# Notebook for Lab 2 - Asymmetric Encryption

## General goal
In this lab you’ll get familiarized with programming, asymmetric encryption and key exchange algorithms using the pyca/cryptography library. 

## Specific goals
- Being capable of serializing and unserializing RSA private and public keys to and from PEM/PKCS encoding/format.
- Being capable of saving and loading RSA private and public keys to and from a file.
- Make use of the pyca/cryptography library to encrypt and decrypt simple messages (strings) with RSA asymmetric cipher using two different paddings (PKCS1v15 and OAEP).
- Make use of the pyca/cryptography library to wrap symmetric keys (recall that key wrapping uses symmetric encryption to encapsulate symmetric key material).
- Make a combined use of RSA OAEP asymmetric encryption and AES 256 CTR to implement hybrid encryption.
- Make use of the pyca/cryptography library to implement a simple anonymous Diffie-Hellman Key Exchange

## Modules
Cryptography library documentation can be found at https://pypi.org/project/cryptography. You’ll may find useful to have these links as reference:
- Asymmetric RSA:
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/
- Key Wrapping:
https://cryptography.io/en/latest/hazmat/primitives/keywrap/
- Diffie-Hellman key exchange:
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/dh/

## Lab assignment and assessment
You are given one Python script/notebook, that contains the headers of all the functions you should develop at the end of this lab. Next, you’ll be guided through several tasks you’ll have to complete in order to do so.

Lab 2 assessment will be performed with a test/quiz/exam at the end of the course (along the other lab assessments).

# 0. Modules installation and imports

In [88]:
import os

from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.asymmetric import utils
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes

from cryptography.hazmat.primitives.keywrap import aes_key_wrap, aes_key_unwrap

from cryptography.hazmat.primitives.serialization import load_pem_private_key, load_pem_public_key
from cryptography.hazmat.primitives import serialization

from time import time
from cryptography.hazmat.primitives.asymmetric import dh

PUBLIC_EXPONENT = 65537
KEY_SIZE = 2048
KEY_SIZE_AES = 32
BLOCK_SIZE_AES = 16
GENERATOR = 2

# 1. Asymmetric Encryption with RSA

## 1.1 GENERATING RSA PRIVATE AND PUBLIC KEYS

### TASK 1.1.1 Generating an RSA key pair

Before using the RSA cipher, you need to generate a pair of RSA public/private keys. Read the documentation at:
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#generation

#### TASK
<mark>Complete the code of function <code>gen_priv_key()</code> to create the private key first and then the code of function <code>gen_pub_key(private_key)</code> to create the pairing public key. Use the already given parameters for creating the private key PUBLIC_EXPONENT and KEY_SIZE.</mark>

In [89]:
# YOUR CODE HERE
from cryptography.hazmat.primitives.asymmetric import rsa
def gen_priv_key():
    private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
    return private_key
def gen_pub_key(private_key):
    public_key = private_key.public_key()
    return public_key
    

## 1.2 SERIALIZATION OF PRIVATE AND PUBLIC KEYS

### TASK 1.2.1 Serializing RSA keys

Read documentation at:
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#key-serialization

Serialization is the process of transforming a data structure created in a specific context into another that is easily stored or transmitted (https://en.wikipedia.org/wiki/Serialization). It is also called marshalling. The inverse process is called unserialization or unmarshalling.

In the case of private and public keys it is highly recommended to ensure interoperability. Serialization can be done following different encodings and formats. In the case of private keys, you can choose to serialize the key in clear or encrypted using a symmetric key derived from a password. Obviously, in real life, private keys MUST be always protected.

#### TASK
<mark>Create two functions, <code>pem_serialize_pub_key(pk)</code> and <code>pem_serialize_enc_priv_key(sk, pwd)</code>, that serialize the private and public keys using the following encoding and formats.</mark>

For the private key: 
<code>encoding = serialization.Encoding.PEM, 
    format = serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.BestAvailableEncryption(pwd)</code>

For the public key: 
    <code>encoding = serialization.Encoding.PEM, 
    format = serialization.PublicFormat.SubjectPublicKeyInfo</code>
    
The output of the serialization process uses PEM format. More information about PEM format: https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail

Once you have coded the functions, print the output. You should obtain something similar to the following result.

In [90]:
b'-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,802BDB9DB78F07FB34A14F88BF4C4CA9\n\n0ASfOGx4tbVzkqKcCGmaPUVGgj68JE6exAKtMaaL5nT2ZVY/WsWxinclZqTMpyF7\nmPaFoQLaudwh+N/3s11wwpIUx7MMND0bEhyHdisRe/3m7MfAI1E2onTw7TCzYNAZ\nCN007wa2BphFfQ1PZ5upy+p27d91xiKP9RSf6Vtusj1smA6lLBeQdYpcoLhZnyyL\n/b/QVG0JhKizkh84hOuz6TR/eXXEtro3Bwbs+2L/ZSqAA+yrvwABwVnX43y4Fdlg\n/p1y+Kc8PD+JHEtw1ibWsQM9yrt0/ZBvEMrLbx9QzpapEqOQgbFc/FRX8jfLmoM0\nO9ievrIRDK3NnhpxvDi6AEqkyJqU/BM9Kwh04dMr7MP1AgqVwxEssnlioh8IP+ZF\njk1zPIUj3bi1HBvCYngwk1pKpCcC2xcS1PE5bXiXstWYe85Jkr6tQHjrdo/oLN85\nlZjhneegszt1+BP0sC1tlAGYH6qhR11wghiU3bhDgFmFtmpu4geDdHDCnK/AEeUI\njIsf0/2cwsJv7m92xw7O2gWy7o8SfXIHsZzMM2X3ogrghD2NldpGoFyjBtBuc2qc\nXXCV7FnrmPF2Uby1brBy0t24t8W+bIS9cl/0IIrqShYV+KgqaRC4tIKKfH/BqN6N\n/vEyp+QdnVz96/PdM69ExaZ5VhZ/mnASVV80RV3j/JvB8QmZ/N7zn4h7LPWZEbyS\ntb7EI2dtk5VKLxkz7Uj2uIGLVUemLYvLNNzUYJcUMRORSl6wpwZ6qq8bQJ2tJlHQ\nFXpEE24T9clBXtrBi22hWHeRZzFXsE4iAXFAQpeFXUwAFTDXW7Fc6xIGD31zncLy\ndI4xd39hk4X3PTHKyMDSM1qQ3aoww8i8MgoRhggpKr+wTUc/T82ggJTn37JK8z2g\nRxEGJAkYwiAMb0GcDgvm8cd0IcJjuYbJSB+A0QAHPaFR0OCn2e9q7HRqV3rOejNa\nvmidIp+smjC79ea9D7ewJFT8gEkppRzNlw0pMus1GpgdZLS9/zJTYVo66YjC0laD\nf9XQ1oEzldALgI3ZoEnli02nC1PVaff9GAkcwBj+yre3RgLxoFwwf6i8ZKwQo7dm\nLQ+JhraRWzD87jLbaDOOX0gQa1e6LcJTf/cljaD1n97ang/YOqCWUz0IAVPajrvx\nE4qyBnfdqfnHt2i/doOZ66d7gFtzvG5FFG6sGSfhNLUfVTZ/29VL8RBGnEsv4sz+\nlAXnIKx5Zw7GPjcIptFx+ySe10Srq4u3AlGtAksjOxP20EfjLNYiYTXZ9icTQJb6\nwryftBSTT07Mb9GrsSPueQ6COOS8i5BCBQdXaCJHA21bC+h9aHwImRhHj0K1UB0A\nBAboZ7yCWaL2zNCiBaIH6vj3eA5cWGmSq1CgtJLoeY6vwD+wJLzldMVDXbcpqtA4\nVzqmOboPsmE3/n3j5sqMqhiZnUKNFbir4rfP27WLCD23UXdXyZ+v6l7ZyKRo3xjB\n/JMVBAS+Ygn4FAMPrM+ScwriB0lP4JvEeQCItvTyRf1Uk1W4Od2fI9rIo9fgDvL3\n/XhuxkHbmts0W5P5Hho4JBI7qNlq/4nv+XPgEj9ptxEGR7ilK7O/HGOKb+VuxH8L\n-----END RSA PRIVATE KEY-----\n'

