# Public Key Generation

In [1]:
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization

In [2]:
# Generate key pair using some recommended parameters
private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)

In [3]:
pem = private_key.private_bytes(encoding=serialization.Encoding.PEM, 
                                format=serialization.PrivateFormat.PKCS8,
                                encryption_algorithm=serialization.NoEncryption())

In [4]:
pem

b'-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8Fr2IL2CwCGQT\n753inH/OfbkO2hZy0k3sYQqPLmcr5rH223XDkXehDO6LuvTH43oeHcPEHWplEtnD\nKF307JqibcMa7yj7YkDfFJIIEtxiQ7+I4adQ4qkhV3Ej/FPRMRC4tnCnWVHpViUs\nr9teZUa4yzfwLXVYwLTTmEB3f7k4oQV6YdhjONB3+fTiea/UYMhnMpktJQ29ZXV5\nMj2LkgX+i9qbyFOeCPmXsvGX7BPoktGr7jMixkeQjLFvYbxYkTeWlyy2AMyx+1j3\n7YX8isKpB0TNp+QFWzeTJZm1Zv7r2wKk7UX6EQ0jrZfn2/lZ6yJwAfgChkFY7caK\nsRT8WelHAgMBAAECggEADHkNlIxfwwyrZk8Lj02FhDH+Jaf8uRyNIlHFG32eReEE\niDRBePiakEmFQCrjtKW3IWwj4Ut6FL3NRw3UPTu7fW399DlL5G+9kY2RqYtmpfWM\nLA2axNhjEtzzmclP3Z19WGJw0ggwUGLwECiRSY85w2NmkDzTfVE6LJX6IHKN291k\nfizEainYdQY7vT7JzSEzX3A1t9NnaBMwXxC57t2I0/W3GZK6uiDbdsBhKm44T9oy\napWVMIAFqDIgbt6rVOxoUFHZvdsZPFL8RAdwZZZSctENzF4/+ywTRQ7d39/1SIhP\n3EsM2HwTAEEFxqRfcqIk3YlRiZBvmos9hf9FmLdewQKBgQDxFN71zIRxMQ3CNKUg\nuWCQoFKgrp9DXUXifulxeS6yiODZmiiz1075OmeihOwvwJgEBgSFhEaeVheQ1PJO\nf2VliqmVAcNYAl/rBbDwnqLOmU2+gP7I/S5HVNvpMh3+HeFyNRTpuuyWqcGzP5Gk\n5Shm2+9YRHp1svr8sttuVRiWUQKBgQDHumCvhbmE7MH6K

In [5]:
# Look at the public key
public_key = private_key.public_key()
public_key.public_bytes(encoding=serialization.Encoding.PEM,
                                      format=serialization.PublicFormat.SubjectPublicKeyInfo)

b'-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvBa9iC9gsAhkE++d4px/\nzn25DtoWctJN7GEKjy5nK+ax9tt1w5F3oQzui7r0x+N6Hh3DxB1qZRLZwyhd9Oya\nom3DGu8o+2JA3xSSCBLcYkO/iOGnUOKpIVdxI/xT0TEQuLZwp1lR6VYlLK/bXmVG\nuMs38C11WMC005hAd3+5OKEFemHYYzjQd/n04nmv1GDIZzKZLSUNvWV1eTI9i5IF\n/ovam8hTngj5l7Lxl+wT6JLRq+4zIsZHkIyxb2G8WJE3lpcstgDMsftY9+2F/IrC\nqQdEzafkBVs3kyWZtWb+69sCpO1F+hENI62X59v5WesicAH4AoZBWO3GirEU/Fnp\nRwIDAQAB\n-----END PUBLIC KEY-----\n'

In [6]:
public_key.public_numbers()

<RSAPublicNumbers(e=65537, n=23744015022714600639905649712629721516231513395613248196342990256719510273721885849912518004408431133414240348067555521224344186226094025312281700127086304503173278495608030302129692031555431606025475645354935517316283895985300966711813834053856463583043187312489550403552896220151823059489963578010368061182153122495340177026147345025336363556428655712807440194899074304451496240971802577379858766027760089166805435179612578626590820174804712569436902173465491005730498179004088772302472029151455749227994247294933911129887491017852426210466555754227633057598864159888960807308297147476142080754845443507135251605831)>

# Public Key Encryption

A demonstration of public key based message sending. Note that this is not an efficient approach for sending messages and is for educational purposes only.

