In [2]:
# rsa_test.py
# RSA-2048 encryption/decryption demo with OAEP padding (best practice)

from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.asymmetric import rsa, padding
import base64

# ============================
# Generate RSA key pair (2048-bit, recommended minimum in 2025)
# ============================
def generate_rsa_keys():
    private_key = rsa.generate_private_key(
        public_exponent=65537,    # Standard and secure
        key_size=2048             # 2048-bit is still safe; 3072/4096 for ultra-long-term
    )
    public_key = private_key.public_key()

    # Serialize keys to PEM format (for saving or sharing)
    private_pem = private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.PKCS8,
        encryption_algorithm=serialization.NoEncryption()
    )
    public_pem = public_key.public_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PublicFormat.SubjectPublicKeyInfo
    )

    return private_key, public_key, private_pem.decode(), public_pem.decode()

# ============================
# Encrypt with public key
# ============================
def encrypt_rsa(message: str, public_key) -> str:
    ciphertext = public_key.encrypt(
        message.encode('utf-8'),
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )
    return base64.b64encode(ciphertext).decode('utf-8')

# ============================
# Decrypt with private key
# ============================
def decrypt_rsa(encrypted_b64: str, private_key) -> str:
    ciphertext = base64.b64decode(encrypted_b64)
    plaintext = private_key.decrypt(
        ciphertext,
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )
    return plaintext.decode('utf-8')

# ============================
# Demo
# ============================
if __name__ == "__main__":
    print("Generating RSA-2048 key pair...\n")
    private_key, public_key, private_pem, public_pem = generate_rsa_keys()

    message = "Hello from RSA! This message is confidential. ðŸ”’"

    print(f"Original message: {message}\n")

    # Encrypt with public key
    encrypted = encrypt_rsa(message, public_key)
    print("Encrypted (Base64):")
    print(encrypted)
    print()

    # Decrypt with private key
    decrypted = decrypt_rsa(encrypted, private_key)
    print(f"Decrypted message: {decrypted}\n")

    # Verify
    assert decrypted == message
    print("Success! RSA encryption and decryption worked perfectly.")

    # Optional: Show public key (safe to share)
    print("\nPublic Key (can be shared openly):")
    print(public_pem)

Generating RSA-2048 key pair...

Original message: Hello from RSA! This message is confidential. ðŸ”’

Encrypted (Base64):
Ln5Ntg9XCaGaRttGF/FQZJcF+ob20G4L84mavafFr9iCt0j643mxlsN1UFlMDRCMsx39J4Efq12HYVmhRjCsLzzMnljJjqXw+Tu9sRm+tyW3Nf75qc2ZWDFw1J6EoV1eXHz/+BQ5NBk7GBAk2TcHlwUDidikWWneXisLbKIWcavUl5AXCUcEW0s0f7aXPQi4AuVSAPrXaz87d+NypjJ914TjvPo/l6a7+lOUeOOYvG3ZP9CcVK8bBjv2WS3XYpeCqaacOw47g/bTyd4k1KazN/O9uceun+kJ2LjLAYXMzW8moWAib7wverhPo+BJE2GCjcTSpEQhy6b96lcJ6NXXVw==

Decrypted message: Hello from RSA! This message is confidential. ðŸ”’

Success! RSA encryption and decryption worked perfectly.

Public Key (can be shared openly):
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6E3wy6GjMiaaJIKeFdMh
ZjKZkd+GE5gGDnf9VLI9//MBoDQqKQ0WTGutWE0qTV6EUgSTO8OW+EK1x3vJ49ou
2o4S3Ui1w0D5MGWuSufoCVfRX3Xe5FeE/OQotK7DMqAaImjxpGNf+xqz5KIdVV4r
OrJOHiqVttLMpxzNah7zBMiKhatLzLLpRmSqwBLlpEeX9d/mKlRICKCyxjkdgYn2
7EK3RJocJPLUVRXHU6x+QEbaYfRSFs2bN6sCQB392+CNZgukn+HtPkPdFkF/ngT5
dWhayqgxTYmu6Jd