b'-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,802BDB9DB78F07FB34A14F88BF4C4CA9\n\n0ASfOGx4tbVzkqKcCGmaPUVGgj68JE6exAKtMaaL5nT2ZVY/WsWxinclZqTMpyF7\nmPaFoQLaudwh+N/3s11wwpIUx7MMND0bEhyHdisRe/3m7MfAI1E2onTw7TCzYNAZ\nCN007wa2BphFfQ1PZ5upy+p27d91xiKP9RSf6Vtusj1smA6lLBeQdYpcoLhZnyyL\n/b/QVG0JhKizkh84hOuz6TR/eXXEtro3Bwbs+2L/ZSqAA+yrvwABwVnX43y4Fdlg\n/p1y+Kc8PD+JHEtw1ibWsQM9yrt0/ZBvEMrLbx9QzpapEqOQgbFc/FRX8jfLmoM0\nO9ievrIRDK3NnhpxvDi6AEqkyJqU/BM9Kwh04dMr7MP1AgqVwxEssnlioh8IP+ZF\njk1zPIUj3bi1HBvCYngwk1pKpCcC2xcS1PE5bXiXstWYe85Jkr6tQHjrdo/oLN85\nlZjhneegszt1+BP0sC1tlAGYH6qhR11wghiU3bhDgFmFtmpu4geDdHDCnK/AEeUI\njIsf0/2cwsJv7m92xw7O2gWy7o8SfXIHsZzMM2X3ogrghD2NldpGoFyjBtBuc2qc\nXXCV7FnrmPF2Uby1brBy0t24t8W+bIS9cl/0IIrqShYV+KgqaRC4tIKKfH/BqN6N\n/vEyp+QdnVz96/PdM69ExaZ5VhZ/mnASVV80RV3j/JvB8QmZ/N7zn4h7LPWZEbyS\ntb7EI2dtk5VKLxkz7Uj2uIGLVUemLYvLNNzUYJcUMRORSl6wpwZ6qq8bQJ2tJlHQ\nFXpEE24T9clBXtrBi22hWHeRZzFXsE4iAXFAQpeFXUwAFTDXW7Fc6xIGD31zncLy\ndI4xd39hk4X3PTHKyMDSM1qQ3

In [91]:
b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BKsvzPODKFgeBWlrXwf\nOq0yEeH4YXhcwDBdtphEV4WzpTCh0nxZKZQh9diwjS7WEsjPUnVQJx8XBNdt5YOo\nO1ui4fLS+6v/JHMhjDln9D79pcHFvnduwOdM5mFkmDSJrwna+Qk7r000RWk8lhTK\nds4etkrHomk8txXBlNAcoEu1nzII76Y9G5LiffRrtGSoi7yybYCIaeKwG9q6PI50\nak6K6OIhxB6AcEq5KCs/Y0zkM6TzQLz8V9cyHnZ2ApTht5M2YifX2m09/vtQmDdw\n6wNl9rwP9O8ws2Dmfs0ijovJE4M8C1UviHJicmOaPaaDzzG6Kh8L0FwNf0b+d3CM\nbQIDAQAB\n-----END PUBLIC KEY-----\n'

b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4BKsvzPODKFgeBWlrXwf\nOq0yEeH4YXhcwDBdtphEV4WzpTCh0nxZKZQh9diwjS7WEsjPUnVQJx8XBNdt5YOo\nO1ui4fLS+6v/JHMhjDln9D79pcHFvnduwOdM5mFkmDSJrwna+Qk7r000RWk8lhTK\nds4etkrHomk8txXBlNAcoEu1nzII76Y9G5LiffRrtGSoi7yybYCIaeKwG9q6PI50\nak6K6OIhxB6AcEq5KCs/Y0zkM6TzQLz8V9cyHnZ2ApTht5M2YifX2m09/vtQmDdw\n6wNl9rwP9O8ws2Dmfs0ijovJE4M8C1UviHJicmOaPaaDzzG6Kh8L0FwNf0b+d3CM\nbQIDAQAB\n-----END PUBLIC KEY-----\n'