In [7]:
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes

In [8]:
alice_private_key_rsa = rsa.generate_private_key(public_exponent=65537, key_size=2048)
alice_public_key_rsa = alice_private_key_rsa.public_key()

In [9]:
bob_private_key_rsa = rsa.generate_private_key(public_exponent=65537, key_size=2048)
bob_public_key_rsa = bob_private_key_rsa.public_key()

In [10]:
# We need to pad the message so we are using recomended approachs
myPad = padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()), 
                     algorithm=hashes.SHA256(), label=None)

In [31]:
# Alice sends a message to bob using his pubic key
message = b"Hi Bob, Alice here. I got your public key from trusted source. Just testing!"
bob_ciphertext = bob_public_key_rsa.encrypt(message, myPad)

In [43]:
def bytes2ascii(bs):
    # Printable ASCII is 32-126
    outstring = ""
    for b in bs:
        if b >= 32 and b <= 126:
            outstring += chr(b)
        else:
            outstring += "X"
    return outstring

In [50]:
print(bob_ciphertext.hex(), "\n")
print(bytes2ascii(bob_ciphertext))

a2e325c8ac240b9e6c3f2b5e1852566b396061923f740887a37757984916fb2dcfcf7994982aec18eac61f0717234d3f10db8602a71a8813a1eb1478b027a28929c55a26cbcf0d29fa57ed32917cc16565c516b072f1cfa822880516e5590db77d7713043e874a97f3283c14d0e8fbd0247f027605901f28d2fbb5012ca39d8aac47bff5743726d92421d164c4089f20cb8b05e6408dd72e8bec205a6f586cd938d7338c66aabd3a583c095484cefc1247a077bc639662b4a13fcb515c9357cceb6fd344a60a98d86711f9f4448985ff5908135ae448dacc9083172416331eacc7c9f7696ca9883049c65c1e99abde67967881e24f9198aab9f79d2540616d99 

XX%XX$XXl?+^XRVk9`aX?tXXXwWXIXX-XXyXX*XXXXXXX#M?XXXXXXXXXXXxX'XX)XZ&XXX)XWX2X|XeeXXXrXXX"XXXXYXX}wXX>XJXX(<XXXXX$XXvXXX(XXXX,XXXXGXXt7&X$!XdXXX XXXX@XX.XX ZoXlX8X3XfXX:X<XTXXXXGXwXcXbXX?XQ\XWXXoXDXXXXgXXXDXXXYXXZXHXXXXX$X3XXXXXilXX0IX\XXXXgXxXXOXXXXXX%@amX


In [46]:
# Bob receives encrypted message and uses his private key to decrypt
plaintext = bob_private_key_rsa.decrypt(bob_ciphertext, myPad)
print(plaintext.hex())
print(bytes2ascii(plaintext))

486920426f622c20416c69636520686572652e204920676f7420796f7572207075626c6963206b65792066726f6d207472757374656420736f757263652e204a7573742074657374696e6721
Hi Bob, Alice here. I got your public key from trusted source. Just testing!


In [13]:
# Bob sends a message to Alice using his pubic key
message = b"Hi Alice, got your message and yourpublic key from trusted source. Stay Secure!"
alice_ciphertext = alice_public_key_rsa.encrypt(message, myPad)
print(alice_ciphertext)

