[View in Colaboratory](https://colab.research.google.com/github/ksavchyn/gu511/blob/master/ssh_keys.ipynb)

In [0]:
import random

# example of Diffie-Hellman-Merkle key exchange

first, as a primer, check out [this article](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) on DHM key exchange. extra shoutout to the example, which is super helpful and what we're about to do here

## partner up!

find someone else in the course to work with. the two sections below (title "partner 1 does this" and "partner 2 does this" will discuss a series of commands to enter for each person. one command in each section will require input back from your partner (e.g. partner 1 adds 2 + 2 to get 4, and partner 2 has to wait on partner 1 for that answer of 4 to move on with their next step).

before starting those sections, both of you should execute the following (don't change these numbers!):

In [0]:
p = 23
g = 5

afterward, go through you respective section below and think about each cell you execute.

when you've each finished your sections, switch roles (1 --> 2 and 2 --> 1) and try again.

## partner 1 does this

*pick a secret number! Don't tell anyone!!*

In [0]:
# you can generate a random number like this, or just say
# p1secretnumber = *whatever*
p1secretnumber = random.randint(1, 100)
p1secretnumber

*prepare a special number to send to partner 2*

In [0]:
forp2 = (g ** p1secretnumber) % p
forp2

*give that number to partner 2 and then wait for them to get back to you*

In [0]:
fromp2 = int(input('what number did partner 2 give back to you? '))

In [0]:
p1result = (fromp2 ** p1secretnumber) % p
p1result

*check with partner 2 that you have the same values. Then switch roles and try the other block*

## partner 2 does this

this person is Bob

*wait for a special number from partner 1*

In [0]:
fromp1 = int(input("what number did partner 1 give you? "))

*now you choose your own secret, don't tell partner 1 or anyone!*

In [0]:
p2secretnumber = random.randint(1, 100)
p2secretnumber

In [0]:
forp1 = (g ** p2secretnumber) % p
forp1

*give that number back to partner 1 and move on*

In [0]:
p2result = (fromp1 ** p2secretnumber) % p
p2result

*check with partner 1 that you have the same values. Then switch roles and try the other block*

## why does this work?

this is simply the result of a property of prime numbers:

$$
\left(a \cdot b\right) \mod n = \left((a \mod n) \cdot (b \mod n)\right) \mod n
$$

to prove: you could write $a = d_a * n + r_a$, and same with b. multiply $a$ and $b$ and all but the remainder terms (the results of the modulo expressions themselves) will fall out because they will have at least one factor of $n$

as a result

$$
\left(g^a \mod p\right)^b = g^{ab} \mod p \\
\left(g^b \mod p\right)^a = g^{ba} \mod p
$$

and the value that you get from that is necessarily identical.

## primitive root diversion

check out [this article](https://en.wikipedia.org/wiki/Primitive_root_modulo_n) on primitive roots

In [0]:
[3 ** i for i in range(1, 7)]

In [0]:
[(3 ** i) % 7 for i in range(1, 7)]

In [0]:
def is_primitive(root, modulus):
    return set(range(1, modulus)) == {(root ** i) % modulus for i in range(1, modulus)}

In [0]:
assert is_primitive(g, p)

## concluding thoughts

the process of picking secret numbers and using modulo exponentiation tricks as we did above has one cool feature: between partner 1's secret number, partner 2's secret number, and the secret result, no one in the room knows all three numbers. This is important for public exchange of information -- we just created one shared secret using mutually un-shared secrets.

I wonder if there's an application here...

