC(encrypted_data, privkey, iv)
    # 3. Compress the decrypted data to restore PNG format
    decrypted_compressed = zlib.compress(decrypted_uncompressed)

    idat_type = b'IDAT'
    new_len = len(decrypted_chunk_data).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + decrypted_chunk_data))
    new_chunk = new_len + idat_type + decrypted_chunk_data + new_crc

    decrypted_idat_chunks.append(new_chunk)

crit_chunks_no_data.insert(0, png.png_signature)
for chunk in decrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
all_chunks = crit_chunks_no_data

writeDecrypted(all_chunks, png_name)

##### Data lengths check

In [161]:
for i, j, k in zip(idat_chunks, encrypted_idat_chunks, decrypted_idat_chunks):
    print(f"orig: {len(i)} encrypted: {len(j)} decrypted: {len(k)}")

orig: 11261 encrypted: 12217 decrypted: 11261


## Porównanie z gotową implementacją RSA

In [162]:
import os
import zlib
import struct
import random
import datetime
from Crypto.PublicKey import RSA as CryptoRSA
from Crypto.Cipher import PKCS1_OAEP
from classes.png import PNG

# Path to image
filename = "linux.png"
img_path = f"media/{filename}"

# ----- Encryption -----

# Generate RSA key using PyCrypto
key = CryptoRSA.generate(2048)
pubkey = key.publickey()

# Process PNG chunks
png = PNG(img_path)
png_name = os.path.basename(img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)

encrypted_idat_chunks = []
for idat in idat_chunks:
    idat_data = idat[8:-4]

    # Try to decompress IDAT data (should work for standard PNGs)
    try:
        decompressed_data = zlib.decompress(idat_data)
    except zlib.error:
        decompressed_data = idat_data  # Use as-is if can't decompress

    # Maximum size for PKCS1_OAEP with 2048-bit key is ~214 bytes
    # Need to chunk the data for encryption
    chunk_size = 214
    chunks = [decompressed_data[i:i+chunk_size] for i in range(0, len(decompressed_data), chunk_size)]
    
    # Initialize the cipher
    cipher = PKCS1_OAEP.new(pubkey)
    
    # Encrypt each chunk and concatenate
    encrypted_chunks = []
    for chunk in chunks:
        encrypted_chunk = cipher.encrypt(chunk)
        # Store length + encrypted data to help with decryption
        length_bytes = len(chunk).to_bytes(4, 'big')
        encrypted_chunks.append(length_bytes + encrypted_chunk)
    
    encrypted_uncompressed = b''.join(encrypted_chunks)
    encrypted_compressed = zlib.compress(encrypted_uncompressed)

    idat_type = b'IDAT'
    new_len = len(encrypted_compressed).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + encrypted_compressed))
    new_chunk = new_len + idat_type + encrypted_compressed + new_crc

    encrypted_idat_chunks.append(new_chunk)

# Reconstruct PNG with encrypted chunks
crit_chunks_no_data.insert(0, png.png_signature)
for chunk in encrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
all_chunks = crit_chunks_no_data

# Save encrypted PNG
def writeEncrypted(data, name, timestamp):
    filename_no_ext = name[:-4]
    new_name = f"{timestamp}_{filename_no_ext}_encrypted.png"
    with open(new_name, 'wb') as new_file:
        for chunk in data:
            new_file.write(chunk)
    return new_name

# Save keys in PEM format
def saveKeys(key_obj, name, timestamp):
    filename_no_ext = name[:-4]
    new_name = f"{timestamp}_{filename_no_ext}_key.pem"
    with open(new_name, 'wb') as key_file:
        key_file.write(key_obj.export_key('PEM'))
    return new_name

timestamp = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
encrypt_img_path = writeEncrypted(all_chunks, png_name, timestamp)
keyfile = saveKeys(key, png_name, timestamp)
print(f"Encrypted image saved to: {encrypt_img_path}")
print(f"Key saved to: {keyfile}")

# ----- Decryption -----

# Load the private key
with open(keyfile, 'rb') as f:
    key = CryptoRSA.import_key(f.read())

# Process encrypted PNG
png = PNG(encrypt_img_path)
png_name = os.path.basename(encrypt_img_path)
crit_chunks = png.getCriticalChunks()
anc_chunks = png.getAncillaryChunks()
encrypted_idat_chunks, crit_chunks_no_data = png.getDataChunks(crit_chunks)

decrypted_idat_chunks = []
for chunk in encrypted_idat_chunks:
    # 1. Decompress the encrypted data
    encrypted_data = zlib.decompress(chunk[8:-4])
    