b'\xab\xb8 \x1e_m\xc4\xfeV\xe8^\xaab\xd5\xe4U\xe3\xe74\xea7(\x8f\x9d\xf9\xbe\x84\xac\x89\xa1\x9cR\xdf<\x18\x9a\xa6Er(\xc1\xb9J\xae\x88\xe2\xccF\xa0\x0f\xf2"\x8f^\xbbn\xc2\xc1|:\xeb\xbd\x00P\x80\x00\x9d|G{@\x9e\x9fC\x81\xae\xd8.P\xdb\x14C\xbc\x8f\x9d\xfb\xce\x06\x1af\xe1\x9e\xe4\xc0\t\x9c\x0f\x04;&\xde\x98LX\x94\xb7Mb\xb1"\xd5:\xa50\xd0\x1dX\x12;\xbac\xf4\x96\xf3g\x92\xb0\x16\xf5\xb6\xa7W\x1b\x86\x81U\x8e\\\xd5u\x10\xda\x8d\xbe\xed\x01\x89\xcf\xa1|\x1e1\xaeP,\xcet!\xc4\xe1\x0b.\xfc\xcaE\xac1\xfeL[^\x9f_\x98\xc0\x19\x888\xb47\x06\xbc \xde\x82b\xff\x8d\x87b\xed\x91&\x04\xb6\xfd\xa4\xc7\x1d7\x06\xb1^cP\xdc<\xcf\xb3#\x12\xf1u\x94\xa8#p\x9cX\x0f9\x82f\x02%\xa5+e\x99\x1afx\x9axl\x08\xe9\xbeAZ\xfbm\xaf0\xb4\r\x06]\xfa\x8b\xd1\x83\x14u\xd1\x1b'


In [14]:
# Alice receives encrypted message and uses her private key to decrypt
plaintext = alice_private_key_rsa.decrypt(alice_ciphertext, myPad)
print(plaintext)

b'Hi Alice, got your message and yourpublic key from trusted source. Stay Secure!'


# Key Exchange for Shared Symmetric Key

Public key systems are not as efficient as symmetric ciphers such as AES, so they are not used directly to encrypt long messages. Instead they are typically used for key exchange, signing, and verification.

Here we give a demonstration of how Alice and Bob can each come up with a shared symmetric key by only knowning their own private key and the others public key.

The *X25519* algorithm demonstrated below is one of those specified for use in S/MIME and TLS1.3. The following is for educational purposes only.

In [15]:
from cryptography.hazmat.primitives.asymmetric.x25519 import X25519PrivateKey
from cryptography.hazmat.primitives import serialization

In [16]:
alice_private_key = X25519PrivateKey.generate()
alice_public_key = alice_private_key.public_key()
print(alice_public_key.public_bytes(encoding=serialization.Encoding.PEM, 
                            format=serialization.PublicFormat.SubjectPublicKeyInfo))

b'-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VuAyEAx5SpgywtRjcTd+6w3yLNlpxpCBn4fvtNcuUIf/nvk18=\n-----END PUBLIC KEY-----\n'


In [17]:
bob_private_key = X25519PrivateKey.generate()
bob_public_key = bob_private_key.public_key()

In [18]:
# Alice creates a symmetric key with her private key and Bob's public key
shared_key_alice = alice_private_key.exchange(bob_public_key)
print(shared_key_alice.hex())

7987a8f2451b19a7e1f5b0755142cf783b1655fee0d4e8461e020724c3fdb162


In [19]:
print(bob_public_key.public_bytes(encoding=serialization.Encoding.PEM, 
                            format=serialization.PublicFormat.SubjectPublicKeyInfo))

b'-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VuAyEAoIPjcw5BvwG8IDmKIAPPxv0s6Zk74Ww/rTxx6brSolI=\n-----END PUBLIC KEY-----\n'


In [20]:
# Bob creates a symmetric key with her private key and Alice's public key
shared_key_bob = bob_private_key.exchange(alice_public_key)
print(shared_key_bob.hex())

7987a8f2451b19a7e1f5b0755142cf783b1655fee0d4e8461e020724c3fdb162


In [21]:
shared_key_alice == shared_key_bob

True

In [22]:
len(shared_key_alice)

32

# Digital Signatures

In [None]:
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives import serialization

In [None]:
private_key = Ed25519PrivateKey.generate()
print(private_key.public_key().public_bytes(encoding=serialization.Encoding.PEM, 
                            format=serialization.PublicFormat.SubjectPublicKeyInfo))

In [None]:
signature = private_key.sign(b"my authenticated message.")
print(f"length of signature: {len(signature)}")
print(f"start of signature: {signature[0:16].hex()}")
public_key = private_key.public_key()
# Raises InvalidSignature if verification fails
public_key.verify(signature, b"my authenticated message.")

In [None]:
try:
    # Note slight change in the message
    public_key.verify(signature, b"my authenticated message!")
except:
    print("Message not authenticated!")