# making it a bit harder: RSA

Let's do something similar now, but add in a bit more mathematical complexity (we're paranoid)

## partner up!

Same drill, but now you don't even start with the same information. go through you respective section below and think about each cell you execute. Then, switch roles and try again

## partner 1 does this

this person is Alice

*pick two prime numbers with different orders of magnitude (don't go too crazy with the size, say, 6 digits or less). then multiply them -- that's our modulus now*

In [0]:
p = 1987
q = 13

n = p * q
n

*now we do some magic with least common multiples (functions stolen from [here](https://stackoverflow.com/questions/147515/))*

In [0]:
def gcd(a, b):
    while b:
        a, b = b, a % b
    return a

def lcm(a, b):
    return a * b // gcd(a, b)

*calculate the following SUPER SECRET NUMBER*

In [0]:
lambdaN = lcm(p - 1, q - 1)
lambdaN

*find any number $1 < e < \lambda_n$ such that $e$ and $\lambda_n$ are coprime*

In [0]:
# note: this is a fun but super dumb way to do this. In practice we often just use 
# a favorite number (e.g. 2^16 + 1) every time

while True:
    e = random.randint(1, lambdaN)
    if gcd(e, lambdaN) == 1:
        break
        
e

In [0]:
# this cell is set aside for hard-coding the value of e.
# uncomment the line below to hard-code e to a value of 451

#e = 451

*find the [modular multiplicative inverse](https://en.wikipedia.org/wiki/Modular_multiplicative_inverse) of $e$ modulo $\lambda_n$*

In [0]:
d = 1
while True:
    if (d * e) % lambdaN == 1:
        break
    d += 1
        
d

let's use all of that to print out our "public" and "private" keys we just generated

In [0]:
print('MY PUBLIC KEYS ARE')
print('  n = {}'.format(n))
print('  e = {} (e is for "encryption")'.format(e))
print('\nMY PRIVATE KEYS ARE')
print('  n = {}'.format(n))
print('  d = {} (d is for "decryption")'.format(d))
print('\nI should also keep the following secret, because they could be used to calculate d:')
print('  p = {}'.format(p))
print('  q = {}'.format(q))
print('  lambdaN = {}'.format(lambdaN))
print('\nso mind your ps and qs, gang')

*send your public key values $n$ and $e$ to your partner and move on*

In [0]:
encryptedMessage = int(input('was the encrypted message partner 2 gave you? '))

*let's decrypt that message*

In [0]:
# note -- d below is totally private, partner 2 doesn't know it
decryptedMessage = (encryptedMessage ** d) % n
decryptedMessage

*check with partner 2 that you have the same values. Then switch roles*

## partner 2 does this

this person is Bob

*wait for a pair of special numbers from partner 1*

In [0]:
fromp1n = int(input("what number did partner 1 give you for n? "))
fromp1e = int(input("what number did partner 1 give you for e? "))

*let's send a message to our partner (this "message" has to be a number)*

In [0]:
message = 1447
encryptedMessage = (message ** fromp1e) % fromp1n
encryptedMessage

*give that encrypted message to partner 1*

*check with partner 1 that they got your message. Then switch roles*

# advanced: ssh keys

the convoluted process above is effectively exactly what is going on when you log in to your `ec2` server. the `ssh` private and public keys that you create are complex files which contain (among several other things) those `n`, `e`, and `d` values we created in the previous section. 

the following section will show you that there is a complex structure to these private and public keys, but underneath it all, it is really just a very compact means of communicating several *very* large integers.

let's start by creating a public and private key and seeing how that works.

in a shell session on the `aws` linux vm we created, execute the following:

```shell
ssh-keygen -t rsa
```

and at the first prompt for "file in which to save the key", enter

```
/tmp/key
```

as the path of the key. you can pick a different path if you'd like; you will have to update the code below if you do, though. 

Do not enter a password.

for all of the cells that follow that look like

```
%%bash
...
```

copy the line(s) under `bash` and run them in your shell session

so first, let's read that private key we just created:

