This folder contains a few examples using the Cryptography [1] module
to encrypt and decrypt data using AES and RSA.  See also my blog post
"Cryptography with Python 3" [2].  All the examples are based on the
PyCrypto examples in "../pycrypto" (see also my blog post "PyCrypto
with Python 3 on OS X 10.8" [3].

All Python files are also available in pretty-printed HTML versions
(just replace the .py extension with .html).


pycryptex.py / pycryptex-cbc.py
-------------------------------

A small example using AES to encrypt and decrypt a text:

  > python3 pycryptex.py

The example includes two versions, one using the high level Fernet
class and the other using the more low level hazmat functions.  The
second version is also implemented using CBC mode (where padding is
necessary):

  > python3 pycryptex-cbc.py


pycrypto-mkkey.py / pycrypto-encrypt.py / pycrypto-decrypt.py
-------------------------------------------------------------

An example with three programs.  pycrypto-mkkey.py is used to generate
a RSA key-pair. To generate an RSA key pair stored in the file k1 and
protected with the password "passwd" is done with the following
command (the public key is stored in the k1.pub file):

  > python3 pycrypto-mkkey.py k1 "passwd"

pycrypto-encrypt.py generates an AES key and use this key to encrypt
plaintext data read from stdin (README in the example below).  The
ciphertext is written to stdout (CIPHER in the example below).  The
AES key is encrypted using the public RSA key k1.pub generated above
and then saved to file k2 (no password needed since the public key is
not password protected):

  > python3 pycrypto-encrypt.py k1.pub k2 < README > CIPHER

pycrypto-decrypt.py reads the encrypted AES key k2 end decrypts it
using the RSA key k1 (k1 is protected with the password "passwd"). It
then use the AES key to decrypt the ciphertext data read from stdin
(CIPHER in the example below). The plaintext is written to stdout:

  > python3 pycrypto-decrypt.py k1 k2 "passwd" < CIPHER


pwsec-server.py / pwsec-client.py
---------------------------------

An example with two programs, a server and a client. The example
demonstrates secure communication using AES. The shared key is
generated from a password (the shared secret). We are using CTR mode,
and the initial value (for the counter) is sent first in the first
message. First start the server then the client:

  > python3 pwsec-server.py localhost 3456 "mypass" &
  > python3 pwsec-client.py localhost 3456 "mypass"

These two programs are using the tcp module from NOOP project [4]
(currently, only a few of the modules from the NOOP project are
released, May 2015).


pubsec-send.py / pubsec-receive.py
----------------------------------

An example with two programs, a sender and a receiver. The example
demonstrates secure communication using a combination of RSA and AES.
The sender use the public RSA key of the receiver to encrypt the first
message sent to the receiver. This message contains the shared secret
AES key of the session. Then the sender sends a message encrypted with
this key. First start the receiver then the sender:

  > python3 pubsec-receive.py k1 localhost 3456 "passwd" &
  > python3 pubsec-send.py k1.pub localhost 3456

These two programs are also using the tcp module from NOOP project [4].


This code is not meant to be robust.  All error checking is ignored.


[1] https://cryptography.io/
[2] http://pg12aa.blogspot.no/2015/05/cryptography-with-python-3.html
[3] http://pg12aa.blogspot.no/2012/11/pycrypto-with-python-3-on-os-x-108.html
[4] http://www.cs.uit.no/~aa/dist/tools/noop/

--
© 2015 Anders Andersen, UiT The Arctic University of Norway.  All
rights reserved.