# Cryptography: Getting Started with Hashing & Encryption

This series is intended to be a layperson friendly explantion of the basics of cryptography. 

As with anything complex, there is jargon that makes the topic seem inaccessible. You'll see the most import terms and their defintions in bold throughout this walk through. Like this! 
* **term** *definition*

Also! we will give you some extra info in blockquotes, like this 
> This info is good to know but dont worry no one is testing you on it 

Finally! There is no better way to learn then getting your hands dirty! We will ease you in by giving you 
```code snippets```
 but it will soak in a little better if you type it yourself instead of copying and pasting. 

## What is "cryptography"? 

The word "cryptography" comes from a combination of the Ancient Greek words kryptós for “hidden or secret” and graphein which is “to write”. At its most basic it is the ability to send and receive a private message. The *key* is that you want your recipient and only your recipient to be able to read the message. Therefore, in most cases cryptography is a 2-way street in hiding AND unhiding a communicated message.


## We will start with the fundamentals

A great place to jump in to understanding cryptographic fundamentals is to start with hash functions. What is a hash function? How is it useful? Are there weaknesses? Let’s take a look.

## What is a hash function?

A hash function is a non-reversible process for taking any length of input and spitting out a fixed-length value. In other words, it will scramble anything you give it in such a way that you cannot easily retrieve the un-scrambled version. A hash function unlike **cryptographic algorthims** is meant to work *one-way* so we can scramble the message but not get the message back. The output of a hash function is called a digest, but you’ll commonly see it referred to simply as the hash.

* **Cryptographic Algorithm** *is just a fancy term for jibberish instructions. It’s what we call the ruleset that is used to take data from one state to another and (most of the time) back.*

There are a bunch of hash functions but one of the most commonly used is SHA256, a version of the Secure Hashing Algorithm that gives a 256-bit (32 bytes) hash. It will give an output that is 32 bytes no matter the length of the input we give it. 

### We will see how this works by coding our own version so lets get started!
### But, also, let's not make it too hard...
In these walk throughs we will use the hash functions and **Cryptographic Algorithms** implemented in the Python Cryptography Toolkit (pycrypto). Pycrypto is a collection of both secure hash functions (such as SHA256 and RIPEMD160), and various encryption algorithms (AES, DES, RSA, ElGamal, XOR, etc.). Mostly it means we don't have to code the hard stuff from scratch. 

# Code a hash function

Lets begin by importing SHA256 hash function from pycrypto. 

Type the following into the code box below:

```from Crypto.Hash import SHA256```

So how do we use this imported hash function (SHA256)? To use a hash function like SHA256, we need do two things
1. *Intialize* the hash object. 
2. Give it a string or message to hash 

To use the SHA256 hash function we need to *intilaize* a hash object. All that means is we give SHA256 a name so we can use it in our code, we will call ours hash_tool. 

Type the following into the code box below:

```hash_tool = SHA256.new()
```


Now let's create the string to hash and tell the hash_tool to use that string. 

Type the following into the code box below:

```string_to_hash = "Mari"
hash_tool.update(string_to_hash.encode('utf-8'))
```

Keep the name the same as the code snippet above, for now. 

Now let's hash it!

Type the following into the code box below:

```digest = hash_tool.hexdigest()
```

Lets take a look at the resulting hash!

Type the following into the code box below:

```print("The SHA256 digest of " + string_to_hash + " is: " + digest)
print(str(hash_tool.digest_size) + " bytes long (" + str(len(digest)) + " characters)")
```

Does the resulting hash tell you anything about the orginal string we hasahed? Did you notice that "Mari" resulted in a 32 bit hash even though its 4 letters? Why is this useful? 

A common use of hash functions in the real world is for password hashing. Every site you log in to has to store your username and password somewhere, so that it remembers you and can verify “yes that is Mari’s password, let her log in”. However, if someone got a hold of that list, then they can now access all user accounts and passwords. Bad idea. 

