20 lines of Python code to achieve encrypted communication

1. Introduction

The Internet is full of eavesdroppers, and our information can be easily obtained by people with bad intentions, which will have a bad impact on us. If you need to transmit confidential or sensitive private information on the Internet, you may need to encrypt it to prevent people with ulterior motives from eavesdropping. Using encryption software online or on your mobile phone may be a hotbed for information leakage. Therefore, as programmers, we can completely implement an encryption system ourselves.

This article uses 20 lines of Python code to demonstrate the functions of encryption, decryption, signing, and verification. By following the example, you can not only understand encryption technology, but also implement an encrypted communication mechanism yourself.

Encryption and decryption are based on advanced mathematical theories. It is not recommended that you implement the encryption algorithm yourself. You can directly call the corresponding library.

2. Encryption Technology

We demonstrate two types of encryption technology here, namely symmetric encryption and asymmetric encryption.

Before explaining encryption technology, we need to assume our usage scenario, which is also a common setting in cryptography.

• Alice and Bob are the two parties in the communication
• Eve is an eavesdropper
• The message passed is PlainText
• The secret key used for encryption
• The encrypted ciphertext is the secret message

3. Ordinary lock: simple symmetric encryption

Symmetric encryption: Both encryption and decryption use the same secret key. For example, here, key = '1234567887654321'.encode('utf-8'), this key is the common key of Alice and Bob. When Alice sends a message, she needs to perform the following operations to complete the encryption.

 from Crypto.Cipher import AES

 cryptor = AES.new(key, AES.MODE_ECB)

 secret = cryptor.encrypt(plain.encode('utf-8'))

 secret = b64encode(secret)

• The first line imports the AES algorithm. AES is an algorithm for symmetric encryption.
• The second line creates a new encryptor, key is the secret key, AES.MODE_ECB is the information filling mode
• The third line completes the encryption
• The encrypted information in the fourth line is encoded by b64encode and sent to Bob.

HTTP is a text protocol, and the content is all text characters. If you want to transfer binary files, you need to convert them into text. Base64 code is a form of encoding that uses characters to represent binary.

After Bob receives the information, he performs the following decoding and decryption operations.

 secret = b64decode(secret)
 plainText = cryptor.decrypt(secret).decode('utf-8')

The obtained plainText is the plaintext message sent by Alice.

Note that two people use the same secret key to encrypt and decrypt.

Now let's solve a small problem: the network often loses packets, causing Alice's speech to be missing at times. What should we do?

4. Unalterable fingerprint: hash function

Just like people have fingerprints, the messages they pass also have their own fingerprints. Hash functions are used to find the fingerprint of a message. Hash functions are also called message digest functions. As the name suggests, they are used to summarize a piece of content and make a fingerprint. This output (fingerprint) is very characteristic:

No matter how long the input is, the output length is fixed and the output looks like gibberish.

A slight change in input will result in a huge difference in output.

Messages can be used to infer fingerprints, but fingerprints cannot be used to infer messages.

With the above features, Alice can hash the message and give both the hash value and the message to Bob. Bob also hashes the message. If the two values ​​are the same, it means that the content of the message is complete and no information has been tampered with or lost.

 from hashlib import md5
 plainText = 'I love you!'
 hash_ = md5(plainText.encode('utf-8')).hexdigest()

The result is: 690a8cda8894e37a6fff4d1790d53b33. If Bob also hashes this message and the result is the same, it means that the message is complete.

Now let's solve a big problem: if the secret key of symmetric encryption is lost and obtained by the bad guy Eve, he can eavesdrop on the communication between Alice and Bob, and even pretend to be the other party to send messages to the other party.

Now asymmetric encryption comes into play.

5. Spear and Shield: Asymmetric Encryption

Asymmetric encryption means that the encryption and decryption keys are not one, but a pair. The one you hold is called the private key, and the one you give to the other party is called the public key. The characteristics are:

• Public key encryption, private key decryption.
• Private key encrypts, public key decrypts.
• The private key can be used to derive the public key, but not vice versa.