In [0]:
%%bash
less /tmp/key

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA80lqpioMdcbi8X2Q8w3xINktbcFB+ah6uCI3d2JyTrXbVQUg
Yf06ZC/cBMkcjDSXMnmP5A8L8edb9y0au4o+vg2di50UhpdDCM/2BRlxWq+uDBmi
JS1UX76c2I+oSCzSc7U7D9I4ON/r2UnBUlXu/+4IUlg1HtCJCzYNL3sejCFhEUXy
CSRJ+3pu+5QHUTyRJx9Z/+GvpZuvAAqBLu5TpcqRvWJ6qZ95SckKWOROBxSHsToS
OBqnW+fFy7M5+nG25ls6CdxkoPwGIsfS0CQwgekvz176pFV4MWU6NaDdL4KojoqP
Aytu9k2M4agVAmgjxUa903IvZ/at7wJuMBUp6wIDAQABAoIBAGBLat8iPZRQiHs1
TC4oEo0B6S1MFSUQPqKrSHEEkmH9MTdRtCOU64vENb3fLGGCX2YnH4ERQ5UYEhqf
y7j3WyY2lWkxX3J2ZJ4UUjhqfad7adR4QOmeK4tKEyLUmbMXqqUJ0rrMZlx8pQl4
XACO6u559OlC6KOtvtClMEre3JRxzDzy32mEPPAqTMK5aYoBr/u0SvMmciGMAd1g
K0lrwFJtokzgwGMQuJLV3+jYtzAeGxX4Z49XfsVvMPY7vgL4/KEUxWHEgycjNoHZ
MeiB06KPvaeyc5iM1l8DqGFNEy3VYNHOTdf6DxUBJnWSxWhtIxitRMgbPPOwHR50
7qHncOECgYEA+4KVhQZ95irmGzFez9EaRHvKU5x5RCujlOM6BtbULBZJtYShzCSd
GPrZujgrA1Up7yMSTj2i3ceXXLWbCI4HVAzsvrM9OZMJlSGRZQUpbFNV1gC9bR2S
HjLidvNZxqEpJ+M4DUnbbSGRt8NNK/8FjeGb4xmEX1/d3coqPDB0odUCgYEA96FA
Y+M7EhiXMyw+fbGvAsHKhJkAi+zw2CKOyKX1MCUOupBHmOOA0grQpxr+X7

if you received an error, go back and make sure you used `ssh-keygen` to create `/tmp/key` as described two cells above.

remember -- if you're sharing this (like I am, by publishing this), this private key is *totally worthless*

there is also a "public" version of this key, created with the same starting path (e.g. `/tmp/key`), but with an additional `.pub` extension.

In [0]:
%%bash
less /tmp/key.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzSWqmKgx1xuLxfZDzDfEg2S1twUH5qHq4Ijd3YnJOtdtVBSBh/TpkL9wEyRyMNJcyeY/kDwvx51v3LRq7ij6+DZ2LnRSGl0MIz/YFGXFar64MGaIlLVRfvpzYj6hILNJztTsP0jg43+vZScFSVe7/7ghSWDUe0IkLNg0vex6MIWERRfIJJEn7em77lAdRPJEnH1n/4a+lm68ACoEu7lOlypG9Ynqpn3lJyQpY5E4HFIexOhI4Gqdb58XLszn6cbbmWzoJ3GSg/AYix9LQJDCB6S/PXvqkVXgxZTo1oN0vgqiOio8DK272TYzhqBUCaCPFRr3Tci9n9q3vAm4wFSnr zlamberty@megaman


## key structure

The keys above look like a bunch of random characters, but there is a complicated structure in that string of characters.

These keys can both be parsed into a particular structured format called ASN.1. You can use linux tools to do this parsing, (see below), or you can go to [this awesome online parser site](http://lapo.it/asn1js/).

**note**: you have to do a little conversion to the public key (see two cells below) before the online parser commands will work