Instead of keeping the actual password a company can keep a hash. So while the company cannot decrypt the password digests it has, using hashes it doesnt need to decrypt anything! All it needs is to be able to verify that the password being used is correct, all they need to do is compare the hash.


## Let's see this in action!


Review the code below. Do you recognize some of the same steps we did before? Can you find where the hash object is *intialized*? Or where the string to be hashed is declared?

When you are done reviewing run the code block:

In [None]:
from Crypto.Hash import SHA256

# initialize three new SHA256 hash objects
hash_tool_1 = SHA256.new()
hash_tool_2 = SHA256.new()
hash_tool_3 = SHA256.new()

# tell the hash objects what string I want it to hash
string_to_hash_1 = "Mari" #notice these two are exactly the same
string_to_hash_2 = "Mari" #notice these two are exactly the same
string_to_hash_3 = "mari" #what is diffrent here?

hash_tool_1.update(string_to_hash_1.encode('utf-8'))
hash_tool_2.update(string_to_hash_2.encode('utf-8'))
hash_tool_3.update(string_to_hash_3.encode('utf-8'))

# hash it!
digest_1 = hash_tool_1.hexdigest()
digest_2 = hash_tool_2.hexdigest()
digest_3 = hash_tool_3.hexdigest()

# Print it pretty
print("The SHA256 digest of " + string_to_hash_1 + " is: " + digest_1)
print("The SHA256 digest of " + string_to_hash_2 + " is: " + digest_2)
print("The SHA256 digest of " + string_to_hash_3 + " is: " + digest_3)

# Still 32bytes long?
print(string_to_hash_1 + " is: " + str(hash_tool_1.digest_size) + " bytes long (" + str(len(digest_1)) + " characters)")
print(string_to_hash_2 + " is: " + str(hash_tool_2.digest_size) + " bytes long (" + str(len(digest_2)) + " characters)")
print(string_to_hash_3 + " is: " + str(hash_tool_3.digest_size) + " bytes long (" + str(len(digest_3)) + " characters)")



Did you notice that a minor change in the string 'mari' 
## Hash your own name

Change the code below to hash your own name

Run the vode block when you are ready:

In [None]:
from Crypto.Hash import SHA256

# initialize three new SHA256 hash objects
hash_tool = SHA256.new()

# tell the hash objects what string I want it to hash
string_to_hash = "<Name>" 
hash_tool.update(string_to_hash.encode('utf-8'))

# hash it!
digest = hash_tool_1.hexdigest()

# Print it pretty
print("The SHA256 digest of " + string_to_hash + " is: " + digest)


Change the code above to hash a super long string like ```V2BnTRQfF3yn0NT54Wc8Ia7TiNpNsNN6B```. Is it stil 32 bits? Does it still look like gobbledygook? What kind of password do you think is easier to guess? Is it teh hashes 

# Hashes are fun but what else can you show me?

Hashes can be useful when storing passwords but what do we use when we want to be able to encrypt, or hide a message, and then allow someone else decrypt, or read that message? Humans can't read hashes! How do we share messages and data securely? For that we use ciphers instead of hash functions. 

## What is a cipher?

A cipher is a **cryptographic algorithm** that provides a way to encrypt as well as decrypt data. This allows someone to jumble up some info, send it safely without revealing the content, and have someone at the other end un-jumble it to see the original info.

But it’s useless if we can’t control who is able to decrypt the message. Fortunately, there is another input to a cipher – the **key**! This is the small piece of information that is necessary in order to encrypt and decrypt information with a cipher. Some ciphers require other small details as well such as an initialization vector, but we are not going to focus on those for now.


* A **key** *is a piece of information used as input into an encryption or decryption algorithm in addition to the data that needs to be transformed. The data cannot properly be transformed without the proper key data.*

## Getting started with encryption

Lets begin by importing a cryptographic algorithms from pycrypto. 

