# Hashes

In [1]:
text1 = b'mie'
text2 = b'mie1'
def my_hash(inp):
    return sum(i for i in inp)

my_hash(text1), my_hash(text2)

(315, 364)

In [2]:
text3 = b'1mie'
my_hash(text3)

364

In [3]:
hash(text1), hash(text2), hash(text3)

(4570851440137395297, 5809751128260945800, 3320911150813771696)

In [4]:
hash('☺')

6474644582388249236

In [5]:
hash(':&')

6474644582388249236

In [6]:
from cryptography.hazmat.primitives.hashes import Hash, SHA256

In [7]:
sha = Hash(SHA256())
sha.update(b'mie')
sha.finalize()

b')\x8c\xf3\x0c1\xd3\xd1\xbd&%P\xcbX\xfc\x0c\xa5\xa6\xf8\xe1\xfb\xebl\xa6\xf6\xcc\xa1WD\xbb\xd6\xbd\n'

# Secret Key Cryptography (ECB)

In [8]:
from cryptography.hazmat.primitives.ciphers.algorithms import AES256

In [9]:
import secrets
rand = secrets.token_bytes(32)
rand

b"\xc1\xf1\x0e\xcc{T\x89}'\x102\xf6\t \xb9\xb1erb\xf1\x9f\xed\x17\xdb@\xd8\xc3\xcd\xa9iu\x84"

In [10]:
key = AES256(rand)

In [11]:
from cryptography.hazmat.primitives.ciphers import Cipher, modes

In [12]:
cipher = Cipher(key, modes.ECB())

In [13]:
enc = cipher.encryptor()
encrypted = enc.update(b'm'*320) + enc.finalize()
encrypted

b'\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x19\xf2\x0c\x1c5\xd5\x9f7/\xf9\xc7V\xdb\xe0\x85\xf3\x

In [14]:
dec = cipher.decryptor()
dec.update(encrypted) + dec.finalize()

b'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'

In [15]:
dec = cipher.decryptor()
dec.update(b'a'+encrypted[1:]) + dec.finalize()

b'\xb6\xb0\x01\x0c\x03lN\x8e"\xda\x18\xba{\xfa?\xaemmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'

# Secret Key Cryptography (GCM): Authenticated encryption

In [16]:
iv = secrets.token_bytes(12)
cipher = Cipher(key, modes.GCM(iv))

In [17]:
enc = cipher.encryptor()
encrypted = enc.update(b'm'*320) + enc.finalize()
encrypted, enc.tag

(b'##\x11\xb3j\x04\xea6\xf0h\xe3cj\xe38N\x07\xbb\xfc\xae\x8dJ\xa4\x8c\x19\xb1D1D\x08\xe1\xe9\xf6lg\xb6&<\xbb\x7f\xf1$\xe1\xa6\xfe\x87\xbe\x8ce\x06\xef\x1cq\x80*!\xd0Z&\xea\xebHX\x80m\x97\x96\x9d9^\xa8\xc2z\xfe\x06\xf4\xc0{\xbc\xda\xdb\xac\xec\x04\xb7\xde\xbe\xd4\xa5\xb6R\xc0\xf4\x1fh\xa3{8\xb8\xa5\xc3|\xd8\xb1K\xb7q\x18\x12q\xef\xc3\x10\xb6:S\xef\x12\x83\xe3\x14\xec\xd4\x08\xc9g\xa9\x0c\xa3\x99\x90\xad\x03V\x9d\xf9>\xe4\x8c\xec\x82\xef\xd8\xef"\x1aU\x9d\xaf\xef\x8a\xf2\xed\xeb\x87\xdd\x17\x95Cp_\xf3C\xe6[TTU\x84`\x81\xa0\x9a\xe7\xe2\xf6?>\xdf\xa9\x9c\xe9\xcf\xe3\xef\xf2\xc4+\xb5\x82>kR\x94B\xfb7\x88\x7f\x02.wDLJ~\xe5\x02q8X\x03\x915\x93x\x8c?\x9d\xc8\xa4\xa0{E\x1b\xde4\x8e\xc0\xa2\xb4\xa5\x05F\x85\xff&\xc4\xcb\xf2\x99iG\xe0\xf7v\xfe\x0f\xba\x11_l\xff*\x16yB\xe0\xc1\xaa\x84\x1a\x18\xba\x0e\xcb\x93\xe8\xc0\x08>\xff)DDU\x0bhk\x14\xdbyEfX\x8a\xba#%\x15\x04|\x9c\x1cX\xee\x85}$\x12k\xe0\xf7\x1f\x8c\xcfR\xefXSY>\xc3\x13\xdd\xf00\xf0C\xbd',
 b"\xa1TQ#\xaa\xb8\xf0nE'\xa8\x88\xb3\xfd\xb4\xec")

In [18]:
cipher = Cipher(key, modes.GCM(iv, enc.tag))