In [92]:
# YOUR CODE HERE

def pem_serialize_pub_key(pubk):
    pubkpem = pubk.public_bytes( encoding = serialization.Encoding.PEM, 
    format = serialization.PublicFormat.SubjectPublicKeyInfo
                                    )
    pubkpem.splitlines()[0]
    return pubkpem
                        
def pem_serialize_enc_priv_key(privk, pwd):
    privkpem = privk.private_bytes( encoding = serialization.Encoding.PEM, 
    format = serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.BestAvailableEncryption(pwd)
                                    )
    privkpem.splitlines()[0]
    return privkpem

privk = gen_priv_key()
pubk = gen_pub_key(privk)
pubkpem = pem_serialize_pub_key(pubk)
print(pubkpem)
pwd = b'abcd'
privkpem = pem_serialize_enc_priv_key(privk, pwd)
print(privkpem)

b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8wjJXRR88dWsDG/35RO1\n/9gsyYZ1TItxwczm5m3rulmiOK/AYUbbyRpoFoxbyJudYptYa7Tul3XPLsOVJ0i9\nkRxAoViAkhMQZHSNc7WIAyFtSI3sxeTS0lIKdDxlm732M5iNxh4Swsr21ejqxICX\n/lZ9PhIOiweY+d3VdQ6mdVakZ1K9rQhuP9OKswO4DRjptJEjs5TfR1a/gBn/4jyR\nU3vCmoKKNoPui6UmJ1Mnf4GvamXIjCsgHIs4AZixKZ51nyLirzeTagX8z/WNI/p5\nBdX4zy2zdKbGVYZcR9H5/oK2lri4PTuo9ojnlLseyE3BnbHY+o7HNTtZbP2tIEGT\n/QIDAQAB\n-----END PUBLIC KEY-----\n'

b'-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-256-CBC,C47BAE313625BDCB8B2F279B5952381C\n\nJ4foPPDyuQff/I3HUUiEySZZH82Zqf0o0lscBTmjKuAB2NJeFjEtrYjRjA9gXA4D\nJPiRDFFn5HHfuSiBAlvb81b/ZeNQhAanVwYnR+WfHYcMlEjfJspgO/yd37vdeDzC\nHypFhZNJV4wmNBQ2p7jZJGpoQ9R17rnB5yBUrWgKedDJR90Cz/ZVjwuUlgtuDruZ\nzvRDTR9whZzjoWmBNg4cK3eyHUQsCco5AsK5rKZZMOG825OeAz7ci5uURDH9g4mj\nZxrS62DXBH0oQHpr361no3Q/Z7U/ecMWVtBqpaatH8RCvd1DiRzfO0KoLuMS+YiC\nVOMLsaaqBrZu5uBLrLjDX04HiMPjW3bknaofDUmvdTyXlVmjx0ZScxuw/LITaiZz\nFmx2hDsOky8zUzztqhK4H6

## 1.3 SAVING/LOADING PRIVATE AND PUBLIC KEYS TO/FROM FILE

Read documentation at:
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#key-loading

Once you have the private and public key serialized, it is advisable to save them into files so you can reuse them. You can use the following functions.

In [93]:
def save_pem(pem, filename): 
    with open(filename, 'wb') as pem_out: 
        pem_out.write(pem) 
def load_pem(filename): 
    with open(filename, 'rb') as pem_in: 
        pemlines = pem_in.read() 
        return pemlines

### TASK 1.3.1 Saving PEM serialized keys to file

#### TASK

<mark>Save your private and public keys to two files, once they are in PEM format.</mark>

In [94]:
# YOUR CODE HERE
pr1key = gen_priv_key()
pub1key = gen_pub_key(pr1key)

pwd = b'abcd'
priv1keypem = pem_serialize_enc_priv_key(pr1key, pwd) 
pub1keypem = pem_serialize_pub_key(pub1key)

save_pem(priv1keypem, 'sprivk.pem')
save_pem(pub1keypem, 'spubk.pem')

### TASK 1.3.2 Loading PEM serialized keys from file

#### TASK

<mark>Now, load your previously saved keys. Check that you are really accessing the previously saved keys and not to newly created ones.</mark>

In [95]:
# YOUR CODE HERE
load_pem('sprivk.pem')

load_pem('spubk.pem')

b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0R1h6pSJeTwFmQq6j3ge\nGxddURwD+7WrKq8fxW+/xjY35I8UhRW+/NruIThmjhFjPkZXRfAA4hO3kxV3BfeU\npB7cl6r41TYdtBv8ZBU31aBTyOgQaddeAQvfU2rxAw8KJuxNYJUTBw26GDENSXPw\nVI/13IuxtjJB9z2quHrADsD7Huj+77W84XD/Ho8443iAVh5IkYJDFLKUt/bcc9UD\n95gfyM/nAMrJZ9/jla1EcwGVGyT/oADoywQ6YTl2KtSY68DIU4bM3YYnbEvfwcB5\nERqoJpJYtuadvlW9uIf9qXg0+2wP6PWTRjyCJ4iwT5wPhtn7VmTtcfzB4cU2/FHx\n0wIDAQAB\n-----END PUBLIC KEY-----\n'

## 1.4 NUMBERS OF RSA KEYS

Read documentation at:

https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#numbers

https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#key-interfaces

The cryptography library provides an interface to access the numbers composing RSA private and public keys.
To access an attribute of a Python object you have to use <code>name_of_object.name_of_attribute</code>. Eg., for accessing the <code>modulo</code> attribute of public key <code>pk</code>, we can do so using the method <code>public_numbers()</code> offered by the key interface of an <code>RSAPublicKey</code>, and then access to the attributes that will be copied in that new <code>RSAPublicNumbers</code> object. Next code shows you how to access to the public key exponent and the public key modulo.

In [96]:
# my_public_key is an RSAPublicKey object 
# u is a RSAPublicNumbers object 

my_private_key = rsa.generate_private_key(public_exponent=PUBLIC_EXPONENT, key_size=KEY_SIZE, backend=None)

my_public_key = my_private_key.public_key()
    

u = my_public_key.public_numbers() 
print("e: ", u.e, "\nn: ", u.n)

e:  65537 

n:  23642146516105433829177119654221782412597302336278675815008512210882020290877471149096864702275540981273629124838965476281163113917010399183547113748846884466434723157936552743097669367271865017803123462054414168389935228715439835450372068059703476002127035329018673133149611889372725282623783755810448318035539172520662536743444639254054473762769993098190264497858895187320086487715338423579843201606348313364793357309984924258208223068723560063555341783112253190410944871558908197614542252292576576340504149740846778086860536325002219187458448029713521130795277899615851241361673602465475317825745828606296202839889


### TASK 1.4.1 Retrieving RSA key numbers

#### TASK

<mark>Retrieve and print the numbers that compose your private and public keys.</mark>
- <mark>Get primes p and q from the private key.</mark>
- <mark>Get public exponent e and modulo n from the public key and private exponent d from the private key.</mark>

You should get something similar to the contents of the following cell.

