def dh_encrypt(pub, message):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message.
"""
Group, private, public = dh_get_key()#generate new DH pair for Alice
#private key is an integer/scalar and public key is a point on the curve
#check whether public key of Bob is valid and on curve
assert Group.check_point(pub)
#Alice obtains shared secret by multiplying her private key with bob's forwarded public key
key = pub.pt_mul(private)#dA* qB
print "key from enc is", key
hashedKey=sha256(key.export()).digest()
plaintext = message.encode("utf8")#encode message
aes = Cipher("aes-128-gcm")#select cipher
iv = urandom(16)#generate initialization vector
cipher, tag = aes.quick_gcm_enc(hashedKey[:16], iv, plaintext)#encrypt using shared key
ciphertext = [iv,cipher,tag,public]
return ciphertext
def dh_encrypt(pub, message, aliceSig=None):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message with Alice's key.
"""
## YOUR CODE HERE
# Bob's public key is a point on the curve
bob_pub = pub
G, alice_priv, alice_pub = dh_get_key()
# Alice's private key is a scalar
# shared_key_point = bob_pub * alice_priv # this is multiplication of a point with a scalar
shared_key_point = bob_pub.pt_mul(alice_priv)
# We convert this shared_key point to a
# string binary representation with .export
#
# .export :
# "Returns a string binary representation
# of the point in compressed coordinates"
shared_key_point_binary = shared_key_point.export()
# Then we hash the value to produce a 256 bit key
shared_key = sha256(shared_key_point_binary).digest()
plaintext = message.encode("utf8")
## YOUR CODE HERE
aes = Cipher("aes-256-gcm")
iv = urandom(16)
encrypted_text, tag = aes.quick_gcm_enc(shared_key, iv, plaintext)
# iv, encrypted_text, tag = encrypt_message(shared_key, message)
return alice_pub, iv, encrypted_text, tag
def dh_encrypt(pub, message):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message.
"""
Group, private, public = dh_get_key() #generate new DH pair for Alice
#private key is an integer/scalar and public key is a point on the curve
#check whether public key of Bob is valid and on curve
assert Group.check_point(pub)
#Alice obtains shared secret by multiplying her private key with bob's forwarded public key
key = pub.pt_mul(private) #dA* qB
print "key from enc is", key
hashedKey = sha256(key.export()).digest()
plaintext = message.encode("utf8") #encode message
aes = Cipher("aes-128-gcm") #select cipher
iv = urandom(16) #generate initialization vector
cipher, tag = aes.quick_gcm_enc(hashedKey[:16], iv,
plaintext) #encrypt using shared key
ciphertext = [iv, cipher, tag, public]
return ciphertext
def dh_encrypt(pub, message, aliceSig = None):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message with Alice's key.
"""
# pub is bob's pub key, alicesig is my private sig key,
# which shuold be different from enc/dec keypair
# for cryptographic sec reasons
# priv is an integer, pub is an ec point
alice_G, alice_priv, alice_pub = dh_get_key()
# shared secret = my priv x bob's pub point
shared_key = alice_priv * pub
# hash ec pt to derive key
shared_key = sha256(shared_key.export()).digest()
# aes_gcm encrypt
aes = Cipher("aes-256-gcm")
iv = urandom(len(shared_key))
ciphertext, tag = aes.quick_gcm_enc(shared_key, iv, message.encode("utf-8"))
# sign message (assume using common curve)
# hash ciphertext
sig = do_ecdsa_sign(EcGroup(), aliceSig, sha256(ciphertext).digest()) if aliceSig else None
# return alice_pub for dh_decrypt on bob side
# (because bob needs alice's pub to gen shared secret)
return (iv, ciphertext, tag, alice_pub, sig)
def encrypt_message(K, message):
""" Encrypt a message under a key K """
plaintext = message.encode("utf8")
aes = Cipher("aes-128-gcm")
iv = urandom(16)
ciphertext, tag = aes.quick_gcm_enc(K, iv, plaintext)
return (iv, ciphertext, tag)
def encrypt_message(K, message, key_length=16):
""" Encrypt a message under a key K """
plaintext = message.encode("utf8")
aes = Cipher("aes-{}-gcm".format(key_length * 8))
iv = urandom(key_length)
ciphertext, tag = aes.quick_gcm_enc(K, iv, plaintext)
return iv, ciphertext, tag
def encrypt_message(K, message):
""" Encrypt a message under a key K """
## YOUR CODE HERE
plaintext = message.encode("utf8")
aes = Cipher("aes-128-gcm") # Initialize AES-GCM with 128 bit keys
iv = urandom(16)
# Encryption using AES-GCM returns a ciphertext and a tag
ciphertext, tag = aes.quick_gcm_enc(K, iv, plaintext)
return (iv, ciphertext, tag)
def encrypt_message(K, message):
""" Encrypt a message under a key K """
plaintext = message.encode("utf8")
aes = Cipher("aes-128-gcm")
iv = urandom(16)
# Encryption using AES-GCM returns a ciphertext and a tag
ciphertext, tag = aes.quick_gcm_enc(K, iv, plaintext)
return (iv, ciphertext, tag)
def encrypt_message(K, message, key_length=128):
""" Encrypt a message under a key K """
plaintext = message.encode("utf8")
iv = urandom(16)
if key_length not in [128, 192, 256]:
raise Exception("Invalid key length")
aes = Cipher("aes-%s-gcm" % str(key_length))
ciphertext, tag = aes.quick_gcm_enc(K, iv, plaintext)
return (iv, ciphertext, tag)
def encrypt_message(K, message):
""" Encrypt a message under a key K """
plaintext = message.encode("utf8")
## YOUR CODE HERE
# we declare the aes cipher
aes = Cipher("aes-128-gcm")
# we generate the iv
iv = urandom(16)
# we encrypt the message "plaintext" using the key K provided and the iv we generated
ciphertext, tag = aes.quick_gcm_enc(K, iv, plaintext)
return (iv, ciphertext, tag)
def dh_encrypt(pub, message, aliceSig=None):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message with Alice's key.