In [19]:
dec = cipher.decryptor()
dec.update(encrypted) + dec.finalize()

b'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'

In [20]:
try:
    dec = cipher.decryptor()
    dec.update(b'a'+encrypted[1:]) + dec.finalize()
except Exception as e:
    print(type(e).__name__)

InvalidTag


# AEAD: Authenticated encryption with associated data

In [21]:
cipher = Cipher(key, modes.GCM(iv))
enc = cipher.encryptor()
enc.authenticate_additional_data(b'hello mie')
encrypted = enc.update(b'm'*320) + enc.finalize()
encrypted, enc.tag

(b'##\x11\xb3j\x04\xea6\xf0h\xe3cj\xe38N\x07\xbb\xfc\xae\x8dJ\xa4\x8c\x19\xb1D1D\x08\xe1\xe9\xf6lg\xb6&<\xbb\x7f\xf1$\xe1\xa6\xfe\x87\xbe\x8ce\x06\xef\x1cq\x80*!\xd0Z&\xea\xebHX\x80m\x97\x96\x9d9^\xa8\xc2z\xfe\x06\xf4\xc0{\xbc\xda\xdb\xac\xec\x04\xb7\xde\xbe\xd4\xa5\xb6R\xc0\xf4\x1fh\xa3{8\xb8\xa5\xc3|\xd8\xb1K\xb7q\x18\x12q\xef\xc3\x10\xb6:S\xef\x12\x83\xe3\x14\xec\xd4\x08\xc9g\xa9\x0c\xa3\x99\x90\xad\x03V\x9d\xf9>\xe4\x8c\xec\x82\xef\xd8\xef"\x1aU\x9d\xaf\xef\x8a\xf2\xed\xeb\x87\xdd\x17\x95Cp_\xf3C\xe6[TTU\x84`\x81\xa0\x9a\xe7\xe2\xf6?>\xdf\xa9\x9c\xe9\xcf\xe3\xef\xf2\xc4+\xb5\x82>kR\x94B\xfb7\x88\x7f\x02.wDLJ~\xe5\x02q8X\x03\x915\x93x\x8c?\x9d\xc8\xa4\xa0{E\x1b\xde4\x8e\xc0\xa2\xb4\xa5\x05F\x85\xff&\xc4\xcb\xf2\x99iG\xe0\xf7v\xfe\x0f\xba\x11_l\xff*\x16yB\xe0\xc1\xaa\x84\x1a\x18\xba\x0e\xcb\x93\xe8\xc0\x08>\xff)DDU\x0bhk\x14\xdbyEfX\x8a\xba#%\x15\x04|\x9c\x1cX\xee\x85}$\x12k\xe0\xf7\x1f\x8c\xcfR\xefXSY>\xc3\x13\xdd\xf00\xf0C\xbd',
 b'\x00WT\xf3\xf6JV;K\x84e\xfc8\xea\x9fU')

In [22]:
cipher = Cipher(key, modes.GCM(iv, enc.tag))
dec = cipher.decryptor()
dec.authenticate_additional_data(b'hello mie')
dec.update(encrypted) + dec.finalize()

b'mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm'

In [23]:
try:
    dec = cipher.decryptor()
    dec.authenticate_additional_data(b'hello mie2')
    dec.update(encrypted) + dec.finalize()
except Exception as e:
    print(type(e).__name__)

InvalidTag


# Diffie Hellman Key Exchange

In [24]:
from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey, X25519PublicKey
from cryptography.hazmat.primitives import serialization

In [25]:
client_private_key = X25519PrivateKey.generate()
client_private_key

<cryptography.hazmat.bindings._rust.openssl.x25519.X25519PrivateKey at 0x71a3984da170>

In [26]:
client_public_key = client_private_key.public_key()
client_public_key.public_bytes(serialization.Encoding.Raw, serialization.PublicFormat.Raw)

b"\xefYD\\\xa0=\x01\xc2\x94\xaf\xc6\x07r'\xda\xdcE\xc6\xf0\x9a\xbb\x1a\xb7\xa8\x04\xc8i\xe1Z\x86O0"

In [27]:
server_private_key = X25519PrivateKey.generate()
server_private_key

<cryptography.hazmat.bindings._rust.openssl.x25519.X25519PrivateKey at 0x71a3984da230>

In [28]:
server_public_key = server_private_key.public_key()
server_public_key.public_bytes(serialization.Encoding.Raw, serialization.PublicFormat.Raw)

b'\xf7\x18\xfch\xe8\x1fc\x16NC\xdbW\xaf"\xfa\xa5T\x9c\x8b\x1eD\xbb\xbe\xdd&\xd5[\xdaX\xcaI\x13'

In [29]:
shared_key_client = client_private_key.exchange(server_public_key)
shared_key_client

b'\xa8Sz\xd7=*\xb2\xad\xc9\xc7\x9e\x11e\x04#\xa1\xfc\xe97n\x11\xc3\x08\xb0\xb3\x96\x1f\xa3K\xf7Um'

