The `RSA.generate()` method in Python's `pycryptodome` library generates random RSA key pairs (a public key and a corresponding private key). To understand how it avoids generating two identical keys, let's delve into the underlying process.

1. **Random Number Generation**: Generating RSA keys involves generating large prime numbers. These prime numbers are chosen randomly, making it extremely unlikely that the same prime numbers will be chosen twice.

2. **Probabilistic Primality Testing**: The `RSA.generate()` method uses a probabilistic primality test, specifically the Miller-Rabin primality test, to check if a number is prime. This test is not 100% guaranteed to detect primes, but it is very effective and significantly reduces the likelihood of composite numbers being mistaken for primes.

3. **Key Length**: The security of RSA depends on the key length. Longer key lengths provide greater security but also increase the computational overhead. `RSA.generate()` requires specifying the desired key length, such as 2048 bits or 4096 bits. Longer key lengths increase the number of possible key combinations, making it even more improbable to generate identical keys.

4. **Seed Initialization**: The random number generator used by `pycryptodome` is typically seeded with various sources of randomness from the operating system, such as system time, process ID, and other environmental factors. This helps ensure a good initial entropy pool and reduces the likelihood of generating the same key pairs on different runs of the program.

Despite these precautions, it is essential to recognize that generating identical RSA keys is still theoretically possible, albeit extremely improbable. If the random number generator were to be compromised or suffer from inadequate entropy, it could potentially lead to the generation of identical keys.

To mitigate these risks, it is crucial to use a secure and well-established cryptographic library like `pycryptodome`, keep the library and dependencies up-to-date, and ensure a good source of randomness during key generation. Additionally, key pairs should be kept confidential, and key management practices should be followed to minimize any security risks.

In [6]:
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import serialization
from cryptography.exceptions import InvalidSignature

In [2]:


private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
)

#SERIALIZATION CAN ONLY BE USED TO WRITE/READ PRIVATE KEYS TO/FROM FILE, NOT TO SIGN DATA

#SERIALIZE THE ENCRYPTED PRIVATE KEY
private_encrypted_pem = private_key.private_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PrivateFormat.PKCS8,
   encryption_algorithm=serialization.BestAvailableEncryption(b'mypassword')
)


#SERIALIZE THE PRIVATE KEY (WITH NO ENCRYPTION)
private_pem = private_key.private_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PrivateFormat.TraditionalOpenSSL,
   encryption_algorithm=serialization.NoEncryption()
)


#print(private_encrypted_pem.splitlines() == private_pem.splitlines()) == #FALSE


with open("./privateKeyEncrypted.pem", 'wb') as pem_out:
        pem_out.write(private_encrypted_pem)

with open("./privateKeyEncrypted.pem", "rb") as key_file:
    pr_key_encrypted = serialization.load_pem_private_key(
        key_file.read(),
        password=b'mypassword',
    )


with open("./privateKey.pem", 'wb') as pem_out:
        pem_out.write(private_pem)

with open("./privatekey.pem", "rb") as key_file:
    pr_key = serialization.load_pem_private_key(
        key_file.read(),
        password=None,
    )
    
    
#MY KEYS ARE: pr_key_encrypted & pr_key


In [5]:
#SERIALIZE THE PRIVATE KEY (WITH NO ENCRYPTION)
private_pem = private_key.private_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PrivateFormat.TraditionalOpenSSL,
   encryption_algorithm=serialization.NoEncryption()
)

print(private_pem)

'''

for i in pem.decode().splitlines():
    if (i!='-----BEGIN PUBLIC KEY-----' and i!='-----END PUBLIC KEY-----' ):
        author_pub_key += i
    
print(author_pub_key)
'''