PUBLIC KEY NUMBERS: 
- e= 65537 
- n= 28286589195806813523758388238601420643684675859590271480242198902877495065174939388967352229927118658568849300194854591753778288782981184337483735526054958723030953718998273608377686022156012991767916779100447389061810656324359973280201303652806242293533570949451679574458537712176089120105323691385066797554509039787547107291385254211206950822572782513783075701597720659181873730425007754038442219693054334894078838357139617750150040561481356423076762837510859732933469937162361387743959048254286717249809639810546656863888521654105634360262835982057012810292159145370934780218418147053162085567559518732703990058093 
PRIVATE KEY NUMBERS: 
- d= 2476592593581328043690215171782274923378590263245631898830122485080352574636828085110619453061962049878207078208005792872471730793853030131505587293414458293067299577942415642535837197234099860334838434448912326143043922455852076333701498090541254837424594200344137470409739374589413604088749062989876150638049371610876500881319783760547095681764714011329189154531191659301167658509610759475554004075665737029703132094188039196801496683266639152961385368199124994673494303163660572592242786952701985154543342061112087376755920622578733780801891307137613105350769102406658645478262464641227300809810227199587461602753 
- p= 173957046990765938927114424239968578264521087635448939562764984761896855350232514127134303004576939168705624803510295654154543576942608560832992595163874428473745256858843090788377514132354371334064080364302929220414371906509415218717097948593452823050272958790363412458250094316606182472717994334049807405561 
- q= 162606745085229770189985671425851241203684542132103997916672688079679761839438825873423154557612040598908562445786602535037029202864692413022732794513932886210021622367508721149060877356643046321234055671565639387905524818711158877967217539235998104116519392501591296531710899513810414567038655806921266817813

In [97]:
# YOUR CODE HERE

my_private_key = rsa.generate_private_key(public_exponent=PUBLIC_EXPONENT, key_size=KEY_SIZE, backend=None)

my_public_key = my_private_key.public_key()
    

u = my_public_key.public_numbers() 
print("e: ", u.e, "\nn: ", u.n)

v = my_private_key.public_numbers() 
print("d: ", v.d, "\np: ", v.p, "\nq: ", v.q)

e:  65537 

n:  29712080520587392358197460174665108829918020756134694621631731822094880855895549776219351093008270324326848753910057909690275507208557482228216243410861035906855278298877522858002715992036540107492140006724473518814398320545452172410326729914399258119585896837609583013151748785747015596680874826260697509038925959516810869616877534309933746628066603348298155202815667449017804976856938177715358977693007308539185839869447514986559196101974858314133793969824717017235689145906110887837826499875132829063519879201150114487236943359602108536609693736374562210663191644830121768364137295278979686119502848750254715811763


AttributeError: '_RSAPrivateKey' object has no attribute 'public_numbers'

### TASK 1.4.2 Checking RSA key numbers

#### TASK

<mark>Then, do some checks using the web tool https://www.boxentriq.com/code-breaking/big-number-calculator :</mark>
- <mark>Compute the product of p and q and compare the result with the value retrieved for modulo n.</mark>
- <mark>Check that exponents e and d are the multiplicative inverse of each other with respect to phi(n)=(p-1)·(q-1), that is, their multiplication modulo phi(n) is equal to 1.</mark>

## 1.5 RSA ENCRYPTION/DECRYPTION WITH PKCS1V15

Read documentation at:

https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#encryption

https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#decryption

Take into account that RSA is an asymmetric block cipher, therefore it needs padding, but not only because of the length of the message, but more importantly, because the security. The
library cryptography offers PKCS1v15 and OAEP paddings for asymmetric encryption. 

Read the documentation at:

https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#module-cryptography.hazmat.primitives.asymmetric.padding

### TASK 1.5.1 Encrypting/Decrypting with RSA PKCSv15

#### TASK

<mark>Now you are ready to encrypt with RSA. Create two functions <code>rsapkcs1v15_encryption(public_key, message)</code> and <code>rsapkcs1v15_decryption(private_key, ciphertext)</code> that encrypt and decrypt a message with RSA using PKCS1v15 padding (note that this padding method does not need any parameter). Using your RSA key pair, encrypt and decrypt a small message using these functions. Check that you obtain the original message after decryption. </mark>

In [98]:
# YOUR CODE HERE --- PKCS1v15
from cryptography.hazmat.primitives import hashes

def rsapkcs1v15_encryption(public_key, message):
    ciphertext = public_key.encrypt(
    message,
    padding.PKCS1v15()
)
    return ciphertext
def rsapkcs1v15_decryption(private_key, ciphertext):
    plaintext = private_key.decrypt(
    ciphertext,
    padding.PKCS1v15()
)
    return plaintext

prkey = gen_priv_key()
pubkey = gen_pub_key(prkey)

message = b'hola'
ciphertext = rsapkcs1v15_encryption(pubkey, message)
print(ciphertext)
plaintext = rsapkcs1v15_decryption(prkey, ciphertext)
print(plaintext)

print("Message and plaintext are the same? ", message == plaintext)



