# Cryptographic operations in Python
This quite extensive Jupyter notebook demonstrates the most important cryptographic operations in Python. 

## Converting strings and bytes

The code snippet makes a conversion from a regular string to a byte string and back again.

In [1]:
# declare a string
myStr = "hello world"

# convert the string to a byte string
myBytesStr = str.encode(myStr)

# print the byte string and its type. A b should be placed in front of the string
print("A byte string:",type(myBytesStr),myBytesStr)

# convert the byte string to a string
myDecStr = myBytesStr.decode()

# print the string and its type
print("A String:", type(myDecStr),myDecStr)

# check that the original string and the decoded string are the same
assert(myStr == myDecStr)


A byte string: <class 'bytes'> b'hello world'
A String: <class 'str'> hello world


## Generating a random number

In order to generate a random number for cryptographic use, it is not wise to use the standard random generator function (in python that is random from the random class). A safe alternative is to use os.urandom, which is suitable for cryptographic use. 

In [2]:
import os

# the following function generates a random number with length of len bytes
def genrandom(len: int):
    # generate a random number, the type of the number is bytes
    rand = os.urandom(len)
    
    # return the random number.
    return rand

result = genrandom(32)
print("Random number: ",type(result),result)

# you can improve the readability, by converting to a hex string
hexResult = result.hex()
print("Hex string:",type(hexResult),hexResult)


Random number:  <class 'bytes'> b'\xd1U\xeaGL\xa4\xccA{\xec\x03 \xe9\xc1\xde\x0e\xfa\xe2\xe8\x9c\x9d\xfdY\xc1Fe\x93j\x1c\xbe\x93\xe2'
Hex string: <class 'str'> d155ea474ca4cc417bec0320e9c1de0efae2e89c9dfd59c14665936a1cbe93e2


## Create a file with random data

The following code snippet creates a file with random data. This function is used by other parts of this notebook.

In [3]:
import os

def createrandomfile(filename: str, len: int):
    with open(filename,"wb") as f:
        f.write(os.urandom(len))

## Calculate a SHA 256 hash of a string

In [4]:
from cryptography.hazmat.primitives import hashes

def calcSHA256Hash(text: str):
    # convert the string to bytes
    bytesStr = str.encode(text)
    
    # initialize the hashing function
    digest = hashes.Hash(hashes.SHA256())
    
    # add data to the hashing function
    digest.update(bytesStr) # Bytes
    
    # finalize the hashing function and obtain the hash (digestBytes)
    digestBytes = digest.finalize() # Bytes
    
    # convert the hash (bytes string) to a hex string
    hexBytes = digestBytes.hex()
    
    # return the result
    return hexBytes

# What is the hash of nothing? 
print("If you see this specific hash: ", calcSHA256Hash(""), " it is that of nothing, typically an empty file")


If you see this specific hash:  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  it is that of nothing, typically an empty file


## Calculate the SHA 256 hash of a file

The following program creates a file, and then reads to calculate a SHA 256 hash. Most important aspects are that the file is read in binary mode (the SHA 256 digest function requires bytes as input) and the the file is read in chunks (pieces of a defined length). Each chunk, read form the file, is added to the digest function by making a call to update. 

In [5]:
## Calculate the SHA 256 hash of a file
from cryptography.hazmat.primitives import hashes

def hashfile(filename: str, chunksize: int):
    # initialize hash function
    digest = hashes.Hash(hashes.SHA256())
    
    # open the file and add data to the hashing function
    with open(filename,"rb") as f:
        # read a chunk of size chunksize from the file
        b = f.read(chunksize)
        
        # Continue until there is nothing more to read
        while b:
            # add the value of b to the digest
            digest.update(b)
            
            # read the next chunk from file
            b = f.read(chunksize)
            
    # finalize the digest to obtain the hash
    digestBytes = digest.finalize()
    
    # convert the bytes string to a hex string
    hexBytes = digestBytes.hex()
    
    # result the result
    return hexBytes

            
# creata random file of length 1000    
createrandomfile("testrandom.dat",1000)

# calculate the hash of this file
result = hashfile("testrandom.dat",1)

# Print the hash. Each time the hash is different as the file is recreated each time
print("The hash is: ", result)


The hash is:  7c588b261090a9cd672ffb3fa628559538ab8114a9ca9f6fe40a7e5863567c5f


## AES encryption and decryption in GCM mode

The following code performs encryption using AES in Galois Counter Mode (GCM). We declare two functions, one for encryption and one for decryption. 

