# <font color='blue'> Table Of Contents </font>

## <font color='blue'> Code Walkthrough: Basic asymmetric cryptography </font>

* Introduction
* Key creation and serialization
* Encryption and Decryption
* Failed decryption attempt




# <font color='blue'> Code Walkthrough: Basic asymmetric cryptography </font>

## <font color='blue'> Introduction </font>

We are going to see simple key generation and encryption/decryption using primitives from cryptography module in python.

Please do **'pip install cryptography'** before you start with this.

The companion notebook 'M04W01-02-Asymmetric-Cryptography-Source-Code' has the complete source code.


## <font color='blue'> Key creation and serialization </font>


In [1]:
!pip install cryptography
#safe
#hazardious or low level

from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization, hashes

#hazmat=>hazardius material

#two types of offerings in this lib : 1. safe, 2. Low level

# Generating the private/public key pair
private_key = rsa.generate_private_key(
    public_exponent=65537, #e public exponent "3"
    key_size=2048,
    #min atleat 2048, <512
)
# Assigning the public key from the pair
public_key = private_key.public_key()


Defaulting to user installation because normal site-packages is not writeable


We first generate the private and public key pair. rsa indicates the algorithm used to generate the key pair, public exponent of 65537 is one of the default inputs (public key consists of an exponent and a modulus), and the key size of 2048 is the length of the modulus in bits.

In [2]:
# Serializing the private key data to show what the file pem data looks like
private_pem = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.PKCS8,
    encryption_algorithm=serialization.NoEncryption()
)
print(f'Private key data:\n{private_pem}\n\n')

# Serializing the public key data to show what the file pem data looks like
public_pem = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo
)
print(f'Public key data:\n{public_pem}\n\n')


Private key data:
b'-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDiDCXqUngkWf8I\nhqau7oIFdwSVz3MJfPcx9jg+bhvwQwRyUoM6UCQ8fvgp06BviqNa/TnnP5DEszaV\nZJsZps11FZVSD12NjJwm/pnmC0/4wIFVQ7LhlGGatYD9iYeJU5nhihhHXMUmN3DC\nqCHn45GGvlbjSwSV6HGs0pR62TfsqmO22vO/ez7EudkuFeNAIFDWhvvut4Kqpyt3\nXZYsqBYUtHlC+1aTp+NoXZVWGW/KXqVBMbCG1JruyYcbwcgAddCCoNBYDpEfj7zy\nDJOJb0jsNK/kcqTpeZ/uN2Te6CglHg/gAuZKixA+AcwEL6sStI0iWw3WYknG3moq\nLH6n8WxlAgMBAAECggEADMBkryhB0MMm6OM3qeyYdxh0sMLIGYPsKexa1eK+Prp5\nGL3g2zxEHwmGlE104nXuqyZXytzCHOaDMMBBI5xOQMmb58ooG+EPuf9ozRpcQ4sQ\ngK/V+nW1X9XXVfYZKD0IFDoHDpeEI5jDCqgTaZJj1jcMjbvgoVhAeWBTse5pAjer\nRw7Dkfy7kLWHkKizauxXgKkHcKQvIWSrOltUhjAVDgtyKHX6HaaJi0W+uOoTZENM\nq8mQJOruCmZvFmA0q0kWVAkmx66zx3Kc5ArtdmFcrpLwx2g7GQMZoGKxgvl2MpOu\n3b8L2HZJ+1wQa26nXQs+sD/1Mf96B1ZP4DdvMauOTQKBgQD71oGqxMew3bpkzOPy\nG8Evfh6eWXNtwiPlXXM+tZ+mT4NfQzkaF/xZaKLJArk20MBTvQ8bu7vAv13jkb92\nt7rnTrR9+J+estHlLgT4Fd9XTTrKbZ6TO34kfyRH8m/anOL6kLuHd5PMo40Ssnzd\noL8hE7LH2Dft95Ek+qlftiHTTwK

The code above is to highlight how the keys are serizalized to be able to store them in files, or as strings. These are generally what people understand as public/private keys. The private one has to be guarded and kept secret, whereas the public one is to be shared freely. Encoding and format defines the structure of the generated key pem files.



