<h2>Generate an RSA key</h2>
<p>The following code generates a new RSA key pair (secret) and saves it into a file, protected by a password. We use the scrypt key derivation function to thwart dictionary attacks. At the end, the code prints our the RSA public key in ASCII/PEM format:</p>

In [3]:
!pip3 install pycryptodome

from Crypto.PublicKey import RSA

secret_code = "Unguessable"
key = RSA.generate(2048)
encrypted_key = key.export_key(passphrase=secret_code, pkcs=8,
                              protection="scryptAndAES128-CBC",
                              prot_params={'iteration_count':131072})

with open("rsa_key.bin", "wb") as f:
    f.write(encrypted_key)

print(key.publickey().export_key())

Defaulting to user installation because normal site-packages is not writeable
b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzmgraqOhEbp+AlWRHts\nVnSjyNHjM0ENXwAS3M0ASXE8ROOYIAeaVDvR7flDNwJdm2mAVpdIOKfPbIxPxjrm\nldvtoNyo+cqeiAEYEa2U9bBZu4zOz0xr+tfBrnH+4B8AqJ7q66kZBc8ulWUh5gcK\nI1h6xaWBvTkmLqDBijFddRfFKXCzjkVjaSKyCd/Be3bJuaKPXIyh1yRsjHDWV0la\nBaZsfUeCn8/gBtL9VPRU0tUwQE//GEtGMZ3UyOwSAI8UCx1DLiS/b/1/ypVkMN1D\nmoNvKd3kPMnH1g4bL/yjKkfzwL6AxfugYYip1lwcEoO6JOoNlMVt8GWHn9xUH3cn\npwIDAQAB\n-----END PUBLIC KEY-----'


The following code reads the private RSA key back in, and then prints again the public key:



In [4]:
from Crypto.PublicKey import RSA

secret_code = "Unguessable"
encoded_key = open("rsa_key.bin", "rb").read()
key = RSA.import_key(encoded_key, passphrase=secret_code)

print(key.publickey().export_key())

b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzmgraqOhEbp+AlWRHts\nVnSjyNHjM0ENXwAS3M0ASXE8ROOYIAeaVDvR7flDNwJdm2mAVpdIOKfPbIxPxjrm\nldvtoNyo+cqeiAEYEa2U9bBZu4zOz0xr+tfBrnH+4B8AqJ7q66kZBc8ulWUh5gcK\nI1h6xaWBvTkmLqDBijFddRfFKXCzjkVjaSKyCd/Be3bJuaKPXIyh1yRsjHDWV0la\nBaZsfUeCn8/gBtL9VPRU0tUwQE//GEtGMZ3UyOwSAI8UCx1DLiS/b/1/ypVkMN1D\nmoNvKd3kPMnH1g4bL/yjKkfzwL6AxfugYYip1lwcEoO6JOoNlMVt8GWHn9xUH3cn\npwIDAQAB\n-----END PUBLIC KEY-----'


<h2>Generate public key and private key</h2>
The following code generates public key stored in receiver.pem and private key stored in private.pem. These files will be used in the examples below. Every time, it generates different public key and private key pair.

In [1]:
from Crypto.PublicKey import RSA

key = RSA.generate(2048)
private_key = key.export_key()
with open("private.pem", "wb") as f:
    f.write(private_key)

public_key = key.publickey().export_key()
with open("public.pem", "wb") as f:
    f.write(public_key)

Para cifrar usamos la clave pública

In [None]:
from Crypto.PublicKey import RSA
from Crypto.PublicKey import RSA
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES, PKCS1_OAEP
key = RSA.generate(2048)
private_key = key.export_key()
file_out = open("private.pem", "wb")
file_out.write(private_key)
file_out.close()

public_key = key.publickey().export_key()
file_out = open("public.pem", "wb")
file_out.write(public_key)
file_out.close()

secret_code = """
smtp port:1025
ftp port: 21
ftp user: admin
ftp password XXXXX
sh port 2222
ssh user linuxserver
ssh password admin
        """.encode("utf-8")

file_out = open("encrypted_data.bin", "wb")

recipient_key = RSA.import_key(open("public.pem").read())
session_key = get_random_bytes(16)

# Encrypt the session key with the public RSA key
cipher_rsa = PKCS1_OAEP.new(recipient_key)
enc_session_key = cipher_rsa.encrypt(secret_code)

file_out.write(enc_session_key)
file_out.close()

print(public_key)
print(secret_code)

print(private_key)

Para descifrar el mensaje necesitaremos la clave privada, porque para cifrar usamos la publica

In [3]:
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP


file_in = open("encrypted_data.bin", "rb")
private_key = RSA.import_key(open("private.pem").read())

enc_session_key = file_in.read(private_key.size_in_bytes())
file_in.close()

# Decrypt the session key with the private RSA key
cipher_rsa = PKCS1_OAEP.new(private_key)
session_key = cipher_rsa.decrypt(enc_session_key)
print(session_key)

b'\nsmtp port:1025\nftp port: 21\nftp user: admin\nftp password XXXXX\nsh port 2222\nssh user linuxserver\nssh password admin\n        '
