-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathecc.py
72 lines (61 loc) · 2.38 KB
/
ecc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
from cryptography.hazmat.primitives.asymmetric import ec
from cryptography.hazmat.primitives.kdf.hkdf import HKDF
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
# Generate elliptic curve parameters
curve = ec.SECP256R1()
backend = default_backend()
# User 1 generates a private key and public key
private_key_1 = ec.generate_private_key(curve, backend)
public_key_1 = private_key_1.public_key()
# User 2 generates a private key and public key
private_key_2 = ec.generate_private_key(curve, backend)
public_key_2 = private_key_2.public_key()
# User 1 encrypts a message using User 2's public key
message = b"the key for encryption is CvmWpLYqG_3dCc8YrVWHV2M4-nG3lTsUjCsFtJt7j6M="
ephemeral_private_key = ec.generate_private_key(curve, backend)
ephemeral_public_key = ephemeral_private_key.public_key()
shared_key = private_key_2.exchange(ec.ECDH(), ephemeral_public_key)
hkdf = HKDF(
algorithm=hashes.SHA256(),
length=32,
salt=None,
info=b"handshake data",
backend=backend,
)
key = hkdf.derive(shared_key)
# Unique value for each encryption
import os
nonce = os.urandom(16)
cipher = Cipher(algorithms.AES(key), modes.CTR(nonce), backend=backend)
encryptor = cipher.encryptor()
ciphertext = encryptor.update(message) + encryptor.finalize()
encrypted = (
ephemeral_public_key.public_bytes(
encoding=serialization.Encoding.DER,
format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
+ ciphertext
)
# User 2 decrypts the message using their private key
ephemeral_public_key_bytes, ciphertext = encrypted[:91], encrypted[91:]
ephemeral_public_key = serialization.load_der_public_key(
ephemeral_public_key_bytes, backend=default_backend()
)
shared_key = private_key_2.exchange(ec.ECDH(), ephemeral_public_key)
hkdf = HKDF(
algorithm=hashes.SHA256(),
length=32,
salt=None,
info=b"handshake data",
backend=backend,
)
key = hkdf.derive(shared_key)
cipher = Cipher(algorithms.AES(key), modes.CTR(nonce), backend=backend)
decryptor = cipher.decryptor()
decrypted = decryptor.update(ciphertext) + decryptor.finalize()
print("Original message:", message)
print("\n\nEncrypted message which is sent to user b is :", encrypted)
print("\n\nDecrypted message:", decrypted)