b'5\x90\x19\xa3\x02o\xdaZ\x1c\'_\x92I\xc4\x0e\xfb4\xe6\xebX\x1e3+2r\x90\xead\xd0\xec\xe3\x99 B\t;\xda"\x88tao\xc9\x10d.\x18\xb7\xb6\x1f\xbeg\x8b\x98V,\xe4\x03C{\x07R\x90\xf9\x11a\xe3\xa0S1u\xbc\xc4\xfd\xcd\xb2\xebe\xc9K\x1d\xabv\xc3g\x8e+\x0f\xcc\x89\xc6\r/K\x1b#\xd3{}\x92\x85H\x95\xf9\xbdK\x01E6\xca\x14\xfb\xfb\x98\xaa\xa3`\xe8\x19\x1e\xe9I\x976\xf3\x93\x98\x8fp\x8e\xe7\x12\x90\x7f\x8dW\xc5z\x94*\x00e\x05\x9f`\x8c\xb4B\x8a]\xf1\x95WF{\xf1\x97\x92\x12y\xe5\x99\x87\xc2\x8d\xe8\x98\xd0Jc\xcf4\xf9\x80\x1f\x83\xf4\xf9\xf6\xca\t\x1d\xb0\xfd\xfby\xfc#?\xfe\x01m\xe8h!&\xe7\x05\xbfN\xdc\xb1\xf6\x9f\x7f\xc7\x19\xa6^\xc7\xb3\xfec\xdb\xa3q\xef\x02\x88[S:S\x8e0x\xd5\xcf\x00\x07\x1c\xba\xb7z\x0c\xebm{\xf9P{\xb2T\x1c\xde)[\x85\xed\xec\xe3\xcdx\x91\xa1\xca'

b'hola'

Message and plaintext are the same?  True


### TASK 1.5.2 Decrypting a given ciphertext with RSA PKCSv15

#### TASK

<mark> In the lab’s materials folder you’ll find two files containing a private and public key pair, PEM encoded (filenames are <code>fixed_private_key.pem</code> and <code>fixed_public_key.pem</code>. Notice that the password used to protect the private key is <code>b'password'</code>. Decrypt the ciphertext provided in next cell.</mark>

In [99]:
ciphertext_pkcs1v15 = b'8\xd5\xaag\x9c8:\xc8\x8d\xd7\xbc\x1f\tb\xf6\\`\xba' \
                 b'\x90\xc2\xc9\x019\'\xcd\xc3R\x82\xd09\xb1L+\xb85f\x8b' \
                 b'\x01I\xc7*\xb4\xa7\xa5\xaa\xc9X\x94\t\x03\x9d"\xdc\xcc' \
                 b'\xf8\x9b\xd62\xa0\xa1b%\x8c\xaa\x0f\xeb\xbeI\x849\xc9' \
                 b'\x8c\x01\x12Q\x82\xe1\xa5w\x12\x86*>\xc7\xbeR\x9e\\kv' \
                 b'\x97\x8d\xa9ez/\x18\xe7\x14\x9121\x05:\x8f3\xa5=\xcc\x06' \
                 b'\xfc\x1b\xe0\xae\xb3U\x14]R\x94\x8fh\xabm\x9fC\x0c\xd58J' \
                 b'\x7fQP\xe5\xa7S\xce\xa2\xef0^\x1aD\xc5\x8f\xffF\x86\xe6\x1f' \
                 b'\x8bF\x0c\xf5Ik1%0\x1f\x12\x82\'H\x81\xe9\xd2\xbf\xda<\xa3' \
                 b'\x80\xed\xb5\xef\x8c\x08{ScD:\xfc\xff\xc9P\\\xff\xf5\x8bV' \
                 b'\xc8\x0e\x1b\x93P\xaf\xb8\x1c$5\x85\x90\xf6h\x05x]\xc9\x8a' \
                 b'\xb7\xe8\xfc\x99\x1a2\xc0i\x00\xebn\xbaE\xbf\xf7\xd5+\x1b/' \
                 b'\x9b\xff\xb2\xa3\xf1\x08\x8c!\xcb85/\xb4\xdf\xce/\xacd\xd6\x93k_x\x12\xc3@\x04'

In [100]:
# YOUR CODE HERE
from cryptography.hazmat.primitives import serialization

with open("fixed_private_key.pem", "rb") as key_file:
    private_key = serialization.load_pem_private_key(
        key_file.read(),
        password=b'password',
    )

plaintext = rsapkcs1v15_decryption(private_key, ciphertext_pkcs1v15)
print(plaintext)

b'GREAT AND AWESOME MESSAGE THAT WILL HELP YOU TO PASS THIS COURSE'


### TASK 1.5.3 Encrypting twice the same message with RSA PKCSv15

#### TASK

<mark> Encrypt twice the same message. Do you obtain the same ciphertext? Can you provide some reason for the result you have obtained? Hint: You can find why at: https://datatracker.ietf.org/doc/html/rfc8017#section-7.2.1 </mark>

In [101]:
# YOUR CODE HERE
message = b'hola'

prkey = gen_priv_key()
pubkey = gen_pub_key(prkey)

ct1 = rsapkcs1v15_encryption(pubkey, message)
print(ct1)
ct2 = rsapkcs1v15_encryption(pubkey, message)
print('\n\n', ct2)

b'\x12\xd9\xd4Z\xf7A\xa99\xde\x7f\xc5?\xd3\x8a3\x8b\xa3\xc1\xc1\xf3\x98F\x1e\xcb\xc2\tsi\x12\r+\xb2\x91\x01\x82~\x1aNZ\t\x97\xd3*|\xb4N,W\xc3\x94\x10\t\x01\xeb\xa9\x02\xd0\x15\xc9\xca\xc4\xe2\xdbQ3\xc4\xc5\x99\xa4\xb6\x89\xff\x7fX\xe1\xb8\xf4\x83\xb0\xea\x94\xed\x95\xa0\x06\xc2\xc8<X\xaaQ\xc5\xfc\x95\x9e\x074f\xb7\xca\x15\x12\xd6\xa858t\xc6\x7f\x19\xa4\xef\xf2\xff0\x82\xd7\xa9\x11\\\xef!\xceO\xd4\x84s\x87s\xdc\x80V\t\x87\x15\xea\xfac`G\x8d\xa7qd\x16C\xff\x15\xdb\xc9+\xd0\xd2\xebO4\x9cT\x0fN\x19\xff:\xcb[\xdb;\xf2~\x1a\xc5\xb7y\x93%Z\xa4\xfb\x18t"\xe2j\x02\x0e~\x13\xce\x12qw\xe2%\xa4\x93\x1c\xddP{\xd3c4N`8\xbd3\xa3\xfabwP\x14\xdfZ\xa1\xeb\x8f\x89\xff\x8do:~\x12\xf9M\x8aW[6\xbc\xa8\xf3\xeb\x17\xd7-\xf8\x98\x16\xa4\xe2\xa2\xd4"\xc6g\x12\x14&Q\xe8s\xae\x88'





 b'\x91[\xd1\xfb\x88\xaa\xe4\x086\xe0\xee"<\x12\x0b|\xb3"\xfa]c\x01\x89>\x7f\x01E\'\x89\xc8tN{zg\x89\x97\x97\x03L\xeb]\xa3\xdf\xab\xfbs\x0cr~\xd2\xb1\x89\xe9G30S\xebG\xcc\x12f\xe97\x14\xc6\xfb\x82\xd7_`\x8d*W\xf8\xf27~[R\x1f\t\x0eR

