# Digital Signature and Asymmetric Cryptography Implementation

- Environment used: conda create -n blockchain pip python scipy cryptography
- cryptography version 3.4.7, python version 3.9.5

Note: This code is implemented in **signature.py** in the working directory, including tests. 

In [1]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.exceptions import InvalidSignature

# Generate Public and Private Keys

In [2]:
def generate_keys():
    ''' 
    This function uses RSA encryption with 2048 bits to create public and private key
    Returns two objects, the public key and the private key
    '''
    private_key = rsa.generate_private_key(
                        public_exponent = 65537, 
                        key_size = 2048)
    public_key = private_key.public_key()
    return(private_key, public_key)

# running
private_key ,public_key = generate_keys()
print(private_key ,'\n',public_key)

<cryptography.hazmat.backends.openssl.rsa._RSAPrivateKey object at 0x0000014FBDC59CC0> 
 <cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x0000014FBDC59EB8>


# Signing a Message Using Private Key
- SHA 256 needsd padding in cryptography
- PSS is a sudorandom 
- \x are hexidecimal values in the signature

In [3]:
message = b"A message I want to sign"

def sign(message, private_key):
    ''' 
    Takes the private key and a message to give a digital signature
    Returns a digital signature
    '''
    message = bytes(str(message), 'utf-8')
    signature = private_key.sign(message,
                                 padding.PSS(
                                 mgf = padding.MGF1(hashes.SHA256()),
                                 salt_length = padding.PSS.MAX_LENGTH),
                                 hashes.SHA256())
    return(signature)

# running
signature = sign(message,private_key)
signature

b'7%\xe6\xfa\x00V1\x13M\xeb\xf7F\x93\x9b\x19(\x88\x9d\xab\xd1\xea\xe5\xe1\xdfd\xa0\xa9@\xdcg]$\xf8CXCBRb\x8a\xbdz\xd9\xf0\xaa\x18\xc0\x03\x0es\xaa\x99\x17\xffS\xc7\x83\xdb\xa4<\xc2G3i\xc3\xf0\xe2@\x9a\x8f^\x8c\xf3\xc0\xdb\xa9\xb6f\xb5%i\xef\xc27\xa6\xacc)\xd2xpA\xc3\xe6\x11;\xb2\x06T\xaf%\xc8J\x8f\x16h-\xfcQ\xd1\xce\x05\\\xe1\xfe\xa4\xe0Yd\xf3Yf\xa4\xaa\x81V\xe1\xf4\xb8\xa7\xb6jN\x9c=\x1aG\xbb\xb5R\xeb>\xa7\x03\xd7\xcb\xdc\xc87\xfcI\xfey\x16\t\x08\x11\x03p\x7fT\x9c\x05\x81\xc3\x9d\xf6\x05u\x03x~:\x87\xff[g^h1\xfe\xe6\xb4<j\xcf|\xa3\xed\x17I\xf8\x9f\r\xce\xf4\xcd3\x89/\x025\xbc\x1a\n\x8ej\xa6y\x80\x03#8\x11\x99\x0f\xd7\xd0\x18X\x82\xa1\xfa\xb6F\xd1\x9d\nu\x7f%{]\xd7bs7\xb5\x89\xc92\n n\xc2k>#\xb6^\xdem\xcd?e\x01'

# Verification of Message and Sender

If you have a public key, a message, a signature, and the signing algorithm that was used you can check that the private key associated with a given public key was used to sign that specific message.

If the signature does not match, verify() will raise an InvalidSignature exception.

In [4]:
def verify(message, signature, public_key):
    '''
    Takes a message, received signature, and public key to verify message from the sender untampered.
    Returns True if verified, else False
    '''
    
    message = bytes(str(message), 'utf-8') # if message bytes converts to a string and then to bytes
    #public_key = private_key.public_key() # need to refactor the argument of function and this line.
    try:
        public_key.verify(
        signature,
        message,
        padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH),
        hashes.SHA256()
    )
        return(True)
    except InvalidSignature:
        return(False)
    except:
        print("Error executing public key verify")
        
# running
verify(message,signature, public_key)

True

# Resources

https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/