    # 2. Initialize the decryption cipher
    decipher = PKCS1_OAEP.new(key)
    
    # 3. Process encrypted chunks
    decrypted_parts = []
    offset = 0
    while offset < len(encrypted_data):
        # Read the original chunk length
        chunk_len = int.from_bytes(encrypted_data[offset:offset+4], 'big')
        offset += 4
        
        # The encrypted data is the next 256 bytes (for 2048-bit key)
        encrypted_chunk = encrypted_data[offset:offset+256]
        offset += 256
        
        # Decrypt the chunk
        decrypted_chunk = decipher.decrypt(encrypted_chunk)
        decrypted_parts.append(decrypted_chunk)
    
    # 4. Combine all decrypted parts
    decrypted_uncompressed = b''.join(decrypted_parts)
    
    # 5. Compress the decrypted data to restore PNG format
    decrypted_compressed = zlib.compress(decrypted_uncompressed)

    idat_type = b'IDAT'
    new_len = len(decrypted_compressed).to_bytes(4, 'big')
    new_crc = struct.pack('>I', zlib.crc32(idat_type + decrypted_compressed))
    new_chunk = new_len + idat_type + decrypted_compressed + new_crc

    decrypted_idat_chunks.append(new_chunk)

# Reconstruct PNG with decrypted chunks
crit_chunks_no_data.insert(0, png.png_signature)
for chunk in decrypted_idat_chunks + anc_chunks:
    crit_chunks_no_data.insert(-1, chunk)
all_chunks = crit_chunks_no_data

# Save decrypted PNG
def writeDecrypted(data, name):
    # Extract base name without the timestamp and "_encrypted" suffix
    if '_encrypted.png' in name:
        base_name = name.split('_encrypted.png')[0]
        if '_' in base_name:  # Remove timestamp prefix if present
            base_name = base_name.split('_', 1)[1]
        new_name = f"{base_name}_decrypted.png"
    else:
        # Fallback if the name doesn't match expected pattern
        new_name = "decrypted.png"
        
    with open(new_name, 'wb') as new_file:
        for chunk in data:
            new_file.write(chunk)
    return new_name

decrypted_path = writeDecrypted(all_chunks, png_name)
print(f"Decrypted image saved to: {decrypted_path}")

# Size comparison
print("\nSize comparison:")
for i, j, k in zip(idat_chunks, encrypted_idat_chunks, decrypted_idat_chunks):
    print(f"Original: {len(i)} bytes | Encrypted: {len(j)} bytes | Decrypted: {len(k)} bytes")

Encrypted image saved to: 20250608_164701_linux_encrypted.png
Key saved to: 20250608_164701_linux_key.pem
Decrypted image saved to: 164701_linux_decrypted.png

Size comparison:
Original: 11261 bytes | Encrypted: 101280 bytes | Decrypted: 12815 bytes


## Porównanie plików

In [163]:
files = ['dice', 'test', 'plte']

for file in files:
    print(f"File: {file}.png")
    png = PNG(f"media/{file}.png")
    anc_chunks = png.getAncillaryChunks()
    crit_chunks = png.getCriticalChunks()
    print(f"Crit chunks: {len(crit_chunks)} Anc chunks: {len(anc_chunks)}")
    print("Crit chunk sizes: ")
    for chunk in crit_chunks:
        data_len = int.from_bytes(chunk[:4])
        chunk_type = chunk[4:8].decode('utf-8')
        print(f"{chunk_type}: {data_len}")


File: dice.png
Crit chunks: 3 Anc chunks: 0
Crit chunk sizes: 
IHDR: 13
IDAT: 179502
IEND: 0
File: test.png
Crit chunks: 10 Anc chunks: 8
Crit chunk sizes: 
IHDR: 13
IDAT: 8192
IDAT: 8192
IDAT: 8192
IDAT: 8192
IDAT: 8192
IDAT: 8192
IDAT: 8192
IDAT: 7564
IEND: 0
File: plte.png
Crit chunks: 5 Anc chunks: 6
Crit chunk sizes: 
IHDR: 13
PLTE: 768
IDAT: 8192
IDAT: 2484
IEND: 0
