### <font color='blue'> Table Of Contents </font>

## <font color='blue'> Code Walkthrough: Basic Digital Signature </font>

* Introduction
* Key creation and serialization
* Digital signature
* Failed validation attempt




# <font color='blue'> Code Walkthrough: Basic Digital Signature </font>

## <font color='blue'> Introduction </font>

We are going to see simple key generation and Digital signature using primitives from cryptography module in python.

Please do **'pip install cryptography'** before you start with this.

## <font color='blue'> Key creation and serialization </font>


In [2]:
!pip install cryptography
#safe
#hazardious or low level

from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization, hashes
import cryptography

#hazmat=>hazardius material

#two types of offerings in this lib : 1. safe, 2. Low level

# Generating the private/public key pair
private_key = rsa.generate_private_key(
    public_exponent=65537, #e public exponent "3"
    key_size=2048,
    #min atleat 2048, <512
)
# Assigning the public key from the pair
public_key = private_key.public_key()


Defaulting to user installation because normal site-packages is not writeable


We first generate the private and public key pair. rsa indicates the algorithm used to generate the key pair, public exponent of 65537 is one of the default inputs (public key consists of an exponent and a modulus), and the key size of 2048 is the length of the modulus in bits.

In [17]:
# Serializing the private key data to show what the file pem data looks like
private_pem = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.NoEncryption()
)
print(f'Private key data:\n{private_pem}\n\n')

# Serializing the public key data to show what the file pem data looks like
public_pem = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo
)
print(f'Public key data:\n{public_pem}\n\n')


Private key data:
b'-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDQ7PzgH6EcF2ch\nSInECk/ZKQ23jAfQnYVXKs1r2UdOUKEr0XTV5scYmwEiBFnsgHIG/Li1p6uq/BqP\nYWugwG0RKTEpfME8GvveIYwnBwuN4EkTe7ZbYmVmhH9koBgBsFVPYkYvkBrSPaLg\ndCgZFieAOMhENKV1wa2z+2OEKOA/ZDhdGXoeMzlLXY2DMAeilcYLWu/oESUNQ7Sv\nW6hPUHUVvqhDosCiT+oGBcYNJIvnwI/HPEySv1TFXiYtWVPrYnY7PdD7xPioqeEM\nXHrK/1GUoXzy/mWZKGpMn9Q1cpXDFp4sZBVsrQtg/txmKkIDo3cravMj133/pAHH\nIGRyTbp1AgMBAAECggEAB70XesfBJHS7dbClpbTKE12ha/CMY45KH5nuxPVl3kE/\nTwuxm7CyJDetmZB2sjtpvdeDkfr1cV5oL3Jo1an7AD053HMKB0tqk+ZDNjjdFTK/\nEjEtZoIlBmCXBWemq/1Xk5qsxds9Gxd8Xnr+9zrqWKYByQD4Nf3oDLgdjgojkEV5\napB9hZ0xfKrxEH74JQ+rOKyvRj8VrtoPTvIZ7UeWcF645T9YT38TEG10rzAs3TrG\nqmyGIVUCrdDJhM88NWj20xUktHKvQc7rb/W4w2wSInVpsvxM19151TqZtteAfSwH\nWo77O5P1Q6/sbI8cONvv+A6awYmNSLx1/ytNq5lPIQKBgQDvJP6cv4RchnmV0iaW\nM+4+08mUB9zIFaWlZElUFjvSUVNdNwQ89e4ZfGZ30DWLbhCOBqJ3VQh4kDqt5KVM\nCRVytXBjl2xWhPM0QsctEbG9ZMza0hADuo2XYqin5ZZ28abfVMww1vKhh0E/muyV\nYn3qXk4BkPAYfaX4xkC0I0QL8QK

The code above is to highlight how the keys are serizalized to be able to store them in files, or as strings. These are generally what people understand as public/private keys. The private one has to be guarded and kept secret, whereas the public one is to be shared freely. Encoding and format defines the structure of the generated key pem files.



## <font color='blue'> Digital Signature </font>


In [18]:
orig_message = b'The quick brown fox jumps over the lazy dog'
print(f'Original Message: {orig_message}\n\n')

# Encrypting the original message using the public key
digital_signature = private_key.sign(
    orig_message,
    padding.PSS(
        mgf=padding.MGF1(hashes.SHA256()),
        salt_length=padding.PSS.MAX_LENGTH
    ),
    hashes.SHA256()
)
print(f'Digitally signed message: {digital_signature}\n\n')


try:
# Decrypting the original message using the private key
    is_valid = public_key.verify(
        digital_signature,
        orig_message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
    print(f'Signature is valid \n\n')
except cryptography.exceptions.InvalidSignature:
    print("Signature is invalid.")
    


Original Message: b'The quick brown fox jumps over the lazy dog'


Digitally signed message: b'Q\x0fdB\xe0\xa9\x8a-\xaa\xbe\xf0\x8b\xb6*;\x10\x19{\x00\x0e\xe8u\xd0,\xf2\x9b\xc3\x91S\x82\xc2\\R\x18II\xb0\xb8\xaaH@\xce\xcf\xf5\xd6\xca\xecZ\x8c`\xe7^\xb3\xf6LW2\x0bWd\xd4\xed\x87~y2v/\xe7\x88y*\x91\x10\x01\x7f\xc5\xd4\x1e\xb1"\xb5x\xb1\xcaA\xa1\xc4ZG\x17\xec\xd7/X\xe3\x98\x85r\xf1\x17?SMs\x9eDT\xfa\xaa\x07\xa6\xa5P\xee\xfdx\x89\xd5\xfb\x89|L\xd4\xdb\x140\xb1\xce\xceM\x07\xca\xf8^\t\x89\x08\x86%\xe5B\x19v\x0f\xff#\x17\xdf\xfe\x1a@\x8d\xff\xe2\xa7\xae%\xea\xd2L\xf6K5$\x94\xdb\x80\xd0\x8e\x0f\xb5\xb9d6\x1f\x00v\x13\xa2C\xe8\x06\x93O\xf4\xc9\xcd\x03\xbbo\xb6y\x88z\x9a\x84\xc7#\x91\xa0\x8f\xe5\x1a\x00\x07\x02\x9b\xf9\xf0^\x9f\x9c\xc81d\xadl{\x0e\x88b-[\xa7\xf9}\xa5g"\xdc\x7f\x19T\xfb\x13\t\xe6\xc8\xd7\x86GA\x82\xbd\xf5\xd4\xfc\xe6\xd0v\x10T\x86\xf6\xc2'


Signature is valid 




In [21]:
# Creating a different private/public key pair
another_private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048
)

another_public_key = another_private_key.public_key()

try:
# Decrypting the original message using the private key
    is_valid = another_public_key.verify(
        digital_signature,
        orig_message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )
    print(f'Signature is valid \n\n')
except cryptography.exceptions.InvalidSignature:
    print("Signature is invalid.")



Signature is invalid.