> A couple of well-known symmetric ciphers are AES and 3DES. AES stands for Advanced Encryption Standard and 3DES is also known as TDEA, Triple Data Encryption Algorithm. We will use AES in our examples with python below, since it is widely known.

Type the following into the code box below:

```from Crypto.Cipher import AES```

In [None]:
from Crypto.Cipher import AES

So how do we use it (AES)? To use **symmetric ciphers** like AES, we put the **plaintext** and the **key** into the algorithm, tell the algorithim which direction we want to go (in this case encrypt), and it spits out **ciphertext** or encrypted message. 

* **Plaintext** *is your message, the content to be communicated and is understandable and readable.*
* **Ciphertext** *is your hidden message, the content after it has been hidden (encrypted) and is no longer understandable.*
* **Symmetric Ciphers** *are a family of ciphers that uses the same key to encrypt as it does to decrypt; these are sometimes referred to as secret key algorithms because if the key is the same on both sides, it needs to be kept secret so that not just anyone can decrypt it.*

We will use the AES **cryptographic algorithm** to encrypt and decrypt some text next. It requires we declare a **key** and **plaintext variable**, but also the *initialization vector (IV)* as another piece of input that will go into the AES **cryptographic algorithm** as well as what *mode* we want the AES algorithim to run in. 


### Lets declare our variables!

Type the following into the code box below:

```key = b"testkey,testkey!"
plaintext = b"cryptography yay"
iv = b"randomIVrandomIV"
mode = AES.MODE_CBC
```

In [None]:
key = b"testkey,testkey!"
plaintext = b"cryptography yay"
iv = b"randomIVrandomIV"
mode = AES.MODE_CBC

Like before we will intialize a **cryptographic algorithim** object

Typing the following into the code box below:

```encrypt_tool = AES.new(key, mode, iv)```

In [None]:
encrypt_tool = AES.new(key, mode, iv)

Now that we have intialized the encryption object lets use it to encrypt the **plaintext** to get the **ciphertext**

Type the following into the code box below:

```ciphertext = encrypt_tool.encrypt(plaintext)
```

In [None]:
ciphertext = encrypt_tool.encrypt(plaintext)

Lets look at our results!

Type the following into the code box below:

```print("AES encrypted data: ")
print(ciphertext)
```

In [None]:
print("AES encrypted data: ")
print(ciphertext)

### Okay now we have gobbledygook again, lets get our message back!

Does it look similar to the hexadceimal hash we got earlier? Can we get this message back?

Like before we will intialize a new instance of the cryptographic algorithim.
* remember you need the same key, iv and mode to get your message back!

Typing the following into the code box below:

```decrypt_tool = AES.new(key, mode, iv)
```

In [None]:
decrypt_tool = AES.new(key, mode, iv)

Now that we have intialized the decryption object lets use it to decrypt the **ciphertext** to get the **plaintext**

Type the following into the code box below:

```decrypted_plaintext = decrypt_tool.decrypt(ciphertext)
```

In [None]:
decrypted_plaintext = decrypt_tool.decrypt(ciphertext)

Lets look at our results!

Type the following into the code box below:

```print("AES decrypted data: ")
print(decrypted_plaintext)
```

In [None]:
print("AES decrypted data: ")
print(decrypted_plaintext)

# You did it! 
## You have encrypted and decrypted!

Did you you get back the message you started with?

# Messages are fun, but  is that it? Can we encrypt something else?

## YES! Encryption/decryption will work on **any** data

When you use a secure protocol on the internet it encrypts *everything* you share not just the text you send so lets look at how that might work on other data like a photo or picture. 

Before we get started lets look at the original **plaintext** image. You should be able to find a 'Tines.png' image in the same folder this notebook is in by returning to the file tree. You can click on the jupyter logo to get there. 

---

Welcome back! Did you see the picture? Good lets see what we can do with it!

This time we went ahead and put it all together and provided the code below but read through it to see parts of the code we used above! 

Do you recognize some of the same steps we did before? Can you find the function that encrypts? The function that decrypts?