### TASK 1.5.4 Largest accepted message length with RSA PKCSv15

#### TASK

<mark> How long is the longest message that you can encrypt using RSA with PKCS1v15 padding? Try to encrypt messages of increasing length and note down when an error is raised. </mark>

In [102]:
# YOUR CODE HERE
print('How long is the longest message that you can encrypt using RSA with PKCS1v15 padding?: mLen = k - 11 -->> 245 bytes')

How long is the longest message that you can encrypt using RSA with PKCS1v15 padding?: mLen = k - 11 -->> 245 bytes


## 1.6 RSA ENCRYPTION/DECRYPTION WITH OAEP PADDING

### TASKS 1.6.1-1.6.4

#### TASK

<mark>Repeat the previous TASKS (from 1.5.1 to 1.5.4) but use in this case OAEP padding. The suggested name of the functions in this case is <code>rsaoaep_encryption(public_key, message)</code> and <code>rsaoaep_decryption(private_key, ciphertext)</code>. Notice that OAEP padding needs at least the following two parameters: <code>mgf = padding.MGF1(algorithm=utils.hashes.SHA256())</code> and 
<code>algorithm = utils.hashes.SHA256()</code>, using also <code>label = None</code>.</mark>

<mark>You should use for Task 1.6.2 the ciphertext provided in the next cell.</mark>

In [103]:
ciphertext_oaep = b'6\x9b\x14\x13l\xc0\xe1I\x02\x8e\xd3\x1f\x9c\xd9\x813P\xae5' \
                 b'\x99\x9f\xec\xbe\xb3\x89\x95\n\x83\xc88\xc1\xc9,\x99\xf3\xcd=d' \
                 b'\x01\xd0\x12\x80+\xc5\xa8\x94\xec\xa5=\xee\x9b\xa7E\xec,rG\xa6' \
                 b'\xd6\xa8p\xf3\xb9\xddC\xee\xbdB\xb1E\x135\xc5\xdbX\xf7\x87)mN\xb0' \
                 b'\x98d\xc5Q\x97\x1ftZ\x8e\x92\x9fS\xac\xee\x96?\xc5\xb1\x08\x81P' \
                 b'\xe8\xe2\x08d\x98\xaf\xf2\x1a\xba\xea!m\xb9M\x8cX\'\x86\x8a\xcd' \
                 b'\xaco6\xaaJ\xa5v5\xa4\xafG\x9fjQWq\xac\xd22kv1\x91\x8f\xbd\x14\x82' \
                 b'\xe7O/\x12r\xc9\x89f\xcb)\xef\xe5W\xa2\xe8\xca\xf43\xa3\xbe\x07\xd9' \
                 b'\x9eA\xc4\x89W\xda\xe1u\xc2<%.\xad\xf7\xb7\xedf\xfc\x9b\xa9\x04=|}\x92' \
                 b'UO?\xc5\x9141d\x10D\xbe\x1a\xa1\xa9\xa4\x18\xdd\xd7\xafP ~\xacs\xefZK' \
                 b'\x9f\xf8}8\x87\xe9\x9d\'\x13b"\x1c\x88\x89)7qzlq\xd7aX\x0e5\xa3s~\xa3\x84\xee\x0b\xa5'

In [104]:
# YOUR CODE HERE
from cryptography.hazmat.primitives import hashes

def rsaoaep_encryption(public_key, message):
    ciphertext = public_key.encrypt(
    message,
    padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None)
)
    return ciphertext
def rsaoaep_decryption(private_key, ciphertext):
    plaintext = private_key.decrypt(
    ciphertext,
    padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None)
)
    return plaintext

prkey = gen_priv_key()
pubkey = gen_pub_key(prkey)

message = b'hola'
ciphertext = rsaoaep_encryption(pubkey, message)
print(ciphertext)
plaintext = rsaoaep_decryption(prkey, ciphertext)
print('\n',plaintext)

print("\nMessage and plaintext are the same? ", message == plaintext)

with open("fixed_private_key.pem", "rb") as key_file:
    private_key = serialization.load_pem_private_key(
        key_file.read(),
        password=b'password',
    )

plaintext = rsaoaep_decryption(private_key, ciphertext_oaep)
print('\n',plaintext)

message = b'hola'

prkey = gen_priv_key()
pubkey = gen_pub_key(prkey)

ct1 = rsaoaep_encryption(pubkey, message)
print('\n',ct1)
ct2 = rsaoaep_encryption(pubkey, message)
print('\n', ct2)

print('\n--------\n')

print('How long is the longest message that you can encrypt using RSA with PKCS1v15 padding?: mLen = k - 2hLen - 2')

b'\xbdZ\x0fq}~\xc5K\x1cq\x86{@\xb1\xce\x1e\x82!uU:02\xc1\xa9\xe9\x97;\x9eRe\x13.\x0c>\xb266:H\x00\x8bZ\'^\xfd\xfe\xb8)\xae\x0ch\xad\xdf\xaa\x03|=\x90\xa4\\\xa5\x1e\xae\xe7xm\x1b\xf5\xe3\xde\xab!l\x86P\xa0)c\xa8\xc5t\x0cC\xf6\xd6\x926\x96LQ\x9aZ\xa6\xbf\x84S\xa5\x888\x08\xe6Z\xfa8\xb8\xcb\xef-\x92\xfc\x14Y3v\xb5\x86\xb7q\xc0\xbcE\x07\x9f\x85\x1c\x0fv\xba\xa4\x92l\xe9\xf9~\xb0oNQ\x1d2\xde*\xbb\x99\x89\xde\xa6\x0b\x80\xedE@\x19\xe7#\xa9\'\x80x8\xac\xf5\xb1\x04\xa2.\x17\xaa\xe6\x9d(6&\xa8-Is\xe9\x90GqK\xa4K\x90\'\xf4=\xf79\xcf~\xe1u\xa9!\x06\xbb\xcap\x1f{\n\x9a"\xc2\x00-`\xaf\x8a\x9c\x9a0\xec>\xb9\x80\x98\xdd\xd3e\x81\x1f\xe1\x88AM#Sa"\x0eQ@-Q5\xf6\x14\xef~d\xf3G\xeaA\xf9\xfa\xfb\xc3\xad\xd9g\x19'



 b'hola'