b'-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEAq0kTMGKRTi8qMEkQ9T4+eecT39mF6O3CN5JTZ0qQSbsQN5yC\nTAWqNhgRqy9p9RvxocD+suIAzXqo8tG7x/0MvQLtvDpK9IKxWfndMA32BJBdYgp0\nyYi0ESw1LPUxgNu6kwnZEXfka6/7Bgk99r6xKy4Y4ECOvoiAbS3APrcPOVy2EUOU\n3f1hABgsAdLlCkukecixKwexu817kzXrGiwIZyZELLIy+/tvu7eIn6DUsfBlaAL/\nc7xiuVlbsR+j3VSdEW/Zw37iV1sgMG6OLxA3kYEaT2GnrgVGVKbFsGE3ybpR0PEY\nZOjNhi+l/3qSwJ0T0dSeOk/ifD4qLo3vtfsTzwIDAQABAoIBAQCjsL9E4z3oEQzp\nfjpVlPmR+DK3H6Nouid8gjtwoAKKY9oYu1qOGm/TKGdiSHqjQuRF6DHAdFm+BTYG\ncEdb1UpiK7VUyASv7WJeEXq/nOf67pg/xKxdmWY0byIWZ/C6K8L/GE848XH7M//a\ngeSUtSKNmI0vaqLAFaVeMXXiuYE0GAQ2A8rpC1lJH+mMuHjmxwRsHecgK+Wk2/Zm\n2kHR490/510hH8ax3DS7R4fWU4xBiw9raeyVpaEkaHpYhXh++zmy6N6TtnvZgnUY\nQNd+i9fmr9qryQxKwlxgoTahly39juytKAb5ULgfsxj1K+aYIG4N1/N4KvroE7hN\nQHj64zKhAoGBANvIWQCHFcureGRtdlE8rVDtgkhRxEpcnEHb9F7gYRYbVDsf6c0T\nQr7tQ64TDn639Fke2j7yBdN7hmJX42jzYZIR69wPWbrMHEZG8JmctKnHCEhGEOzP\n3xYYF8hYn/GoYHy0qYGLtov7Tf8L/V6h2AR6lddZUwzOscHWslk1ARyfAoGBAMeC\n2PV2LS/WcbxrEwq53T5PITqyekD5ujslrvtf7PthI

"\n\nfor i in pem.decode().splitlines():\n    if (i!='-----BEGIN PUBLIC KEY-----' and i!='-----END PUBLIC KEY-----' ):\n        author_pub_key += i\n    \nprint(author_pub_key)\n"

In [3]:
pub_key = pr_key.public_key()


#SERIALIZE THE PUBLIC KEY
pem = pub_key.public_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PublicFormat.SubjectPublicKeyInfo
)

#print(pem.splitlines())

#print(pem.decode().splitlines())

author_pub_key = ''

for i in pem.decode().splitlines():
    if (i!='-----BEGIN PUBLIC KEY-----' and i!='-----END PUBLIC KEY-----' ):
        author_pub_key += i
    
print(author_pub_key)
print(len('MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxJek0uITyn0mzqCsCulOE2HFdkX95C5D6yy47COr7ab77b8gIDjh+SNZvREnynWp3I1nATZEX1o7iIBP18hMkNpPW5/AtH4WcX5PieVWh7ORlL/JR4dtRU2NQRcmOE0R6IMWjEIJ4V9WskdV//6gq1uo1kOajko5+WZxfvxuH5K++x6Jd5fcZxAgWtovByqEZuCrL+iDWdSJwyfwaiikV27ZGTsXf361DVEEU1R1Oebd5jBcibFSYrEk9VCZwAAuFRdy4MBM16ACLpecyoDkWFnyIZXmrb9XqVzWZ0GLFvHqmUXkfT2nHS0OXPr2tuyqzTBrl42qVcKHmHSMdKru3QIDAQAB'))

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0kTMGKRTi8qMEkQ9T4+eecT39mF6O3CN5JTZ0qQSbsQN5yCTAWqNhgRqy9p9RvxocD+suIAzXqo8tG7x/0MvQLtvDpK9IKxWfndMA32BJBdYgp0yYi0ESw1LPUxgNu6kwnZEXfka6/7Bgk99r6xKy4Y4ECOvoiAbS3APrcPOVy2EUOU3f1hABgsAdLlCkukecixKwexu817kzXrGiwIZyZELLIy+/tvu7eIn6DUsfBlaAL/c7xiuVlbsR+j3VSdEW/Zw37iV1sgMG6OLxA3kYEaT2GnrgVGVKbFsGE3ybpR0PEYZOjNhi+l/3qSwJ0T0dSeOk/ifD4qLo3vtfsTzwIDAQAB
392


In [41]:
#genero la chiave privata
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
)

#la serializzo e memorizzo serializzata 
private_pem = private_key.private_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PrivateFormat.TraditionalOpenSSL,
   encryption_algorithm=serialization.NoEncryption()
)

print(type(private_pem))
print(private_pem)

#genero la chiave pubblica partendo dalla privata
pub_key = private_key.public_key()

#la serializzo e memorizzo serializzata
public_pem = pub_key.public_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PublicFormat.SubjectPublicKeyInfo
)