## <font color='blue'> Encryption and Decryption </font>


In [4]:
orig_message = b'The quick brown fox jumps over the lazy dog'
print(f'Original Message: {orig_message}\n\n')

# Encrypting the original message using the public key
encrypted_message = public_key.encrypt(
    orig_message,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)
print(f'Encrypted message: {encrypted_message}\n\n')


# Decrypting the original message using the private key
decrypted_message = private_key.decrypt(
    encrypted_message,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)
print(f'Decrypted message: {decrypted_message}\n\n')


Original Message: b'The quick brown fox jumps over the lazy dog'


Encrypted message: b"\x8c(\x06h\xeb\xc9}\xa5G\xa2FR\x8e$\xdc\x9b\x84\xa4d\x15\x11\xf6\x1f5\xc2\xcaN\x1dK\xdaL\x01{\xd9gxM\x01\xe2\x8e\xbf\xb3K\x88\xe5\x95ir6\xf1S\xceM\ti\x8b1\xd9%M\x18\x0ba\x0f\xb7&r\x06\x80\xaa\xb3\xd2\x1b9'\x97\xf9\xff\xf9\xc1\r\xb4\x99Y\xe2\xc7\xe3\xdb\xca\xc7\xab\xae\xd0\x80p\xe8o\xc7\x0en\xa5\xfb\x92*\xb4\x01\x80\x1e\x1f\xa0\xe5\xc4\xa2B1\\\xa7\x82GE\x85\xb0W\xf5^\x0e<\xfb\x12\xf7\xd2\xb4*c\xbb\xa3\xfc\x02.\x17Q\xcc\x0f\xf0\x84\xf9\xdd\xc9\xe2\xf6i\xa3\xec\x08\t/R(\x07\xbd\xea\xac\x1dj\x8a=^\xcb\xab\x91\xc5<\xe3\x9e\x95p\x88\xecS/&\xb8\xe2j{\x0b\xe3V]\xda[}\x88\xe3\xaeS\xe8/\xc9\x89\x00\x84[&\xca\x8a\xf1\x0c\x97/\x11Y\x0e\xd7f[\xd5\x8c\x9b\xca\x89\x16\x97{\xae7\x98n\xdf\x8a\xeeO\xda\xe83\xd0r\x88\x1f\xaccN\xf1Fl|\x81pU\xdf\xd2t\x1a\xf5\x08\x87"


Decrypted message: b'The quick brown fox jumps over the lazy dog'




We first define the original message as a byte literal.

We then use the public key and call the encrypt function on it to get the encrypted message. This encryption can be done by anyone using **your** public key for messages that they want to send to you.

Only **you** can then use your private key to decrypt the encrypted data and get the original message back.

OAEP padding is used with MGF1 mask generation function to pad the original message with nonsensical data to reduce predictability, especially at the start and end.


## <font color='blue'> Failed decryption attempt </font>


In [5]:
# Creating a different private/public key pair
another_private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048
)

# Trying to decrypt the original encrypted message using a different private key
decrypted_message = another_private_key.decrypt(
    encrypted_message,
    padding.OAEP(
        mgf=padding.MGF1(algorithm=hashes.SHA256()),
        algorithm=hashes.SHA256(),
        label=None
    )
)


ValueError: Encryption/decryption failed.

Here we generated a different private key and tried to decrypt the original message encrypted by the first public key. It failed, of course, as the private key is not part of the original pair.

**Practical exercises:**
1. Digital signature is in a way the reverse of what we just did. You will sign a message with your private key and then anyone can decrypt that with your public key. Hence, it proves that the message originated from you. See the cryptography library's doc, especially for RSA and implement signing.
2. A combined use case is when, say Alice has to send a signed message to Bob, but also protect it from being read by anyone else. In this case, 
  - Alice will:
    - Sign the message (M) using her private key - A_Pr(M)
    - then encrypt it using Bob's public key - B_Pu(A_Pr(M))
    - and send it to Bob
  - Bob will:
    - Decrypt the message B_Pu(A_Pr(M)) using his private key - A_Pr(M)
    - and then use Alice's public key to retrieve the original message - M

This ensures security, integrity, and authentication. Implement this flow using learnings from the existing code and practical exercise 1.

  



## <font color='blue'> References </font>

* Cryptography library: https://cryptography.io/en/latest/
* OAEP padding: https://en.wikipedia.org/wiki/Optimal_asymmetric_encryption_padding
* RSA key algorithm: https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Key_generation