Message and plaintext are the same?  True



 b'I personally think we developed language because of our deep need to complain'



 b'\xb2#F\xa1\xb8\xff\xd0/\x80\xd8a\x7fA{"\x95!\x0c\xefJ\xc9\xea\xd0\xdcg\x06E\xfc\x80\xf7\xccl\x90<\xaa\xfeC\xc6\xbeoK\xf4\x923\x06M\\pSD[t\x9c\xb1\x81

#### QUESTION

<mark>Which is the recommended RSA padding scheme? Why?</mark>

# 2. Key Wrapping

Now you’ll focus on Key Wrapping. Key wrapping is the process of encrypting a symmetric key, key_to_wrap, using another symmetric key, wrapping_key, in order to securely store the first one or transmit it over an untrusted channel.

The library cryptography offers a specific class to wrap and unwrap symmetric keys using AES with and without padding.

Read documentation at:

https://cryptography.io/en/latest/hazmat/primitives/keywrap/

### TASK 2.1 Wrapping/Unwrapping symmetric keys

#### TASK

<mark>In this task you are requested to wrap and unwrap the symmetric key <code>key_to_wrap</code> using given symmetric key <code>wrapping_key</code>. Using the given values for the wrapping key and the key to wrap, check that you obtain the same key when you unwrap it as shown in the following cell.<mark>

In [105]:
wrapping_key = b"000102030405060708090A0B0C0D0E0F"
key_to_wrap = b"00112233445566778899AABBCCDDEEFF"

In [106]:
# YOUR CODE HERE
from cryptography.hazmat.primitives.keywrap import aes_key_wrap, aes_key_unwrap

wrapped_key = cryptography.hazmat.primitives.keywrap.aes_key_wrap(wrapping_key, key_to_wrap)
unwrapped_key = cryptography.hazmat.primitives.keywrap.aes_key_unwrap(wrapping_key, wrapped_key)

NameError: name 'cryptography' is not defined

#### CHECK

You should obtain the following result.

<code>wrapped_key =  b'\xf4z\xe5PY\x0e\xfas,?\xd75yj)\x0e\xb4\xb5\x8d\xdd\xaa/z\xde>\xe6 \xfc\xefh\x19\x90\xd1C\xb6fV\xa5\x81\x86'</code>

<code>unwrapped_key =  b'00112233445566778899AABBCCDDEEFF'</code>

# 3. Hybrid Encryption

Now you will implement hybrid encryption combining AES256-CTR (CTR operation mode) with RSA-OAEP. Review the concept in the lecture slides.

## TASK 3.1 Hybrid encryption/decryption with RSA OAEP and AES 256 CTR

#### TASK

<mark>Complete the code of the following two functions: </mark>
- <mark><code>hybrid_encryption_rsaoaep_aes256_ctr(public_key, message)</code>, which returns three results: <code>encrypted_symmetric_key</code>, <code>nonce</code>, <code>encrypted_message</code> </mark>
- <mark><code>hybrid_decryption_rsaoaep_aes256_ctr(private_key, encrypted_symmetric_key, nonce, encrypted_message)</code>, which returns the result of the decryption: <code>plaintext</code> </mark>

<mark>Note that you need the functions <code>aes256_ctr_encrypt</code> and <code>aes256_ctr_decrypt</code> coded in previous Lab 1.</mark>

In [127]:
# YOUR CODE HERE
# nonce = b'\xf4$\x89\xab{\xa4-`:\xdeq\xb5m\x1b\xd3\x98'

def aes256_ctr_encrypt(data_to_encrypt, key, nonce=None):
    #We will basically do the following :
    #we encrypt directly without padding since its not a requirement
    if nonce is None:
        nonce = os.urandom(len(data_to_encrypt))
        
    cipher = Cipher(algorithms.AES(key), modes.CTR(nonce))
    encryptor = cipher.encryptor()
    ciphertext = encryptor.update(data_to_encrypt) + encryptor.finalize()        
    return ciphertext

def aes256_ctr_decrypt(encrypted_data, key, nonce):
    #We will basically do the following :
    cipher = Cipher(algorithms.AES(key), modes.CTR(nonce))
    decryptor = cipher.decryptor()
    plaintext = decryptor.update(encrypted_data) + decryptor.finalize()
    return plaintext

def hybrid_encryption_rsaoaep_aes256_ctr(public_key, message):
    symk = os.urandom(16)
    encrypted_message = aes256_ctr_encrypt(message, symk, nonce=None)
    encrypted_symmetric_key = rsaoaep_encryption(pubkey, symk)
    return encrypted_symmetric_key, nonce, encrypted_message

def hybrid_decryption_rsaoaep_aes256_ctr(private_key, encrypted_symmetric_key, nonce, encrypted_message):
    symk = rsaoaep_decryption(private_key, encrypted_symmetric_key)
    plaintext = aes256_ctr_decrypt(encrypted_message, symk, nonce)
    return plaintext

<mark>After you have coded the functions, use them as shown in the next cell. Print all variables and check that the plaintext you obtain is equal to the message.</mark>

In [130]:
# A encrypts a message for B, by computing C_K, NONCE, C_M and sends these values to B 
message = b'Hola teacher soy un jaqu3r!'
B_private_key = gen_priv_key()
B_public_key = gen_pub_key(B_private_key)

C_K, NONCE, C_M = hybrid_encryption_rsaoaep_aes256_ctr(B_public_key, message) 

# B receives C_K, NONCE, C_M and decrypts the message 

plaintext = hybrid_decryption_rsaoaep_aes_ctr(B_private_key, C_K, NONCE, C_M)

print(plaintext)

ValueError: Invalid nonce size (27) for CTR.

