Cryptography with Python 3
In 2012 I posted a post on using PyCrypto with Python 3 and some AES and RSA examples. Now, I usually use the cryptography Python library (implemented for both Python 2 and 3). I have ported all my PyCrypto examples from 2012 (see the README file) to the cryptography library.
pycryptex.py / pycryptex-cbc.py
pycryptex.py [src] is a small example using AES to encrypt and decrypt a text:
> python3 pycryptex.py
The example includes two versions, one using the high-level Fernet class and the other using the more low-level hazmat functions. In pycryptex-cbc.py [src] the second version is implemented using CBC mode (where padding is necessary):
> python3 pycryptex-cbc.py
pycrypto-mkkey.py / pycrypto-encrypt.py / pycrypto-decrypt.py
An example with three programs. pycrypto-mkkey.py [src] is used to generatea RSA key-pair. To generate an RSA key pair stored in the file k1
and protected with the password "passwd"
is done with the following command (the public key is stored in the k1.pub
file):
> python3 pycrypto-mkkey.py k1 "passwd"
pycrypto-encrypt.py [src] generates an AES key and use this key to encrypt plaintext data read from stdin (README
in the example below). The ciphertext is written to stdout (CIPHER
in the example below). The AES key is encrypted using the public RSA key k1.pub
generated above and then saved to file k2
(no password needed since the public key is not password protected):
> python3 pycrypto-encrypt.py k1.pub k2 CIPHER
pycrypto-decrypt.py [src] reads the encrypted AES key k2
end decrypts it using the RSA key k1
(k1
is protected with the password "passwd"
). It then uses the AES key to decrypt the ciphertext data read from stdin (CIPHER
in the example below). The plaintext is written to stdout:
> python3 pycrypto-decrypt.py k1 k2 "passwd" < CIPHER
pwsec-server.py / pwsec-client.py
An example with two programs, a server pwsec-server.py [src] and a client pwsec-client.py [src]. The example demonstrates secure communication using AES. The shared key is generated from a password (the shared secret). We are using CTR mode, and the initial value (for the counter) is sent first in the first message. First start the server then the client:
> python3 pwsec-server.py localhost 3456 "mypass" &
> python3 pwsec-client.py localhost 3456 "mypass"
These two programs are using the tcp
module from NOOP project (currently, only a few of the modules from the NOOP project are released, May 2015).
pubsec-send.py / pubsec-receive.py
An example with two programs, a sender pubsec-send.py [src] and a receiver pubsec-receive.py [src]. The example demonstrates secure communication using a combination of RSA and AES. The sender uses the public RSA key of the receiver to encrypt the first message sent to the receiver. This message contains the shared secret AES key of the session. Then the sender sends a message encrypted with this key. First start the receiver then the sender:
> python3 pubsec-receive.py k1 localhost 3456 "passwd" &
> python3 pubsec-send.py k1.pub localhost 3456
These two programs are also using the tcp
module from NOOP project.
Note
This code is not meant to be robust. All error checking is ignored.