Both functions are implemented to read/write from a file instead of just encrypting/decrypting a single message. 

GCM mode does not need padding, so that is not included.


In [6]:
import os

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes

# encrypt a file in finput and write the encrypted file to foutput
def encryptAESGCM(key: bytes, aad: bytes, finput: str, foutput: str):
    # Generate a random initialisation vector (IV)
    iv = os.urandom(16)

    # Construct an AES-GCM Cipher object with the key and the IV
    encryptor = Cipher(
        algorithms.AES(key),
        modes.GCM(iv)
    ).encryptor()

    # associated_data will be authenticated but not encrypted,
    # it must also be passed in on decryption.
    # This is used to verify the integrity of the encrypted data. 
    # Feed aad into the encryptor
    # This is a specific feature of GCM 
    encryptor.authenticate_additional_data(aad)

    # open the output file, where the encrypted data is written
    # note that the file is opened in binary mode
    with open(foutput,"wb") as fo:
        
        # open the input file from where the plaintext data is read
        # note that the file is opened in binary mode
        with open(finput,"rb") as fi:
            
            # read one byte from the input file. This is not efficient, but
            # demonstrates that we can encrypt data in a stream-like fashion
            bi = fi.read(1)
        
            # while bi is not None, there is data to encrypt
            while bi:
                # feed the byte into the encryption function
                # the encryption function may or may not return data
                ciphertext = encryptor.update(bi)
        
                # if there is data, write it to the output file
                if ciphertext:
                    fo.write(ciphertext)
                
                # read the next byte
                bi = fi.read(1)

        # all data is read and the input file is closed
        
        # make the final call to finalize
        ciphertext = encryptor.finalize()
        
        # if there is ciphertext, write that to the file as wll
        if ciphertext:
            fo.write(ciphertext)
        
    # return the initialization vector and return the 
    # authentication tag, which is used for integrity verification
    return (iv, encryptor.tag)

# decrypt the file from finput into foutput
def decryptAESGCM(key: bytes, iv: bytes, aad: bytes, tag: bytes, finput: str, foutput: str):
    # Construct a Cipher object, with the key, iv, and additionally the
    # tag used for authenticating the message.
    decryptor = Cipher(
        algorithms.AES(key),
        modes.GCM(iv, tag),
    ).decryptor()

    # We put associated_data back in or the tag will fail to verify
    # when we finalize the decryptor.
    decryptor.authenticate_additional_data(aad)

    # open the output file 
    with open(foutput,"wb") as fo:
        
        # open the input file
        with open(finput,"rb") as fi:
            
            # read one byte form the input
            bi = fi.read(1)
            
            # while there is a byte read from the input
            while bi:
                
                # decrypt the byte
                plaintext = decryptor.update(bi)
            
                # if the decryptor returned data, write that to the output file
                if plaintext:
                    fo.write(plaintext)
    
                # read the next byte from the input
                bi = fi.read(1)
        
        # at this point, all data from the input is read
        # call the finalize function and write the result to the output            
        plaintext = decryptor.finalize()
        if plaintext:
            fo.write(plaintext)
     

filenameInput = "randomdata.dat"
filenameEncrypted= "randomdataEncrypted.dat"
filenameDecoded = "randomdataDecoded.dat"

# creata random file of length 1000    
createrandomfile(filenameInput,1000)

# create an encryption key
key = os.urandom(16)

# generate a random string that we use for integrity verification
aad = os.urandom(256)

# encrypt filenameInput to filenameEncrypted
iv, tag = encryptAESGCM(key,aad,filenameInput,filenameEncrypted)

# decrypt filenameEncrypted into filennameDecoded
decryptAESGCM(key,iv,aad, tag,filenameEncrypted,filenameDecoded)

# Dump the hashes of the files
for filename in [filenameInput, filenameEncrypted, filenameDecoded]:
    print("The SHA526 of '{}' is '{}'".format(filename,hashfile(filename,1)))
    
print("The hashes of the plaintext and decoded file should be the same")

The SHA526 of 'randomdata.dat' is '2f55a89826120a12c1f26c029fdfd0a35aa3982d9d8c9c9a650fe719803b4f98'
The SHA526 of 'randomdataEncrypted.dat' is 'ffbcf649e4bd088e9fedb7ce9ce0e4e8ae7cf318c1c79a888f14ecc04d25ba1c'
The SHA526 of 'randomdataDecoded.dat' is '2f55a89826120a12c1f26c029fdfd0a35aa3982d9d8c9c9a650fe719803b4f98'
The hashes of the plaintext and decoded file should be the same


## AES Encryption and Decryption in CBC mode

The following script implements two functions for encrypting and decrypting data form a file in AES/CBC mode. 