When you are done reviewing run the code block:


In [None]:
from Crypto.Cipher import AES #Using Pycrypto so we dont have to code the hard stuff
import os, random, struct
from PIL import Image

#Declare or variables required by the AES cryptographic algoritim
key = b"testkey,testkey!"
plaintext = b"cryptography yay"
iv = b"randomIVrandomIV"
mode = AES.MODE_CBC

# AES CBC Encryption
def aes_cbc_encrypt(key, iv, data, mode=AES.MODE_CBC):
    aes_encrypt = AES.new(key, mode, iv) #Intilaize a encryption object
    new_data = aes_encrypt.encrypt(data) #Encrypt your data or plaintext
    return new_data

# AES CBC Decryption
def aes_cbc_decrypt(key, iv, data, mode=AES.MODE_CBC):
    aes_decrypt = AES.new(key, mode, iv) #Intilaize a decryption object
    new_data = aes_decrypt.decrypt(data) #Decrypt your data or ciphertext
    return new_data

# AES requires that plaintexts be a multiple of 16, so we add padding to data as needed
def pad(data):
    return data + b"\x00"*(16-len(data)%16) 

# Maps the Red/Green/Blue or RGB of picture 
# So we can create a picture from the resulting encrypted/decrypted data
def convert_to_RGB(data):
    r, g, b = tuple(map(lambda d: [data[i] for i in range(0,len(data)) if i % 3 == d], [0, 1, 2]))
    pixels = tuple(zip(r,g,b))
    return pixels

def encrypt_image(filename, filename_out=None ):
    format = "BMP"
    
    # Opens image and converts it to RGB format for PIL (python library)
    # Not prefect so you will see some data loss
    im = Image.open(filename)
    data = im.convert("RGB").tobytes() 
 
    # Since we will pad the data to satisfy AES's multiple-of-16 requirement, 
    # we will store the original data length and "unpad" it later.
    original = len(data) 
 
    # Encrypts using AES
    new = convert_to_RGB(aes_cbc_encrypt(key, iv, pad(data))[:original]) 
    
    #create a file name to save new data as if not set 
    if not filename_out:
        filename_out = os.path.splitext(filename)[0]+'.encoded'
        
    
    # Create a new PIL Image object and save the old image data into the new image.
    im2 = Image.new(im.mode, im.size)
    im2.putdata(new)
    
    #Save image
    im2.save(filename_out+"."+format, format)
    
def decrypt_image(filename, filename_out=None ):
    format = "BMP"
    
    # Opens image and converts it to RGB format for PIL (python library)
    im = Image.open(filename)
    data = im.convert("RGB").tobytes() 
 
    # Since we will pad the data to satisfy AES's multiple-of-16 requirement, we will store the original data length and "unpad" it later.
    original = len(data) 
 
    # Decrypts using AES
    new = convert_to_RGB(aes_cbc_decrypt(key, iv, pad(data))[:original]) 
    
    #create a file name out if not set 
    if not filename_out:
        filename_out = os.path.splitext(filename)[0]+'.decoded'
        
    
    # Create a new PIL Image object and save the old image data into the new image.
    im2 = Image.new(im.mode, im.size)
    im2.putdata(new)
    
    #Save image
    im2.save(filename_out+"."+format, format)


Now that we have all our functions and variables declared lets use the encrypt_image function to encrypt Tines.png

Type the following into the code box below:

``` encrypt_image('Tines.png')```

In [None]:
encrypt_image('Tines.png')

### Go Look at the encrypted image! Its got a new name!

Is it recognizable? is it jibberish just like when we encrypted text?

### OMG?!? Can we get it back?
Of course we can! if we use the same key, iv and mode!

Type the following into the code box below:

``` decrypt_image('Tines.encoded.BMP')```

In [None]:
decrypt_image('Tines.encoded.BMP')

## Congrats you are done!

You hashed, encrypted and decrypted! well done!