In [None]:
from google.colab import drive
drive.mount('/content/drive')

Mounted at /content/drive


In [None]:
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.backends import default_backend
import os
import base64

In [None]:
# Part 1: Generate RSA key pair
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
    backend=default_backend()
)

public_key = private_key.public_key()

In [None]:
# Serialize keys to PEM format (PKCS#8 for private, PKCS#1 for public)
pem_private = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.NoEncryption()
)

pem_public = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo
)

print("Private Key (PEM):\n", pem_private.decode())
print("\nPublic Key (PEM):\n", pem_public.decode())

Private Key (PEM):
 -----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNtrdLJI3WIelE
FjAYVUvYSnvOrsBEMf7F0zvxhga0GgyIS/ALf3rIaPo4vbcDQng38O5JRSZ8MoeX
wOOWVjHMpvw3PmrgNiFOtlfeQ1rGOZsOvipKAgjUft8g7OI9HWDCPaF8AAtTpdwl
Eo4tKdzsw+R13RR+YZQxYYBmUJuh1o63Dd7dJOMbQkNR72Xs3HEnFCh/WFehBbqv
ptMSMVY/J1lo3qMVcpBHJSy7l4Xgitpt2u5Heohsz44iqgItOwINXx7T6uvpvK/M
rZ8RBLaZZe+86A8qZaNUPsmW8nhRpPoLI4bOGzWMimOXWnuj7TitJP6Qd+yv/4v1
IUEMtBaVAgMBAAECggEALuZY3J9dXPQHSBgc5/dOXuYAWws5V3LkiHqTwIlTbu0/
bTWO6TgrqJRSc+xA1NPrL6nU0cybrRYiFsWJvaUyHlv1xayL1klRB66H0usdP3Mz
uEU/w/a5x6STP2DyZYeUn0RI1En4Sx5V1ffohUB1l19D72EzgmrBzA5UJT98dAVb
IiLi/gngJDhxYl0s/sbKDpXpirg0PdrU+yvihOcNf0eb4URNT4vLNSLk2N3eZvfF
l9SRUqA9SPIzM+yucaMoakaqYetFsBMDyLG7GBAZQqJ4y+3AKe5pzaMSscSD9sDr
7miRTZg6ukPl86rdRLY5i+u+3WVMfHzEaEYW2oRL8wKBgQD6jL2Fr9Eg/8U8Dt03
K34hLkeeeTmVeS7EHyBiIxr/YdPDYIkCwsv9cs18+vI7qmuqX/nhRoFBtdoQvbp4
JGEx471YOHLluHF/7+l5tNNEmLonfrEjFtzmVZ3af4J4p/0u4yFmiaEfHz/YyXM/
XGr872l+cioqaB12ECExWNSgDwKBgQDSMEsI5j4bY2

In [None]:
#Control example - Encryption and Decryption
message = b"This is a test message for asymmetric encryption."

# Encrypt using OAEP padding (PKCS#1 compliant)
ciphertext = public_key.encrypt(
    message,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

print("\nCiphertext (base64):", base64.b64encode(ciphertext).decode())

# Decrypt
decrypted = private_key.decrypt(
    ciphertext,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)

print("Decrypted message:", decrypted.decode())


Ciphertext (base64): QEb4iTtBz6v08BkUevj6V5g9TEpi15cakMZHu1lzC8Yg/KRs/VN5O1Ok9PEm9Y1sXAwhIedaDvjItnEv5DnjWznMZ1oFZ/BuLi9vYwlig9Tt2YCxhx99LaoIRfZO8KYSOz/9Q025UUsw4m2dV8B8ZpMWN3uAtrFrjrsCMLasYZfJZBoYVzq8uNu/NYuCc9CJSnMNeRJTcDy7qOAr4qv6dMnddUW1sm6uxEJ44FAAUdixYltStAerMuoSAitUZnobiPjZgXR9u9IQv6VFtHS/41IsAHk1VjBIzgamUACtucJbrBr6wB30OWGeMNqiG21uEvDtWMunHQMnx2iIltTPBQ==
Decrypted message: This is a test message for asymmetric encryption.


In [None]:
#Control example - Signing and Verification
# Sign the message using PSS padding (PKCS#1 v2.1)
signature = private_key.sign(
    message,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)

print("\nSignature (base64):", base64.b64encode(signature).decode())

# Verify the signature
try:
    public_key.verify(
        signature,
        message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
    print("Signature verification: Success")
except:
    print("Signature verification: Failed")


Signature (base64): tXlepRu1uDiSfl94W/2XDclFE4ev4yFa+01uyyIqhfWs+brL3Jli6LrSNmtnOgAQ0XXzWDAIiJ0PExZtUzaV4KwT8HYFQvNmKIA9W2JFlp9M+h8G1w1DBLCC+Aj+8PSy7kIiGloaWHgsQILmpEZn72slcRLXXVOaF0YDWSGNaQ4PMDa7xXv2XQVQg1VYShTk9Ko2o/LwbxiVeIpbdO9a/dke1P1xbXPwW5y0O2UgQ4hOfrMevzP3viKXbDU6bXtRg7ijYN6xSnNk8D3oBmZVO9Miei37Y/srGvMXvPpw+PBqwK4elKBzS5zciwDE5rhu5HEYd0XN5BCJtSbd5ysqoA==
Signature verification: Success


In [None]:
# Simulate insecure key storage
# Write private key to a temp file without encryption
temp_file = "insecure_private_key.pem"
with open(temp_file, "wb") as f:
    f.write(pem_private)

print(f"\nSimulated insecure storage: Private key written to '{temp_file}'")

# Now, any process with file access can read it - this demonstrates OS file protection imperfection if permissions are lax.
# To read it back (simulating an attack):
with open(temp_file, "rb") as f:
    leaked_key = f.read()

print("Leaked key from file (first 100 bytes):\n", leaked_key[:100].decode(errors='ignore'))

# Clean up
os.remove(temp_file)


Simulated insecure storage: Private key written to 'insecure_private_key.pem'
Leaked key from file (first 100 bytes):
 -----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNtrdLJI3WIelE
FjAYVUv


In [None]:
import time

def measure_decrypt_time():
    start = time.perf_counter()
    private_key.decrypt(ciphertext, padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), algorithm=hashes.SHA256(), label=None))
    return time.perf_counter() - start

times = [measure_decrypt_time() for _ in range(10)]
print("\nDecryption times (should be roughly constant for resistance):", times)


Decryption times (should be roughly constant for resistance): [0.0010371200000349745, 0.000908510000044771, 0.0027256910000232892, 0.0014813999999887528, 0.0008563499999922897, 0.0036615909999682117, 0.0008641200000170102, 0.000905411000019285, 0.001036209999995208, 0.000868639999964671]
