# PEARS - *P*ython *E*ncryption *A*ES *R*SA *S*HA

PEARS setup instructions can be found here.

### PEARS Encryption Flow

##### PEARS Structure

Reference Document OpenPGP Message Format

PEARS consists of four primary divisions:

- RSA: Builds public - secret key pair and encrypts the AES one time key. Security - 1024 bit.
- SHA-256: Computes a 256 bit hash of the users RSA secret key pass word and a 256 bit one time key for AES.
- AES-256: Encrypts the users RSA secret key exponent "d" and any source file specified by the user.
- PEARS: TKinter GUI interface.

### Overview of the PEARS Functions Written in Python

##### RSA (Rivest, Shamir, Adleman)

Reference Documents RSA Cryptography Standard

**prime(L) -**Generates a random number "p" of length "L" bits using**os.random()**. Makes a statistical determination if "p" is prime using Rabbin-Miller test for composite [a^(p-1)modulo(p) != 1 if composite]. Test is repeated 256 time using random values for "a" range 0 - 510. If "p" is composite then a new random p is generated and the Rabbin-Miller test is repeated. This function continues until "p" is found to be prime. This function is used to generate p, q, and e.**modinv(e, p, q) -**Calculates secret key exponent "d" using the extended Euclidean algorithm such that 1 ≡ (d*e)mod((p-1)(q-1)). If "e" does not have a modular inverse this function returns "False"**keypair(L, public_key_filename, secret_key_filename, secret_key_pw) -**Generates the users public and secret key files. The public key file contains "n" and "e" and is encoded Radix64 (ASCII Armor). The secret key file contains AES_e(d) and AES_e(SHA(secret_key_pw)) and is not encoded (bytes) with the exception of the AES byte sizes (utf-8). In both cases the initiation vector for AES() is SHA(secret_key_pw). The secret_key_pw exists on disk only in the form of AES_e(SHA(secret_key_pw)). "p", "q" and "e" are each 1024 bits.**base64(n10) -**Encodes a base 10 integer to Radix64. Applied to the public key and the AES key.**base10(n64) -**Decodes a Radix63 to a base 10 integer. Applied to the public key and the AES key.**Get_Public_Key(public_key_filename) -**Extracts "n" and "e" from a PEARS public key file.**Get_secret_Key(secret_key_filename) -**Extracts "d" from the user's PEARS secret key file. If user prompted SHA(secret_key_pw) ≠ AES_d(SHA(secret_key_pw)) the function returns "False". This prevents improper decryption of "d".**RSA_e(outfile, n, e, H) -**Computes C = (P^e)mod(n) using the Python function**pow()**where P = H = SHA(3200 random bytes) and writes C to the AES key file endcoded Radix64. H is a 256 bit one time key (vector) for AES file encryption.**RSA_d(infile, n, e, d) -**Computes P = (C^d)mod(n) using the Python function**pow()**where P = H.

##### SHA-256 (Secure Hash Algorithm)

Reference Document FEDERAL INFORMATION PROCESSING STANDARDS - Publication 180-4

**SHA256(infile, exe_time) -**Computes a 256 bit hash of infile. If "exe_time" is true, then report execution time and bit rate. Within PEARS,**SHA256()**uses Python**io.BytesIO()**of the user entered RSA "secret_key_pw" as the 256 bit seed for**AES_e(my_secret_key)**.**SAH256()**also computes a 256 bit hash of Python**os.random(3200)**to seed AES_e(anyfile.xyz).**messageblock(infile, eof, totalbits) -**Reads 64 bytes of infile and applies the appropriate padding. "eof" and "totalbits" are used to control padding.**All Other Functions -**Perform bit level operations on 32 bit words as defined in FIPS-180-4.

##### AES-256 (Advanced Encrytion Standard, 256 bit key)

Reference Document FEDERAL INFORMATION PROCESSING STANDARDS - Publication 197

**AES_e(infile, outfile, H, exe_time) -**Encryptes infile to outfile. "H" is 256 bits computed by**SHA256()**and intializes the AES key. If "exe_time" is true, then report execution time and bit rate. Within**PEARS AES256()**encrypts the RSA "my_secret_key" and anyfile.xyz.**expandkey(H, sb) -**Performs AES key expansion of "H". Hard coded to 256 bit key.**countbytes(infile, switch) -**Counts total bytes of file to be encrytpted for padding purposes (files where (totalbits)mod(128) ≠ 0).**readbytes() and writebytes() -**Read and write from and to source and encrypted files without encoding (bytes).**All Other Functions -**Perform bit level operations on 8 bit words as defined in FIPS-197.

**Footnote: **This is the basic structure of PEARS. I don't have the time here to go into more detail. If you read the code and have questions or suggestions feel free to send me an email.