# python RSA Cryptography

by Anish

Posted on Thursday November 15 , 2018

## Before you Begin

This sample chapter extracted from the book, Python Cryptograhy.

# RSA

RSA stands for Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978. A user of RSA creates and publishes the product of two large prime numbers, along with an auxiliary value, as their public key. The private KEY (prime factors) MUST BE KEPT SECRET. Anyone can use the public key to encrypt a message, but with currently published methods, if the public key enough it is virtually impossible to decode the message.

In this artricle we will cover two important python library and perform various RSA functions.

• PYCA/Cryptography
• pycrypto

## pyca Generate RSA Keys

Generate RSA private/public Key and save in PEM format

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization

# Generate an RSA Keys
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)

public_key = private_key.public_key()

# Save the RSA key in PEM format
with open("/tmp/rsakey.pem", "wb") as f:
f.write(private_key.private_bytes(
encoding=serialization.Encoding.PEM,
encryption_algorithm=serialization.BestAvailableEncryption(encryptedpass),
)
)

# Save the Public key in PEM format
with open("/tmp/rsapub.pem", "wb") as f:
f.write(public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
)

## pyca RSA-OAEP encryption/ decryption example

Optimal Asymmetric Encryption Padding is a padding scheme often used together with RSA encryption, standardized in PKCS#1 v2

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.hazmat.primitives.serialization import load_pem_public_key

plaintextMessage = "Hello 8gwifi.org"
ciphertext = alicePubKey.encrypt(
plaintextMessage,
algorithm=hashes.SHA256(),
label=None
)
)

d = alicePrivKey.decrypt(
ciphertext,
algorithm=hashes.SHA256(),
label=None
)
)

assert plaintextMessage, d

## pyca RSA Sign Verify Example

Valid paddings for signatures are PSS and PKCS1v15. PSS is the recommended choice for any new protocols or applications, PKCS1v15 should only be used to support legacy protocols.

Probabilistic Signature Scheme (PSS) is a cryptographic signature scheme designed by Mihir Bellare and Phillip Rogaway

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.serialization import load_pem_private_key
from cryptography.hazmat.primitives.serialization import load_pem_public_key

plaintextMessage = "Hello 8gwifi.org"

sig = alicePrivKey.sign(
plaintextMessage,
),
hashes.SHA256()
)
ciphertext = alicePubKey.verify(
sig,
plaintextMessage,
),
hashes.SHA256()
)

## pycrypto

pycrypto example of generating RSA keys in various format (PEM/DER)

• RSA key size : 1024,2048,4096

### pycrypto Generate RSA Keys and store in PEM format

from Crypto.PublicKey import RSA
from Crypto.Util import asn1
from base64 import b64decode

#Export RSA public/private KEY in PEM format
key = RSA.generate(2048)
privKey = key.exportKey('PEM')
pubKey =  key.publickey().exportKey('PEM')

#save PEM key into the file
with open('/tmp/rsakey.pem', 'w') as file:
file.write(privKey)

with open('/tmp/rsapub.pem', 'w') as file:
file.write(pubKey)

### pycrypto Generate Encrypted RSA PEM Keys

key = RSA.generate(2048)
privKey = key.exportKey(passphrase=encryptedpass)
pubKey = key.publickey().exportKey()
print privKey

### pycrypto Generate Encrypted RSA Keys in PKCS8 format

key = RSA.generate(2048)
privKey = key.exportKey(passphrase=encryptedpass,pkcs=8)
pubKey = key.publickey().exportKey()
print privKey

### pycrypto Generate RSA key and export in DER Format

key = RSA.generate(2048)
#Export RSA key in DER format
privKey = key.exportKey('DER')
pubKey =  key.publickey().exportKey('DER')

### pycrypto Generate RSA Keys and Perform Encryption and Decryption

from Crypto.PublicKey import RSA
from Crypto.Util import asn1
from base64 import b64decode

#Generate RSA Keys and Perform ENcryption and Decryption
key = RSA.generate(2048)
pubKey =  key.publickey()
plaintextMessage = "Hello 8gwifi.org"

#RSA Encryption Using Public Key
cipherText = pubKey.encrypt(plaintextMessage,32)

#RSA Decryption Using Private Key
print key.decrypt(cipherText)

### pycrypto Load RSA Keys and Perform Encryption and Decryption

from Crypto.PublicKey import RSA
f = open('/tmp/rsakey.pem', 'rb')
f1 = open('/tmp/rsapub.pem', 'rb')

#RSA Encryption Using Public Key
cipherText = pubKey.encrypt(plaintextMessage,32)

#RSA Decryption Using Private Key
print key.decrypt(cipherText)

## pycrypto PKCS1_OAEP

RSA encryption protocol according to PKCS#1 OAEP

Load the RSA keys and then performing encryption/decryption using PKCS1_OAEP

from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP

plaintextMessage = "Hello 8gwifi.org"
f = open('/tmp/rsakey.pem', 'rb')
f1 = open('/tmp/rsapub.pem', 'rb')

cipher = PKCS1_OAEP.new(pubKey)
cipherText = cipher.encrypt(plaintextMessage)

#RSA Decryption Using Private Key

cipher = PKCS1_OAEP.new(key)
print cipher.decrypt(cipherText)

### pycrypto PKCS1_PSS Sign Verify

from Crypto.PublicKey import RSA
from Crypto.Signature import PKCS1_PSS as PKCS
from Crypto.Hash import SHA

plaintextMessage = "Hello 8gwifi.org"

f = open('/tmp/rsakey.pem', 'rb')
f1 = open('/tmp/rsapub.pem', 'rb')

#RSA Signature Generation
h = SHA.new()
h.update(plaintextMessage)
signer = PKCS.new(key)
signature = signer.sign(h)

#At the receiver side, verification can be done like using the public part of the RSA key:
#RSA Signature Verification
h = SHA.new()
h.update(plaintextMessage)
verifier = PKCS.new(pubKey)
if verifier.verify(h, signature):
print "The signature is authentic."
else:
print "The signature is not authentic."

## pycrypto PKCS1_v1_5 Encrypt/Decrypt

A DER exported KEY used to perform encryption and decryption.

from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
plaintextMessage = "Hello 8gwifi.org"

key = RSA.generate(2048)
pubkey = RSA.importKey(key.publickey().exportKey('DER'))
privkey = RSA.importKey(key.exportKey('DER'))
cipher = PKCS1_v1_5.new(pubkey)
ciphertext = cipher.encrypt(plaintextMessage)

dcipher = PKCS1_v1_5.new(privkey)
#``sentinel`` a value that resembles a plausable random, invalid
secret = dcipher.decrypt(ciphertext,"sentinel")
print secret

### pycrypto PEM Example

key = RSA.generate(2048)
pubkey = RSA.importKey(key.publickey().exportKey('PEM'))
privkey = RSA.importKey(key.exportKey('PEM'))
cipher = PKCS1_v1_5.new(pubkey)
ciphertext = cipher.encrypt(plaintextMessage)

dcipher = PKCS1_v1_5.new(privkey)
#``sentinel`` a value that resembles a plausable random, invalid
secret = dcipher.decrypt(ciphertext,"sentinel")
print secret

Thanku for reading !!! Give a Share for Support

#### Your Support Matters!

Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just \$9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency

Here