PEARS - Python Encryption AES RSA SHA
PEARS setup instructions can be found here.
PEARS Encryption Flow
Reference Document OpenPGP Message Format
PEARS consists of four primary divisions:
- RSA: Builds public - secret key pair and encrypts the AES one time key. Security - 1024 bit.
- SHA-256: Computes a 256 bit hash of the users RSA secret key pass word and a 256 bit one time key for AES.
- AES-256: Encrypts the users RSA secret key exponent "d" and any source file specified by the user.
- PEARS: TKinter GUI interface.
Overview of the PEARS Functions Written in Python
RSA (Rivest, Shamir, Adleman)
Reference Documents RSA Cryptography Standard
- prime(L) - Generates a random number "p" of length "L" bits using os.random(). Makes a statistical determination if "p" is prime using Rabbin-Miller test for composite [a^(p-1)modulo(p) != 1 if composite]. Test is repeated 256 time using random values for "a" range 0 - 510. If "p" is composite then a new random p is generated and the Rabbin-Miller test is repeated. This function continues until "p" is found to be prime. This function is used to generate p, q, and e.
- modinv(e, p, q) - Calculates secret key exponent "d" using the extended Euclidean algorithm such that 1 ≡ (d*e)mod((p-1)(q-1)). If "e" does not have a modular inverse this function returns "False"
- keypair(L, public_key_filename, secret_key_filename, secret_key_pw) - Generates the users public and secret key files. The public key file contains "n" and "e" and is encoded Radix64 (ASCII Armor). The secret key file contains AES_e(d) and AES_e(SHA(secret_key_pw)) and is not encoded (bytes) with the exception of the AES byte sizes (utf-8). In both cases the initiation vector for AES() is SHA(secret_key_pw). The secret_key_pw exists on disk only in the form of AES_e(SHA(secret_key_pw)). "p", "q" and "e" are each 1024 bits.
- base64(n10) - Encodes a base 10 integer to Radix64. Applied to the public key and the AES key.
- base10(n64) - Decodes a Radix63 to a base 10 integer. Applied to the public key and the AES key.
- Get_Public_Key(public_key_filename) - Extracts "n" and "e" from a PEARS public key file.
- Get_secret_Key(secret_key_filename) - Extracts "d" from the user's PEARS secret key file. If user prompted SHA(secret_key_pw) ≠ AES_d(SHA(secret_key_pw)) the function returns "False". This prevents improper decryption of "d".
- RSA_e(outfile, n, e, H) - Computes C = (P^e)mod(n) using the Python function pow() where P = H = SHA(3200 random bytes) and writes C to the AES key file endcoded Radix64. H is a 256 bit one time key (vector) for AES file encryption.
- RSA_d(infile, n, e, d) - Computes P = (C^d)mod(n) using the Python function pow() where P = H.
SHA-256 (Secure Hash Algorithm)
Reference Document FEDERAL INFORMATION PROCESSING STANDARDS - Publication 180-4
- SHA256(infile, exe_time) - Computes a 256 bit hash of infile. If "exe_time" is true, then report execution time and bit rate. Within PEARS, SHA256() uses Python io.BytesIO() of the user entered RSA "secret_key_pw" as the 256 bit seed for AES_e(my_secret_key). SAH256() also computes a 256 bit hash of Python os.random(3200) to seed AES_e(anyfile.xyz).
- messageblock(infile, eof, totalbits) - Reads 64 bytes of infile and applies the appropriate padding. "eof" and "totalbits" are used to control padding.
- All Other Functions - Perform bit level operations on 32 bit words as defined in FIPS-180-4.
AES-256 (Advanced Encrytion Standard, 256 bit key)
Reference Document FEDERAL INFORMATION PROCESSING STANDARDS - Publication 197
- AES_e(infile, outfile, H, exe_time) - Encryptes infile to outfile. "H" is 256 bits computed by SHA256() and intializes the AES key. If "exe_time" is true, then report execution time and bit rate. Within PEARS AES256() encrypts the RSA "my_secret_key" and anyfile.xyz.
- expandkey(H, sb) - Performs AES key expansion of "H". Hard coded to 256 bit key.
- countbytes(infile, switch) - Counts total bytes of file to be encrytpted for padding purposes (files where (totalbits)mod(128) ≠ 0).
- readbytes() and writebytes() - Read and write from and to source and encrypted files without encoding (bytes).
- All Other Functions - Perform bit level operations on 8 bit words as defined in FIPS-197.
Footnote: This is the basic structure of PEARS. I don't have the time here to go into more detail. If you read the code and have questions or suggestions feel free to send me an email.