In [0]:
%%bash
openssl asn1parse -in /tmp/key

    0:d=0  hl=4 l=1188 cons: SEQUENCE          
    4:d=1  hl=2 l=   1 prim: INTEGER           :00
    7:d=1  hl=4 l= 257 prim: INTEGER           :F3496AA62A0C75C6E2F17D90F30DF120D92D6DC141F9A87AB822377762724EB5DB55052061FD3A642FDC04C91C8C349732798FE40F0BF1E75BF72D1ABB8A3EBE0D9D8B9D1486974308CFF60519715AAFAE0C19A2252D545FBE9CD88FA8482CD273B53B0FD23838DFEBD949C15255EEFFEE085258351ED0890B360D2F7B1E8C21611145F2092449FB7A6EFB9407513C91271F59FFE1AFA59BAF000A812EEE53A5CA91BD627AA99F7949C90A58E44E071487B13A12381AA75BE7C5CBB339FA71B6E65B3A09DC64A0FC0622C7D2D0243081E92FCF5EFAA4557831653A35A0DD2F82A88E8A8F032B6EF64D8CE1A815026823C546BDD3722F67F6ADEF026E301529EB
  268:d=1  hl=2 l=   3 prim: INTEGER           :010001
  273:d=1  hl=4 l= 256 prim: INTEGER           :604B6ADF223D9450887B354C2E28128D01E92D4C1525103EA2AB4871049261FD313751B42394EB8BC435BDDF2C61825F66271F8111439518121A9FCBB8F75B26369569315F7276649E1452386A7DA77B69D47840E99E2B8B4A1322D499B317AAA509D2BACC665C7CA509785C008EEAEE79F4E942E8A3A

the public key (`/tmp/key.pub`) is in openssh format, which is not the expected format (`pem`) for the `openssl` tool. fortunately, we can make the conversion pretty easily:

In [0]:
%%bash
ssh-keygen -f /tmp/key.pub -e -m pem

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA80lqpioMdcbi8X2Q8w3xINktbcFB+ah6uCI3d2JyTrXbVQUgYf06
ZC/cBMkcjDSXMnmP5A8L8edb9y0au4o+vg2di50UhpdDCM/2BRlxWq+uDBmiJS1U
X76c2I+oSCzSc7U7D9I4ON/r2UnBUlXu/+4IUlg1HtCJCzYNL3sejCFhEUXyCSRJ
+3pu+5QHUTyRJx9Z/+GvpZuvAAqBLu5TpcqRvWJ6qZ95SckKWOROBxSHsToSOBqn
W+fFy7M5+nG25ls6CdxkoPwGIsfS0CQwgekvz176pFV4MWU6NaDdL4KojoqPAytu
9k2M4agVAmgjxUa903IvZ/at7wJuMBUp6wIDAQAB
-----END RSA PUBLIC KEY-----


take that key and write it to file

In [0]:
%%bash
ssh-keygen -f /tmp/key.pub -e -m pem >> /tmp/key.pub.pem
PUBKEY=$(grep -v -- ----- /tmp/key.pub.pem | tr -d '\n')
echo $PUBKEY | base64 -d | openssl asn1parse -inform DER -i

    0:d=0  hl=4 l= 266 cons: SEQUENCE          
    4:d=1  hl=4 l= 257 prim:  INTEGER           :F3496AA62A0C75C6E2F17D90F30DF120D92D6DC141F9A87AB822377762724EB5DB55052061FD3A642FDC04C91C8C349732798FE40F0BF1E75BF72D1ABB8A3EBE0D9D8B9D1486974308CFF60519715AAFAE0C19A2252D545FBE9CD88FA8482CD273B53B0FD23838DFEBD949C15255EEFFEE085258351ED0890B360D2F7B1E8C21611145F2092449FB7A6EFB9407513C91271F59FFE1AFA59BAF000A812EEE53A5CA91BD627AA99F7949C90A58E44E071487B13A12381AA75BE7C5CBB339FA71B6E65B3A09DC64A0FC0622C7D2D0243081E92FCF5EFAA4557831653A35A0DD2F82A88E8A8F032B6EF64D8CE1A815026823C546BDD3722F67F6ADEF026E301529EB
  265:d=1  hl=2 l=   3 prim:  INTEGER           :010001
  270:d=0  hl=4 l= 266 cons: SEQUENCE          
  274:d=1  hl=4 l= 257 prim:  INTEGER           :F3496AA62A0C75C6E2F17D90F30DF120D92D6DC141F9A87AB822377762724EB5DB55052061FD3A642FDC04C91C8C349732798FE40F0BF1E75BF72D1ABB8A3EBE0D9D8B9D1486974308CFF60519715AAFAE0C19A2252D545FBE9CD88FA8482CD273B53B0FD23838DFEBD949C15255EEFFEE085258351ED

both the public and private keys can be broken up into sequences of integers. Note that the first large integer in the private key (three cells above) is *identical* to the first large integer in the public key (cell immediately above).