In [7]:
import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import padding


def encryptAESCBC(key,finput,foutput):
    # generate a new initialisation vector. This is done here to make sure it is renewed, each encryption pass
    iv = os.urandom(16)
    
    # create an encryptor object for the correct algorithm and mode
    encryptor = Cipher(
        algorithms.AES(key),
        modes.CBC(iv),
        backend=default_backend()
    ).encryptor()

    # open the output file
    with open(foutput,"wb") as fo:
        # open the input file
        with open(finput,"rb") as fi:
            # Create padder, and padding to the input so that the length is correct
            padder = padding.PKCS7(128).padder()
            
            # read the contents of the input
            plaintext = fi.read(1)
            while plaintext:
                padded = padder.update(plaintext)            
                ciphertext = encryptor.update(padded)
                fo.write(ciphertext)
                
                plaintext = fi.read(1)
                
            padded = padder.finalize()

            # encrypt
            ciphertext = encryptor.update(padded) + encryptor.finalize()        

            # write the ciphertext to the output file
            fo.write(ciphertext)
            
    # return the IV, that is needed for decryption
    return iv


def decryptAESCBC(key,iv,finput,foutput):
    # initialize the algorithem and create a decryptor object
    decryptor = Cipher(
        algorithms.AES(key),
        modes.CBC(iv),
        backend=default_backend()
    ).decryptor()
    
    # open the output file
    with open(foutput,"wb") as fo:
        
        # open the input file
        with open(finput,"rb") as fi:
            # initialize unpadder
            unpadder = padding.PKCS7(128).unpadder()
            
            # read the ciphertext, byte for byte
            ciphertext = fi.read(1)
            while ciphertext:
                # decrypt data
                decrypted = decryptor.update(ciphertext) 
                
                # send through unpadder
                unpadded = unpadder.update(decrypted)

                # write to output
                fo.write(unpadded)
                
                # read the next byte
                ciphertext = fi.read(1)
        
            # Finalize decryptor 
            decrypted = decryptor.finalize()
    
            # Finalize padder            
            unpadded = unpadder.update(decrypted)
            unpadded += unpadder.finalize()

            # write to the output
            fo.write(unpadded)

# This is our encryption key
key = bytes.fromhex("41b162773c263f60d4be893792b0c0119a3c1e3d16f881835e879487ca77827d")

# these are the filenames we're using
filenameInput = "randomdata.dat"
filenameEncrypted= "randomdataEncrypted.dat"
filenameDecoded = "randomdataDecoded.dat"

# create a random file of length 1000 bytes
createrandomfile(filenameInput,1000)

# encrypt the file and get the IV
iv = encryptAESCBC(key,filenameInput,filenameEncrypted)

# decrypt the file into a new file
decryptAESCBC(key,iv,filenameEncrypted,filenameDecoded)

# Dump the hashes of the files to check if everything went ok
for filename in [filenameInput, filenameEncrypted, filenameDecoded]:
    print("The SHA526 of '{}' is '{}'".format(filename,hashfile(filename,1)))
    
print("The hashes of the plaintext and decoded file should be the same")

The SHA526 of 'randomdata.dat' is 'c64fd9a0dac23153ada1b829184521a315afa2b434b41c6e3b485ff033fc798f'
The SHA526 of 'randomdataEncrypted.dat' is 'a4cadc21e579ce1944d090d364262ee7fa84429f20752519d4d5be2d3c36bc25'
The SHA526 of 'randomdataDecoded.dat' is 'c64fd9a0dac23153ada1b829184521a315afa2b434b41c6e3b485ff033fc798f'
The hashes of the plaintext and decoded file should be the same


## Generating an RSA key pair

In [8]:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization


def generate_private_key():
    # generate a private key
    private_key = rsa.generate_private_key(
        public_exponent=65537,
        key_size=2048, 
        backend=default_backend() 
    )
    return private_key

def store_private_key(private_key,filename: str, password: bytes):
    # convert the private key to pem format
    private_key_pem = private_key.private_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PrivateFormat.TraditionalOpenSSL,
        #encryption_algorithm=serialization.NoEncryption()
        encryption_algorithm=serialization.BestAvailableEncryption(password)
    )