In [30]:
shared_key_server = server_private_key.exchange(client_public_key)
shared_key_server

b'\xa8Sz\xd7=*\xb2\xad\xc9\xc7\x9e\x11e\x04#\xa1\xfc\xe97n\x11\xc3\x08\xb0\xb3\x96\x1f\xa3K\xf7Um'

# Asymmetric Key Encryption

In [31]:
from cryptography.hazmat.primitives.asymmetric.rsa import generate_private_key

In [32]:
private_key = generate_private_key(
    public_exponent=65537,
    key_size=2048,
)
public_key = private_key.public_key()

In [33]:
from cryptography.hazmat.primitives.asymmetric.padding import OAEP, MGF1
ct = public_key.encrypt(b'hello', OAEP(
        mgf=MGF1(algorithm=SHA256()),
        algorithm=SHA256(),
        label=None
    ))
ct

b"@\xc8+\xf7%3\xcd\xe9\x86#'\x93\xff^\xe1\xfc>\xbc\x0e\xb6\x98\xb9\xaa\xc6G\xc4\xa6\xa7q\x8c\x8f\x86#zm\xd4\xc2P\xbd\xf7\x17@\\\x98\xa3n\xb3g<\xf5X$\x80O>\xfd\xa7\x1cl\xb2\xae`\x14\xce\xf6\xde='\x08\xf8%y\xc9!y\x81K\xd1!\xd9\xbc+\xe8\x9bp\x8dD\x8f=+\xf5[\xc5[\xd8\xd23\xbf\x03\xd2\x8c\xcb\xa0\x84\xb4\x0e\xae\x13\xfe\xe9k+H\x02\xdf\x99\xc2\xfb\xbb\xa6\xca_\x86\xa3\xd9FW\x80\xa7\xdf'\xa2}P\x89\xb8\x92,\xf6NPz)\xc8g\xdam7\xb8\t\x84y:4\xe0\xaa\xc7\xc5\xf4\x9f9@\xcd\xad\xac\xfa\x9d\xee\x03\x03k\xa7\xa7Z\xd0\xb1\xd7\x91\xea~\xaa\xad\x9d\x9d\x00Xu\x90\xda\xe2\x04\xa2\x0bt\x80\x87\x9d\xae\x07\x11u\x14R\xb6\x1e\xf5\x16\xc1?\xd2'\x94hZ\xa2zG\x9e:1\x83\xdfW\xd7\x8cH\xea\xdb*\x93\x9d\xbb\x11\x11\xb6\xfb\x0e2X\x9ba`\xb4\xdc\xb3\xe7\x9f\xc3\xaa\xf3\xdb\x8cMp`\xf0"

In [34]:
private_key.decrypt(ct, OAEP(
        mgf=MGF1(algorithm=SHA256()),
        algorithm=SHA256(),
        label=None
    ))

b'hello'

# Digital Signature

In [35]:
from cryptography.hazmat.primitives.asymmetric.ec import SECP256R1, generate_private_key, ECDSA
private_key = generate_private_key(SECP256R1())
public_key = private_key.public_key()

In [36]:
signature = private_key.sign(b'mie', ECDSA(SHA256()))
signature

b'0F\x02!\x00\xbb\x88\xfd\x145d#\xd3W\x9e\xc4}e\x86Iv`;\x03B0-BS%\xc78\xe6N\xde\xf8s\x02!\x00\x8d\x87\xfb\xd0\xad&\xb0&\x94!\xaeQ\xf9\x8c94:\xf2\xb0g\xbc\xcf\xbe\x9b\tl\xf8PmxM\x12'

In [37]:
public_key.verify(signature, b'mie', ECDSA(SHA256()))

In [38]:
try:
    public_key.verify(signature, b'mi1', ECDSA(SHA256()))
except Exception as e:
    print(type(e).__name__)

InvalidSignature


# Message Authentication Code (HMAC)

In [39]:
from cryptography.hazmat.primitives.hmac import HMAC

In [40]:
h = HMAC(rand, SHA256())
h.update(b'mie')
signature = h.finalize()
signature

b'\x00\x08\xa7b\xbfG;\xf5\x82\xf4\xb4\xef\x83)|F\xe2z9\x7fOC\xa5\xc9\x9c\xbd\x18k\xa2^+W'

In [41]:
h = HMAC(rand, SHA256())
h.update(b'mie')
h.verify(signature)

# Key Derivation Function (HKDF)

In [42]:
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
hkdf = HKDF(
    algorithm=SHA256(),
    length=32,
    salt=b'',
    info=b'client encrypyion key',
)
hkdf.derive(rand)

b"Z\xf5\xc4q'\xf5\xec\xd9\x02\xf9\xea\xe3&n\xb4\xf9w\x04\xc4\x15\\\xe2!\xfc\nK\t\xf7\xdc\x0b5\xcb"