Programming: Issue #4 [Cryptography][Python]: Basic Cryptography

– There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files. – Bruce Schneier

Enigma machine, used by WWII German Army

 

Cryptography has been one of the topics about computer science that has captivated me the most so far. It is a subject of notable importance on computer engineering, but it’s crucial when it comes to networking. If someone is using a system with a decent firewall and it’s not exposed to external attacks, regular data doesn’t need to be encoded. However, we can’t assume anything when it comes to data traveling between networks, scpecially Internet. There are many kinds of attacks (Man-In-The-Middle as the first example that comes to mind) that focus on trying to intercept and/or manipulate data transfers between two computers. Cryptography comes as a solution that does not stop the attacker from getting the message, but keeps him from being able to read or understand it.

Since the whole project of this blog started as a step-by-step tutorial on how to make a program to transfer data between a client and a server (though I guess it won’t end there), even if we’re not going to send crucial data (such as credit card numbers, etc…) it is a matter of interest to understand and know how to use basic cryptography to send encoded data instead of plain text.

There are two main types of cryptography: symetric-key and public-key cryptography. In this first issue about cryptography I will show the main ideas behind the two systems and provide a cople of simple examples about them using AES for the symmetric-key section and RSA for the public-key one. I’m not going to go in-depth with the algorithms they use since it’s not the focus on the blog to show this kind of low-level view, but it’s easily googleable by anyone interested.

I’ll be using pycrypto libraries that can be downloaded for free at their webpage.

Symmetric-key Cryptography:

Symmetric-key cryptography are algorithms that use the same key for encoding and decoding the data between both parties. The idea behind them and their implementation is more simple than the public-key algorithms, and this also gives them better encoding/decoding times and their keys don’t need to be as large as public system keys to be considered secure.

Here is a brief example of AES:

Which will return:

>>> @<I��*���3ܤ1aT��6�+

>>> This is a text message. Hello!!!

As intended, ciphertext variable contains an unreadable string, and we get the original string after decoding.

This code is pretty simple and it’s not difficult to understand, since most of the work occurs on the pycrypto libraries and we have no need to know about them as users.

– AES.new() creates a new key with a password given in the first parameter. The second parameter establishes a “sub-algorithm” used to increase security by preventing the same string to be encoded as the same ciphertext twice. However this is a very easy example and I’m using ECB mode which does not provide any special security. On the next issue I’ll show and use other parameters to explain how do they work.

– Note that the password has to have a length of either 16, 24 or 32 bytes. The longest the key, the greatest the security. I’ll cover how to generate one of these later if you want to use a password that has not that exact number of characters.

– Message variable is just a regular python string that we’ll encode and decode. This needs to have a lenght multiple of 16. So what does this mean? We have to always send messages of 16, 32, 48, 64… characters? Yes, but we can simply make use of a padding with a character that we’re not using, like “{” or any other to convert a string from a “Hello!” to a “Hello!{{{{{{{{{{{” and use the algorithm the same way. I’ll cover more on this on the next issue.

– C = X.encrypt(M) simply takes the key X to encrypt a message M on C.

– Decrypt method is roughly the same inverted, we could have used the same key ‘obj’, I created an ‘obj2’ just to show how given the same password two keys would encode and decode the same message.

Public-key Cryptography:

Public-key cryptography differs from symmetric in that two different keys are used: one for encoding the text and the other for decoding the ciphertext. In this tutorial we will use it only for text encoding, but it can be used aswell to prove authenticity.

The key using for encoding is public, and is usually stored in some site open to the world. Anyone can go and take that key and use it to encrypt data. But only the person who generated that key will be able to decrypt that ciphertext with his second key, which he has to mantain private.

We’ll be using this kind of cryptography to send a private symmetric-key on a ciphertext message. Since symmetric keys are faster to use and more safer (comparing two keys with the same lenght), we’ll be using them to send endoced messages between clients and our server. But how can we set up that common, unic key? Simple: The server will generate a public-key and send the public part to the client and keep the private part for itself. Anyone will be able to intercept and read that message (we still have a problem of autenthication) but once the client generates a symmetric-key to send back to the server to use symmetric-encoding for data transfer, only the server will be able to read that message, and nobody else will.

Without further delay:

>>> ('a\x18\xca\x92"\x85\xe9g\xb2\xfd\xcf@\xc4\x08&\x86\xa2\xb4\xa5\xaf\xef.\xc3I\x9e\x91\xa8"{\xf1\xfc\xa6\xb9\xfc\xee\xb9\xddI\xb2L\xa3\xf5\x93b3\xbb\x99Q\xb3z\xef-\xe2\x12\xc2n\xc0ET\xdb\x8baj\xeb\xbe\x87NqyQ\x97\xd4\x89\x05#\xba\x10\xad`D\xa5\x17b\xfc\x9d\xf0Q^_/\xbbO\xbe\\\x01=\xad\xf6\x1fBb\x9fb\x8c\xd7)\xdd\xb03\x0bXG\xeaZ\xbf\xad|\x9a\xaa\xb0E!\xbc+\xb1jW\xd6',)
>>> SendotuxProgramming

– First we use a randomg generator to create a variable with a random value that we’ll use as a parameter to generate both keys.

– First parameter on RSA.generate is the key lenght. It has to be multiple of 256 and larger or equal than 1024. Note that this key lenght is vastly larger than the one we used on AES encoding. Look how the generated ciphertext is much larger than the plain text aswell.

– key.publikey() returns the public key part stored inside key. We can use this method to get the key and send or publish it, so anyone can send you encoded data that only you can decrypt.

– Finally we use that public key to encrypt de data and we use the main key (which includes both keys and other information) to decrypt it.

This concludes the first part about python cryptography using pycrypto, perhaps I’ll update this tutorial later if I see there was missing information somewhere. As always, here are the files used on the examples:

Issue 4 files

External links:

Pycrypto API database
Pycrypto Webpage
Pycrypto binaries for Windows