#ora ho a disposizione solo private_pem & public_pem

file = open("DATA_MESSAGE.txt", "r")
data = file.read()
file.close()
#print(data)
message = str.encode(data)


#client in locale fa questo e filla il tangle message
signature = serialization.load_pem_private_key(
        private_pem,
        password=None,
    ).sign(
    message,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)


#nel messaggio vengono inseriti: message(data) + signature + public_pem

#la verifica viene effettuata come segue

try:
    outcome = serialization.load_pem_public_key(
        public_pem,
    ).verify(
        signature,
        message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
except InvalidSignature:
    print('Signature Verification Failed')




<class 'bytes'>
b'-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEArrbJk+YkY/+PvDa9/nawhjTX8vyA8hyENXLXECf5TElEyjLA\nPi2wJU8fuVnNGdOc5W9mJ+9IpDqe1tOdNV+Vlwo6BoZVVgVJwqZ5iSHLx7zEXFLk\nHMC+1rFG/OpHA/1RW2J9dEtAMVzmQbjoGSGDU3O0+/qeARU07Ps3zoWCHA6fLuUm\nBfydN5iA+Y79UoiBW6RZrTIdhhoQcVwYGo1hSdtyeUMLslBYcjP69aRd33MxYT5j\nEwnzwls65S8q0K22K9RFWiSeylweifz0seLZpLl2ul+xGdZzyakR0IIJRlIdRFAr\nMgKoPK9jdCWZK/8FL8yE3siAxxu5FX7M70edKwIDAQABAoIBAQCbSaf9Js8tela9\nCULxy3i2sH1IYZoSl7oC76GroHv6jBzyQw2PtngbkSo3SlP8IpQPcWYxFINSRTAs\n7UWLzPtelh5g8kEjBew7cFARzNIdI/C7xokt7TsyA7t+zJR2PU90lCPBm6jgtxuJ\nStowjBL3t54jYOvTNpAmGlvN2eh9GiGhfUYPBiRHlgyV2MF1KCYHxJlVktbGrFSp\ncse1wCecpYcyouQR+UA+Bs8KjJ/ahCg4MyM0zTvRJpG7pLW8+lO4ANaXap1iWXg2\nJGMneWSHJ1TBTgsNIL+o/56oL7pTOSgNdi0l+TdSwKx9T3419UqaBUo/dx/i/ODJ\n3zNkcbkhAoGBANzQLKx9poPMx6XV/o1mS0ImkEzhl/tmUeJrhZTR+SC68g273ujW\naY+hN38ceYH7B4BiRhtOVMN1f9PkKkJjYwFrDETfFgF1usUy+aN17dwoySm2J6O6\n//vnVPxkfVZhaVia9cfPHd7xiHb7m6MPPjw0O3PCn/sP8rTip6gRNrTzAoGBAMqO\nDJXaBuO7IDnrMKHtg/avE5sMD

In [42]:
signature

b'\x88\x03\xf5\x06\xac\x11c\xb0\x849\xdf\xa2\x08\x9du\xe8f>\xeb\x8b~\x96\x8d\xe6{\xeb8~nj\xde\xd2\x17\x8bZN\x14+\xeae\xa2l\xca,s\xba\xd0\x0fV\xbd\x89\x10\xcc7\x03p\xd6t\xa5\x9c/%%\xc8\xd1o\xc9\xfe\t\xbf\xaf\x8a7\xc5r\xfa\x80\xd57G!\\H\x1c\x1f\x9c\xf6;\xd8\xa3\xf7\x0bQc\xc1\x8d#\xae\xea\x99\xa7hd\x1dr\x9e\x91\xbd\xc1\xcd\xda\xa3\xec\xd2\x1b\xf5\x88\x15\xec+{\x824\xca#\xb2\xfd\xcf\xc9\xbfHfN\xdc\x1d]M\xc4cg\xacW\x1csC\x0e\xda\xc3\x87\x13\x17n\xa2\xb6\xba\x87\x12Ih\x85\xa2\x0f\x17o\x16\x846\x04H\x9c\xb5U\xe0\xaaY\xa0\xd5!\xbe\xd7\xef\xae\xce\xac\xb5\x82\xa69\x10C\xc5\x13Q\x91S\x87\x1bH\x9e\xd2DGc\xa9"VdI$\xd9\xbe\xeb\xb0\xbf\'\xd2\x83\x18\x80\xe8E7\x02~U\xda1Nb\xae\xaa\xb8\xa8\xdd\n\xee\x7f\xa5Z\x83w\x06\xb7S\xc4_\xb7f\xf3\xeb\xda\xce:\xa3O\xb7'