    # write the private key to file
    with open(filename,"wb") as f:
        f.write(private_key_pem)
    
def load_private_key(filename: str, password: bytes):
    # read the private key from file
    with open(filename,"rb") as f:
        # read the contents
        data = f.read()
        prvkey = serialization.load_pem_private_key(
            data,
            #password=None
            password=password
        )
        return prvkey
    
def store_public_key(public_key, filename: str):
    # convert the public key to pem
    public_key_pem = public_key.public_bytes(
        encoding=serialization.Encoding.PEM,
        format=serialization.PublicFormat.SubjectPublicKeyInfo
    )

    # write the public key to file
    with open(pubkeyfile,"wb") as f:
        f.write(public_key_pem)

def load_public_key(filename: str):
    # read the public key from file
    with open(filename,"rb") as f:
        # read the contents of the file
        data = f.read()
        pubkey = serialization.load_pem_public_key(data)
    return pubkey

# define filename of the public key
pubkeyfile = "key.pub"
prvkeyfile = "key.prv"
password = b'correcthorsebatterystaple'
    
# generate a private key    
private_key = generate_private_key()

# store the private key
store_private_key(private_key,prvkeyfile,password)

# load the private key from file
private_key = load_private_key(prvkeyfile,password)

# derive public key from private key
public_key = private_key.public_key()

# store the public key to file
store_public_key(public_key,pubkeyfile)

# load the public_key from file
public_key = load_public_key(pubkeyfile)


## Encrypting and decrypting a message with RSA

In [9]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding

def encryptRSA(pubkey, plaintext: bytes):
    ciphertext = pubkey.encrypt(
        plaintext,
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )
    return ciphertext

def decryptRSA(prvkey, ciphertext: bytes):
    plaintext = prvkey.decrypt(
        ciphertext,
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )
    return plaintext

# message 
message = b'This some random message'

# load public key from file
public_key = load_public_key(pubkeyfile)

# encrypt the message
ciphertext = encryptRSA(public_key,message)

# dump the encrypted message
print("Encrypted message: ", ciphertext.hex())

# load the private key
private_key = load_private_key(prvkeyfile,password)

# decrypt the message
decoded = decryptRSA(private_key, ciphertext)

# dump the message
print("Decoded message: " + decoded.decode())



Encrypted message:  374e0ce7acee16bada1f5c35aa47df57444762bd44356bf05dfdb2c7251ce22ccf1c48e5776940b1a5ef2bb144f4505ba29b591f31b0c1ee2cdefdc0b6250f4743c6d1dcd144da2e0f6503e871c38c82569deebb52e4af882077a2313e5da6ae5a9ce7db64a9c9cec10218ac813c6b94889d52ededf178054c21d6e41b9e53c94c7ab4c5b10821bade39b7d44365c1984094c1e55298f296d86116ca5fac9e4f786ce1f712bb446c461feaac5eead0f83e01c4eb8521eb9f0197032b6ac099c6e4fb152d5c8baffdb4ccc0342e06e18fac2299e9dcf00b1f49037966c3967c701734e54c3a0a5ddd65bed30ca15b2ac666992f6e8a9bf411ccdd04dca5ec5043
Decoded message: This some random message


## Signing and veryfying with RSA


In [11]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.exceptions import InvalidSignature

def sign_message(private_key,message: bytes):
    signature = private_key.sign(
        message,
        padding.PSS(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),hashes.SHA256()
    )
    return signature

def verify_message(public_key, message: str, signature: bytes):
    try:
        public_key.verify(
            signature,
            message,
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return True
    except InvalidSignature:
        return False
    

        # define a message
message = b"This is the message to be signed"

# load a private key
private_key = load_private_key(prvkeyfile,password)

# create a signature
signature = sign_message(private_key,message)

# load a public key
public_key = load_public_key(pubkeyfile)

# verify the signature of the message
result = verify_message(public_key, message, signature)

# print the result
print("Verification result (True is expected): ", result)

# verify the signature of another message
result = verify_message(public_key, b"another message", signature)

# print the result
print("Verification result (False is expected): ", result)




Verification result (True is expected):  True
Verification result (False is expected):  False
