The idea of this web application is to implement asymmetric and symmetric encryption using python library Crypto used through a web interface/front-end which is a combination of html, css and bootstrap. As well as a python backend server using flask.
def encrypt_message(message, key):
key = key.encode('utf-8')[:16] # Takes the first 16 bytes of the key
key = pad(key, 16) # Pad the key if it's less than 16 bytes
cipher = AES.new(key, AES.MODE_CBC)
ct_bytes = cipher.encrypt(pad(message.encode('utf-8'), AES.block_size))
iv = hexlify(cipher.iv).decode('utf-8')
ct = hexlify(ct_bytes).decode('utf-8')
return iv, ct, hash_message(message)
def decrypt_message(iv, ct, key, original_hash):
key = key.encode('utf-8')[:16] # Ensure the key is bytes and has the correct length
key = pad(key, 16) # Pad the key if it's less than 16 bytes
iv = unhexlify(iv)
ct = unhexlify(ct)
cipher = AES.new(key, AES.MODE_CBC, iv)
pt = unpad(cipher.decrypt(ct), AES.block_size).decode('utf-8')
new_hash = hash_message(pt)
return pt, new_hash == original_hash
def hash_message(message):
h = SHA256.new(message.encode('utf-8'))
return h.hexdigest()The purpose of the AES is that its using only one key to encrypt and decrypt a message.
In both encryption and decryption we only used the first 16 bits of the key and padded the key with (standard padding).
Will use the (Advanced Encryption Standard) to create an object lets call it cipher with the key first and get the CBC_MODE object, then that will be used to encrypt the message. The message needs to be padded and encoded with utf-8 as well using the AES default block.
Now, the IV should be always at a specific size,IV must be unique for every encryption operation ensure that the same plaintext doesnt result in the same ciphertext IV the length of the IV must typically matches the block size of the encryption algorithm.
Note
Will use a library called binascii to use the functions (hexlify and unhexlify for both encryption and decryption)
This Python script provides functions for secure messaging using RSA encryption and digital signatures. It leverages the powerful libraries Crypto.PublicKey and Crypto.Hash to achieve secure communication.
Functionality:
Checks for existing key files (private.pem and public.pub). Generates a new RSA key pair (2048 bits) if no keys are found. Saves the generated keys to separate files. Loads existing keys from the respective files.
Encrypts messages using the recipient's public key (RSA PKCS1_OAEP). Decrypts messages using the user's private key.
Signs messages using the user's private key (PKCS1v1.5). Verifies signatures using the recipient's public key.
Generates a secure hash (SHA-256) of a message for integrity checks.
check_keys(): This function checks if the key files exist and generates a new key pair if not found.
save_keys(private_key, public_key): Saves the provided private and public keys to separate files.
load_keys(): Reads the private and public keys from their respective files.
generate_keys(): Generates a new 2048-bit RSA key pair, saves them, and returns the keys.
encrypt_message(message, public_key): Encrypts the message using the recipient's public key for secure transmission.
decrypt_message(encrypted_message, private_key): Decrypts the encrypted message using the user's private key to retrieve the original message.
sign_message(message, private_key): Signs the message with the user's private key to ensure authenticity.
verify_signature(message, signature, public_key): Verifies the signature using the recipient's public key to confirm the message hasn't been tampered with.
hash_message(message): Generates a secure SHA-256 hash of the message for integrity checks.
key_files_exist(): Checks if the key files exist on the system.