In [43]:
type(signature)

bytes

In [44]:
# to bytes:
#bytes.fromhex('010203')

signature_string = signature.hex()
print(signature_string)
type(signature_string)


8803f506ac1163b08439dfa2089d75e8663eeb8b7e968de67beb387e6e6aded2178b5a4e142bea65a26cca2c73bad00f56bd8910cc370370d674a59c2f2525c8d16fc9fe09bfaf8a37c572fa80d53747215c481c1f9cf63bd8a3f70b5163c18d23aeea99a768641d729e91bdc1cddaa3ecd21bf58815ec2b7b8234ca23b2fdcfc9bf48664edc1d5d4dc46367ac571c73430edac38713176ea2b6ba8712496885a20f176f16843604489cb555e0aa59a0d521bed7efaeceacb582a6391043c513519153871b489ed2444763a92256644924d9beebb0bf27d2831880e84537027e55da314e62aeaab8a8dd0aee7fa55a837706b753c45fb766f3ebdace3aa34fb7


str

In [45]:
signature_decoded = bytes.fromhex(signature_string)
signature_decoded

b'\x88\x03\xf5\x06\xac\x11c\xb0\x849\xdf\xa2\x08\x9du\xe8f>\xeb\x8b~\x96\x8d\xe6{\xeb8~nj\xde\xd2\x17\x8bZN\x14+\xeae\xa2l\xca,s\xba\xd0\x0fV\xbd\x89\x10\xcc7\x03p\xd6t\xa5\x9c/%%\xc8\xd1o\xc9\xfe\t\xbf\xaf\x8a7\xc5r\xfa\x80\xd57G!\\H\x1c\x1f\x9c\xf6;\xd8\xa3\xf7\x0bQc\xc1\x8d#\xae\xea\x99\xa7hd\x1dr\x9e\x91\xbd\xc1\xcd\xda\xa3\xec\xd2\x1b\xf5\x88\x15\xec+{\x824\xca#\xb2\xfd\xcf\xc9\xbfHfN\xdc\x1d]M\xc4cg\xacW\x1csC\x0e\xda\xc3\x87\x13\x17n\xa2\xb6\xba\x87\x12Ih\x85\xa2\x0f\x17o\x16\x846\x04H\x9c\xb5U\xe0\xaaY\xa0\xd5!\xbe\xd7\xef\xae\xce\xac\xb5\x82\xa69\x10C\xc5\x13Q\x91S\x87\x1bH\x9e\xd2DGc\xa9"VdI$\xd9\xbe\xeb\xb0\xbf\'\xd2\x83\x18\x80\xe8E7\x02~U\xda1Nb\xae\xaa\xb8\xa8\xdd\n\xee\x7f\xa5Z\x83w\x06\xb7S\xc4_\xb7f\xf3\xeb\xda\xce:\xa3O\xb7'

In [46]:
signature_decoded == signature

True

In [6]:
from cryptography.exceptions import InvalidSignature
try:
    outcome = pub_key.verify(
        signature,
        message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
except InvalidSignature:
    print('Signature Verification Failed')

In [12]:
a = 'stringaMatta'
arr = bytes(a, 'utf-8')
print(arr)
arr2 = bytes(a, 'ascii')
print(arr2)

b'stringaMatta'
b'stringaMatta'


In [14]:
my_str = "hello world"
my_str_as_bytes = str.encode(my_str)
print(my_str_as_bytes)
print(type(my_str_as_bytes)) # ensure it is byte representation
my_decoded_str = my_str_as_bytes.decode()
print(my_decoded_str)
print(type(my_decoded_str))

b'hello world'
<class 'bytes'>
hello world
<class 'str'>


In [3]:
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
)

private_pem = private_key.private_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PrivateFormat.TraditionalOpenSSL,
   encryption_algorithm=serialization.NoEncryption()
)

pr_key_retireved = serialization.load_pem_private_key(
        private_pem,
        password=None,
    )


file = open("DATA_MESSAGE.txt", "r")
data = file.read()
file.close()
#print(data)
message = str.encode(data)
signature = pr_key_retireved.sign(
    message,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)


pub_key = pr_key_retireved.public_key()


from cryptography.exceptions import InvalidSignature
try:
    outcome = pub_key.verify(
        signature,
        message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
except InvalidSignature:
    print('Signature Verification Failed')