this is proof of one of the claims we made in class: the public key can always be constructed from the private key, because the private key contains it in its entirety.

the structure above isn't exactly the most convenient to use, is it? We may have demonstrated that a structure *exists*, but what is it telling us?

fortunately, the `openssl` command has the subcommand `rsa` which allows us to print out those values a little more explicitly:

In [0]:
%%bash
openssl rsa -text -in /tmp/key

Private-Key: (2048 bit)
modulus:
    00:f3:49:6a:a6:2a:0c:75:c6:e2:f1:7d:90:f3:0d:
    f1:20:d9:2d:6d:c1:41:f9:a8:7a:b8:22:37:77:62:
    72:4e:b5:db:55:05:20:61:fd:3a:64:2f:dc:04:c9:
    1c:8c:34:97:32:79:8f:e4:0f:0b:f1:e7:5b:f7:2d:
    1a:bb:8a:3e:be:0d:9d:8b:9d:14:86:97:43:08:cf:
    f6:05:19:71:5a:af:ae:0c:19:a2:25:2d:54:5f:be:
    9c:d8:8f:a8:48:2c:d2:73:b5:3b:0f:d2:38:38:df:
    eb:d9:49:c1:52:55:ee:ff:ee:08:52:58:35:1e:d0:
    89:0b:36:0d:2f:7b:1e:8c:21:61:11:45:f2:09:24:
    49:fb:7a:6e:fb:94:07:51:3c:91:27:1f:59:ff:e1:
    af:a5:9b:af:00:0a:81:2e:ee:53:a5:ca:91:bd:62:
    7a:a9:9f:79:49:c9:0a:58:e4:4e:07:14:87:b1:3a:
    12:38:1a:a7:5b:e7:c5:cb:b3:39:fa:71:b6:e6:5b:
    3a:09:dc:64:a0:fc:06:22:c7:d2:d0:24:30:81:e9:
    2f:cf:5e:fa:a4:55:78:31:65:3a:35:a0:dd:2f:82:
    a8:8e:8a:8f:03:2b:6e:f6:4d:8c:e1:a8:15:02:68:
    23:c5:46:bd:d3:72:2f:67:f6:ad:ef:02:6e:30:15:
    29:eb
publicExponent: 65537 (0x10001)
privateExponent:
    60:4b:6a:df:22:3d:94:50:88:7b:35:4c:2e:28:12:
    8d:0

writing RSA key


the modulus number above

```
00:ba:61:f6:7f:fe:9c:9a:4d:05:c8:c6:cd:a4:18:
1f:af:af:80:3b:26:d6:a0:c1:bc:2f:c1:be:56:ae:
23:43:71:41:b9:6b:bd:01:66:2c:a8:4f:ce:c4:44:
fc:83:a5:2c:ee:db:ed:ad:51:a7:63:23:5b:e7:05:
a0:a4:de:40:0b:c0:88:46:92:99:07:29:ad:7d:e5:
10:b5:71:7e:41:d0:62:76:68:99:02:7f:94:b8:53:
98:17:55:ff:84:29:eb:4f:f8:34:3b:10:9e:3c:6d:
e7:35:33:44:53:68:74:a8:29:32:b6:12:5e:33:ef:
a3:7c:bf:02:1e:70:c3:84:2d:74:d8:13:d1:a9:8a:
10:93:72:c4:f8:cc:6a:e0:bc:0e:5a:10:76:5e:75:
3a:34:1c:35:2b:72:e6:ef:99:23:bd:c0:9f:4e:9a:
27:71:66:86:aa:55:fc:2e:44:0b:09:63:7f:d5:cd:
a4:96:90:f8:bf:a3:31:98:c4:27:d3:23:b3:0c:cd:
d7:f7:f0:ef:3a:25:9f:a0:02:0b:6c:dc:c2:91:80:
17:55:3c:0c:c8:bc:ca:83:c1:c2:71:de:ba:b7:da:
69:76:49:97:ff:71:7f:1b:09:b0:f4:da:8f:6c:8e:
73:91:da:2b:3c:3e:47:77:d4:15:ca:53:f7:e7:c4:
70:2f
```

is a [hexadecimal](https://en.wikipedia.org/wiki/Hexadecimal) number. if we were to convert it to an integer...