"""
(G, priv_dec, pub_enc) = dh_get_key()
shared_key = pub.pt_mul(priv_dec).export()
hashed_shared_key = sha256(shared_key).digest()
iv = urandom(16)
aes = Cipher("aes-128-gcm")
ciphertext, tag = aes.quick_gcm_enc(hashed_shared_key[:16], iv,
message.encode("utf-8"))
return (iv, ciphertext, tag, pub_enc)
def dh_encrypt(pub, message):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message with Alice's key.
"""
(G, fresh_priv, fresh_pub) = dh_get_key()
shared_key = dh_get_shared_key(pub, fresh_priv)
plaintext = message.encode("utf8")
aes = Cipher("aes-256-gcm")
iv = urandom(32)
ciphertext, tag = aes.quick_gcm_enc(shared_key, iv, plaintext)
signature = ecdsa_sign(G, fresh_priv, message)
return (ciphertext, iv, tag, fresh_pub, signature)
def dh_encrypt(pub, message, aliceSig=None):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message with Alice's key.
"""
## YOUR CODE HERE
plaintext = message.encode("utf8")
G, priv_dec, pub_enc = dh_get_key()
#get a 16 byte string
freshKey = pub.pt_mul(priv_dec).export()[:16]
aes = Cipher("aes-128-gcm")
iv = urandom(16)
ciphertext, tag = aes.quick_gcm_enc(freshKey, iv, plaintext)
return (iv, ciphertext, tag, pub_enc)
def dh_encrypt(pub, message, aliceSig = None):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message with Alice's key.
"""
## YOUR CODE HERE
# pub is Q_B = d_B G
# we generate Q_A = d_A G
# if we send Q_A, recipient calculates d_B Q_A = d_A d_B G
# we can calculate d_A Q_B = d_A d_B G
# shared key is x coord of d_A d_B G
# Generate a fresh public key
G, priv, public = dh_get_key()
# Use private part of key to generate shared key
# - scalar multiplication instead of exponentiation
''' Multiply the private part by Bob's public key '''
secret = pub.pt_mul(priv)
# x, y = secret.get_affine()
# shared = x.binary()[:24]
shared = sha256(secret.export()).digest()
# print(len(shared))
# Perform encryption with shared key
plaintext = message.encode("utf8")
aes = Cipher("aes-256-gcm")
# print(aes.len_key())
iv = urandom(16)
ciphertext, tag = aes.quick_gcm_enc(shared, iv, plaintext)
# Send fresh public key, output of AEAD and possibly signatures
return (public, iv, ciphertext, tag)
def dh_encrypt(pub, message, aliceSig = None):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message with Alice's key.
"""
## YOUR CODE HERE
## Diffie Hellman fresh key
G, fresh_priv, fresh_pub = dh_get_key()
## Use the private part of the key to derive a shared key
## The shared key is the x-coordinate of the multiplication point from pub*fresh_priv
shared_key, y = pub.pt_mul(fresh_priv).get_affine()
shared_key = sha256(shared_key.repr()).digest()[:32]
plaintext = message.encode("utf8")
aes = Cipher("aes-256-gcm")
iv = urandom(32)
ciphertext, tag = aes.quick_gcm_enc(shared_key, iv, plaintext)
return (iv, ciphertext, tag, fresh_pub)
def dh_encrypt(pub, message, aliceSig = None):
""" Assume you know the public key of someone else (Bob),
and wish to Encrypt a message for them.
- Generate a fresh DH key for this message.
- Derive a fresh shared key.
- Use the shared key to AES_GCM encrypt the message.
- Optionally: sign the message with Alice's key.
"""
# priv is class Bn, pub is class EcPt
G, new_priv, new_pub = dh_get_key()
# Get the x coordinate of the point multiplication, which is
# the shared key
shared_K, _ = pub.pt_mul(new_priv).get_affine()
shared_K = sha256(shared_K.repr()).hexdigest()
shared_K = shared_K[:32]
plaintext = message.encode("utf8")
aes = Cipher("aes-256-gcm")
iv = urandom(32)
ciphertext, tag = aes.quick_gcm_enc(shared_K, iv, plaintext)
return iv, ciphertext, tag, new_pub
