Hi:<br>In this new demo <br>i use randint() and Random.new().read() from the new Crypto.random module.<br>DSA use now 512 bit key at least.<br>and i use sha512 for DSA.<br>DSA only verifty the sha512 hash of the original AES password.<br>
<br>about rsa:<br><span class="gI"><span class="ik"><img class=" QrVm3d" id="upi" name="upi" src="images/cleardot.gif" height="16px" width="16px"></span><span class="gD" style="color: rgb(121, 6, 25);">Dwayne C. Litzenberger said something about OAEP</span></span> for RSA.<br>
this is a very critical issue, how can I use it.<br><br>Well, I feel now like child in a mine field. <br>So please help me check this again.<br><br><br>Thank you<br>-----------------------------------------------------------------------------------<br>
#!/usr/bin/env python<br>from Crypto.Cipher import AES<br>from Crypto.Util.number import GCD<br>from Crypto import Random<br>import os,sys<br>#####################AES ####################<br>print "=====AES 256 Demo====="<br>
# use AES to encrypt the real message<br># use the more secure Crypto.Random to generate PWD and Initialbyte/IV<br># AES key is 32 byte or 16*hex_digit<br># Initial16bytes:16 bytes or 8*hex_digit<br>PWD=""<br>rpool = Random.new() <br>
Random.atfork() <br><br>PWD = rpool.read(16).encode("hex")<br>Initial16bytes=rpool.read(8).encode("hex")<br><br>print "AES-key:",PWD,"len:",len(PWD)<br>print "Initial16bytes:",Initial16bytes<br>
crypt = AES.new(PWD,AES.MODE_CBC,Initial16bytes)<br><br>plain="sex drugs and crypto"<br>#block ciffre need string with lenth 16: add the restbyte to plain<br>restbyte =(16-len(plain)%16)%16<br>temp_string=""<br>
for a in range(restbyte):<br> temp_string+=" "<br>plain+=temp_string<br>#encryption<br>print "\nplain text: \n",plain,"\n"<br>crypt_txt= crypt.encrypt(plain)<br>print "encrypted text: \n",crypt_txt.encode("hex"),"\n"<br>
#decryption<br>crypt = AES.new(PWD,AES.MODE_CBC,Initial16bytes)<br>print "decrypted text: \n", crypt.decrypt(crypt_txt)<br>#################### RSA ####################<br>print "\n=====RSA 368 Demo====="<br>
#use 1 RSA key to encrypt the AES key<br>#use another RSA key to sign AES key<br>from Crypto.PublicKey import RSA<br><br>#start the random generator<br>rpool = Random.new() <br>Random.atfork()<br><br># generate both RSA keys, <br>
privatekeyCMS = RSA.generate(368, rpool.read)<br>Random.atfork()<br>privatekeyClient = RSA.generate(368, rpool.read)<br>publickeyCMS = privatekeyCMS.publickey()<br>publickeyClient = privatekeyClient.publickey()<br><br>#sign the AES PWD with server private key<br>
signed_PWD = privatekeyCMS.sign(PWD,"")<br>#encrypt AES PWD with client public key<br>enc_PWD = publickeyClient.encrypt(PWD, "")<br>print "with publickeyClient encrypted AES-PWD:"<br>print enc_PWD[0].encode("hex"),"\n"<br>
print "with privatekeyCMS signed AES-PWD:"<br>print signed_PWD[0],"\n"<br><br>#decryption<br>dec_PWD= privatekeyClient.decrypt(enc_PWD[0])<br>#verify identity of the <br>print "key verify:\n",publickeyCMS.verify(dec_PWD,signed_PWD)<br>
print "decrypted PWD:\n",dec_PWD<br><br><br>#################### ELGAMAL ####################<br>from Crypto.PublicKey import ElGamal<br>print "\n=====ELGamal 368 Demo====="<br><br><br>#generate 2 ELGAMAL key pair<br>
rpool = Random.new() <br>Random.atfork()<br>privatekeyCMS = ElGamal.generate(368, rpool.read)<br>privatekeyClient = ElGamal.generate(368, rpool.read)<br>publickeyCMS = privatekeyCMS.publickey()<br>publickeyClient = privatekeyClient.publickey()<br>
<br>#generate for each encryption session new K<br>K=rpool.read(16).encode("hex")<br>print "K for encrypt:",K<br>#encryption<br>enc_PWD = publickeyClient.encrypt(PWD, K)<br><br>#generate for each sign session new k<br>
strong_random = Random.random.StrongRandom(randfunc=rpool.read)<br>k = strong_random.randint(2,privatekeyCMS.p-2)<br>temp_p=privatekeyCMS.p<br>while GCD(privatekeyCMS.p-1,k)>1:<br> k = strong_random.randint(3,temp_p-2)<br>
print "k for sign:",k,"\n"<br>#signature<br>signed_PWD = privatekeyCMS.sign(PWD,k)<br><br><br>print "with publickeyClient encrypted AES-PWD:"<br>print enc_PWD[0].encode("hex")<br>print "with privatekeyCMS signed AES-PWD:"<br>
print signed_PWD[0],"\n"<br><br>#decryption<br><br>dec_PWD= privatekeyClient.decrypt(enc_PWD)<br>#verify signature<br>print "verify key:\n",bool(publickeyCMS.verify(dec_PWD,signed_PWD))<br>print "decrypted PWD:\n",dec_PWD<br>
<br>#################### DSA only sign ####################<br><br><br>print "\n=====DSA 512 Demo====="<br>from Crypto.PublicKey import DSA<br>#start the randomgenerator to generate integer <br>rpool = Random.new()<br>
strong_random = Random.random.StrongRandom(randfunc=rpool.read)<br>Random.atfork() <br><br>#generate Server DSA key<br>privatekeyCMS = DSA.generate(512, rpool.read)<br>publickeyCMS = privatekeyCMS.publickey()<br><br># generatae sha hash, which will be signed by the private key<br>
import hashlib<br>m = hashlib.sha512()<br>m.update(PWD)<br>print "sha512 hash",m.digest()<br><br>#generate for each sign session new k <br>k = strong_random.randint(3,privatekeyCMS.q-1)<br><br>print "k for sign:",k,"\n"<br>
<br>#sign<br>signed_PWD = privatekeyCMS.sign(m.digest(),k)<br><br><br>m = hashlib.sha512()<br>m.update(dec_PWD)<br><br>print "sha512 hash",m.digest()<br><br>#verify<br>print "verify key:\n",publickeyCMS.verify(m.digest(),signed_PWD)<br>
print "decrypted PWD from ELGAMAL:\n",dec_PWD<br><br>#decrypt the real message using the AES key<br>crypt = AES.new(dec_PWD,AES.MODE_CBC,Initial16bytes)<br>print "decrypted text: \n", crypt.decrypt(crypt_txt)<br>
print "\n=====End of Demo====="<br><br>