In [0]:
h = """
00:ba:61:f6:7f:fe:9c:9a:4d:05:c8:c6:cd:a4:18:
1f:af:af:80:3b:26:d6:a0:c1:bc:2f:c1:be:56:ae:
23:43:71:41:b9:6b:bd:01:66:2c:a8:4f:ce:c4:44:
fc:83:a5:2c:ee:db:ed:ad:51:a7:63:23:5b:e7:05:
a0:a4:de:40:0b:c0:88:46:92:99:07:29:ad:7d:e5:
10:b5:71:7e:41:d0:62:76:68:99:02:7f:94:b8:53:
98:17:55:ff:84:29:eb:4f:f8:34:3b:10:9e:3c:6d:
e7:35:33:44:53:68:74:a8:29:32:b6:12:5e:33:ef:
a3:7c:bf:02:1e:70:c3:84:2d:74:d8:13:d1:a9:8a:
10:93:72:c4:f8:cc:6a:e0:bc:0e:5a:10:76:5e:75:
3a:34:1c:35:2b:72:e6:ef:99:23:bd:c0:9f:4e:9a:
27:71:66:86:aa:55:fc:2e:44:0b:09:63:7f:d5:cd:
a4:96:90:f8:bf:a3:31:98:c4:27:d3:23:b3:0c:cd:
d7:f7:f0:ef:3a:25:9f:a0:02:0b:6c:dc:c2:91:80:
17:55:3c:0c:c8:bc:ca:83:c1:c2:71:de:ba:b7:da:
69:76:49:97:ff:71:7f:1b:09:b0:f4:da:8f:6c:8e:
73:91:da:2b:3c:3e:47:77:d4:15:ca:53:f7:e7:c4:
70:2f
"""
h = h.replace(':', '').replace('\n', '')
i = int(h, 16)
i

23528632025451081503654664519357809878788927014931688176803070904651921514735649324143761835639775196479774864949574831534018952634137353983638723762428445841865004899115804198982379976750979547176170474109114878032997154293143184236842715773870150309191001271358262865986157704149864281001740058759671081424469834811972420221509294323803400872858321753572922972215183511013878395298927808012100222333046440517716288464859742372160758961278411579395639226728603713418708072408522126151714702442158279443403857429045942589893673776730493301416192404020542813754080664617618680448286284177102123014222829615588812550191

In [0]:
len(str(i))

617

## let's encrypt and decrypt something

just because we can!

In [0]:
%%bash
echo "my super secret secret is now super secret, except that it's in plain text here" > /tmp/secret.txt

we need an `openssl`-specific public key in order to use `openssl` to encrypt, so let's make that formatted file here:

In [0]:
%%bash
openssl rsa -in /tmp/key -inform PEM -pubout -out /tmp/key.pub.openssl.pem

writing RSA key


now, use the `openssl rsautl` subcommand along with our `openssl.pem` formatted public key to encrypt any file:

In [0]:
%%bash
openssl rsautl -encrypt -inkey /tmp/key.pub.openssl.pem -pubin -in /tmp/secret.txt -out /tmp/secret.ssl

look at how encrypted this is! just look at it!!

In [0]:
%%bash
cat /tmp/secret.ssl

J���:f[���=��S��Z����������~�l��`X)WQn!5���N�&��m���z$�i�&iϺ�fq��[�4i*�~k�ؑ��&c6��dG�����H/��W@b,��<�hM����	�Py���d��N��w�r�{ ��v1]E�\A�k��O�=��l��{�x�;q�DgR�:G����B9Ġӯ�t��3�]�	bW{P���@c��W��ţ�O����P��>��X�odIX

good luck reading that, hackers. unless you have my `/tmp/key`, that is:

In [0]:
%%bash
openssl rsautl -decrypt -inkey /tmp/key -in /tmp/secret.ssl

my super secret secret is now super secret, except that it's in plain text here