Using the above features, we can implement a secure encryption algorithm. First, Bob generates a secret key and saves it as a file.

 import rsa
 Bob_pubkey, Bob_privkey = rsa.newkeys(512)
 with open('Bob-pri.pem', 'wb')as prif, open('Bob-pub.pem', 'wb')as pubf:
 prif.write(Bob_privkey.save_pkcs1())
 pubf.write(Bob_pubkey.save_pkcs1())

in

• Bob_prikey is Bob's private key, which he keeps by himself.
• Bob_pubkey is Bob's public key, given to Bob.

When Alice sends a message to Bob

• Encrypt using Bob's public key: secret = rsa.encrypt(plain_byte,Bob_pubkey).

After Bob receives the message

• Bob uses his private key to decrypt the message sent by Alice: plain=rsa.decrypt(secret,Bob_prikey).decode('utf-8').

Bob's public key allows Alice to send messages to Bob, and Bob uses his private key to decrypt them. Similarly, Alice's key pair allows the other party to send messages to her. At this point, Alice and Bob have achieved secure communication. They use each other's public key to encrypt and their own private key to decrypt the messages sent to them.

Even if the message Alice sends to Bob is intercepted by Eve, he does not have Bob's private key and cannot decrypt the ciphertext.

However, there is a problem. What if Eve encrypts information with Bob's public key and sends it to Bob disguised as Alice? How to be sure that Alice is Alice and not Eve? The key to the problem is that Alice holds Alice's private key, while Eve does not have a private key. This is the basis of digital signature technology.

6. True Words: Digital Signatures

Eve disguises herself as Alice, just like the fake Tang Monk disguises himself as Tang Monk. Their words and actions look very similar. How can people tell them apart? It's very simple. The real Tang Monk has a core technology, which is the golden hoop.

In asymmetric encryption, public keys are usually used for encryption and private keys for decryption. If a private key is used for encryption, it is actually equivalent to signing. Because only the holder of the private key can encrypt, and it can be decrypted by the public key. Therefore, private key encryption is equivalent to the private key holder confirming the signature - the message comes from the private key holder.

The private key is equivalent to the real Tang Monk's golden hoop.

For efficiency reasons, the original information is generally not encrypted, but its hashed value is encrypted. According to the characteristics of the hash mentioned above, this can still ensure that the original information is unique and has not been tampered with.

Encrypting a message digest with a private key is called a digital signature.

The verification steps are as follows:

• Alice is ready to send a message PlainText
• First calculate its MD5 hash value Hash_a
• Then encrypt the hash value with the private key (digital signature)
• Send Alice's public key, digital signature, and message to Bob
• After Bob receives the message
• Use Alice's public key to decrypt the digital signature and generate a hash value Hash_a to be verified
• Then calculate the message hash value Hash_b
• If Hasha == Hashb, the sender must be Alice who holds the private key, and the message has not been modified.
• Otherwise, it means the message was not sent by Alice.

 signature = rsa.sign(plain_byte, Alice_prikey, 'MD5')
 status = rsa.verify(plain_byte, signature, Alice_pubkey)

Note that the signature in the sign method above is Alice's private key, while the check is done with Alice's public key. Alice cannot deny the information she signed, because she is the only one who holds her private key, and no one else can sign (encrypt) such a message.

Just like the real Tang Monk can recite the Tightening Curse, this is his private key. The fake Tang Monk looks very good, but he does not master the Tightening Curse, so he cannot recite the mantra.

VII. Conclusion

This article uses 20 lines of Python code to demonstrate how to implement secure communication functions.

Hash function is a tool that can extract digital fingerprints of messages and verify data integrity.

Symmetric encryption is simple and practical.

With the help of asymmetric encryption, we achieve secure communication, and digital signatures make it impossible for the other party to disguise or deny.