### TASK 3.2 Decrypt a given ciphertext with hybrid encryption

#### TASK 

<mark>Using the RSA key pair provided in the lab’s material folder, decrypt the ciphertext given in the next cell and which has been encrypted using the functions specified in Task 3.1.</mark>

In [128]:
C_K = b"5\xed.\xa6w\xb3\x9cyOT8p\xbc\xe8\x0b\xf1\xca1J\xd2|p\x95f'\x90@" \
          b"\x05\xd1A\xb1\x9fz\x0e\xb4\xd4JOK\xe0\x16\x92H\xed\xaeBYA\xfenD" \
          b"\xbf\x82\x83\x07\x99N\x89\x82\xc84\xeaV\xca\xb1\x9e\x1a ]\xbe\xd6" \
          b"\xfc\xce'Q\xfd\x14\x87J\x01,B\xf2\xd2\x01(\xa3\xda\xf1\x9cV\x95}" \
          b"\xec<o\xb3\xe57(J\xb4\xb8\x1d\x1d\xa0+S\xe0\xbb\x8fJ\x07~f\x91\xe57" \
          b"\xb0\xe1\xaa[\x89\xf6\x0b\x7f\x121\xc3\x92\xd6\x02\xbeM<\xda\x8dR6" \
          b"\xa9\xb4C\xa2m\xbdZiAc\xd6\xe6z5\t\xe3C$j$\x8a\xf7\xd5\t\x87\xc4\xa9" \
          b"w\x02\xa7#\xff\xbak\xcd&\x17\x15\xcd%~\xe7h`J[\x95\x81\xb5\xdd:)+\xe5" \
          b"dYY\xb3\xdaF\x9bz\xe8\xf5Y?Ok\xd8\xe5\xecw\x9f\x80H;\x02l]\xdb_\xfe\x83" \
          b"<\xcf\xf4\xd2/\xcf)\x0c\xf9k7\xf4\xbb?l\xb1\xaa\x07\xd1f\x9f'\x96\xcc" \
          b"\xc9i\xdb\x83XQ\x8e\xc7U\x8d"

b64_C_K = b'Ne0upneznHlPVDhwvOgL8coxStJ8cJVmJ5BABdFBsZ96DrTUSk9L4BaSSO2u' \
              b'QllB/m5Ev4KDB5lOiYLINOpWyrGeGiBdvtb8zidR/RSHSgEsQvLSASij2vGcVp' \
              b'V97Dxvs+U3KEq0uB0doCtT4LuPSgd+ZpHlN7DhqluJ9gt/EjHDktYCvk082o1SN' \
              b'qm0Q6JtvVppQWPW5no1CeNDJGokivfVCYfEqXcCpyP/umvNJhcVzSV+52hgSluVg' \
              b'bXdOikr5WRZWbPaRpt66PVZP09r2OXsd5+ASDsCbF3bX/6DPM/00i/PKQz5azf0uz9' \
              b'ssaoH0WafJ5bMyWnbg1hRjsdVjQ=='

NONCE = b'\x01\xd5\xef00rB\x13e\xd6\x1e84\n\xbc\xe3'

b64_NONCE = b'AdXvMDByQhNl1h44NAq84w=='

C_M = b'\x18\xe6\x0c\x98&\x83\xef\x85J\x12zsJ\xb2\x87\x84\r\xa68\xb9\xcf\x90' \
          b'\x10~\x84|\x9f>\xfd%LGk\x8a\xe7\xeb\xa8\xaaK\x0c\x8dc\xa8\xc2\xb3d\x90' \
          b'\x8f\xa1u\x8e\xcc_h'

b64_C_M = b'GOYMmCaD74VKEnpzSrKHhA2mOLnPkBB+hHyfPv0lTEdriufrqKpLDI1jqMKzZJCPoXWOzF9o'

In [129]:
# YOUR CODE HERE
with open("fixed_private_key.pem", "rb") as key_file:
    private_key = serialization.load_pem_private_key(
        key_file.read(),
        password=b'password',
    )

plaintext = hybrid_decryption_rsaoaep_aes256_ctr(private_key, C_K, NONCE, C_M)
print('\n',plaintext)



 b'YOU ARE GETTING THROUGH THIS LAB AS A TRUE NINJA CODER'


# 4. Diffie-Hellman Key Exchange

Now you’ll code a (non-authenticated) Diffie-Hellman key exchange.
Read documentation at:

https://cryptography.io/en/latest/hazmat/primitives/asymmetric/dh/#diffie-hellman-key-exchange

Notice that there are three main steps: 
- Generate a parameters object using in this case <code>GENERATOR=2</code> and <code>KEY_SIZE=2048</code> (already given in Section 0). This object must be known by both entities participating in the key exchange.
- Each entity generates his/her private share (called here private key).
- From the private share, the public share can be computed using function <code>my_public_share = my_private_key.public_key()</code>. This is the value that is sent to the other entity through the insecure channel.
- Then each party can compute the shared key using function <code>my_private_key.exchange(the_public_share_of_the_other_party)</code>

### TASK 4.1 (Local) Diffie-Hellman key exchange

#### TASK 

<mark> Write code where two entities compute their Diffie-Hellman private and public shares (using the generator and key size stated above) and then both compute the shared key (assuming that public shares have been exchanged somehow). Check that both parties compute the same the same shared key. </mark>

<mark> Note: The Diffie-Hellman method takes several minutes to finish its execution.</mark> 

In [136]:
# YOUR CODE HERE

from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import dh
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
# Generate some parameters. These can be reused.
parameters = dh.generate_parameters(generator=2, key_size=2048)
# Generate a private key for use in the exchange.
server_private_key = parameters.generate_private_key()
# In a real handshake the peer is a remote client. For this
# example we'll generate another local private key though. Note that in
# a DH handshake both peers must agree on a common set of parameters.
peer_private_key = parameters.generate_private_key()
shared_key = server_private_key.exchange(peer_private_key.public_key())
# Perform key derivation.
derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'handshake data',
).derive(shared_key)
# And now we can demonstrate that the handshake performed in the
# opposite direction gives the same final value
same_shared_key = peer_private_key.exchange(
    server_private_key.public_key()
)
same_derived_key = HKDF(
    algorithm=hashes.SHA256(),
    length=32,
    salt=None,
    info=b'handshake data',
).derive(same_shared_key)
print('Both parties compute the same shared key? ', derived_key == same_derived_key)

Both parties compute the same shared key?  True


### TASK 4.2 Diffie-Hellman key exchange with a peer