PEARS - Python Encryption AES RSA SHA

PEARS setup instructions can be found here.

PEARS Encryption Flow


PEARS Encrption Flow
PEARS Structure

Reference Document OpenPGP Message Format

PEARS consists of four primary divisions:

Overview of the PEARS Functions Written in Python

RSA (Rivest, Shamir, Adleman)

Reference Documents RSA Cryptography Standard

  1. prime(L) - Generates a random number "p" of length "L" bits using os.random(). Makes a statistical determination if "p" is prime using Rabbin-Miller test for composite [a^(p-1)modulo(p) != 1 if composite]. Test is repeated 256 time using random values for "a" range 0 - 510. If "p" is composite then a new random p is generated and the Rabbin-Miller test is repeated. This function continues until "p" is found to be prime. This function is used to generate p, q, and e.
  2. modinv(e, p, q) - Calculates secret key exponent "d" using the extended Euclidean algorithm such that 1 ≡ (d*e)mod((p-1)(q-1)). If "e" does not have a modular inverse this function returns "False"
  3. keypair(L, public_key_filename, secret_key_filename, secret_key_pw) - Generates the users public and secret key files. The public key file contains "n" and "e" and is encoded Radix64 (ASCII Armor). The secret key file contains AES_e(d) and AES_e(SHA(secret_key_pw)) and is not encoded (bytes) with the exception of the AES byte sizes (utf-8). In both cases the initiation vector for AES() is SHA(secret_key_pw). The secret_key_pw exists on disk only in the form of AES_e(SHA(secret_key_pw)). "p", "q" and "e" are each 1024 bits.
  4. base64(n10) - Encodes a base 10 integer to Radix64. Applied to the public key and the AES key.
  5. base10(n64) - Decodes a Radix63 to a base 10 integer. Applied to the public key and the AES key.
  6. Get_Public_Key(public_key_filename) - Extracts "n" and "e" from a PEARS public key file.
  7. Get_secret_Key(secret_key_filename) - Extracts "d" from the user's PEARS secret key file. If user prompted SHA(secret_key_pw) ≠ AES_d(SHA(secret_key_pw)) the function returns "False". This prevents improper decryption of "d".
  8. RSA_e(outfile, n, e, H) - Computes C = (P^e)mod(n) using the Python function pow() where P = H = SHA(3200 random bytes) and writes C to the AES key file endcoded Radix64. H is a 256 bit one time key (vector) for AES file encryption.
  9. RSA_d(infile, n, e, d) - Computes P = (C^d)mod(n) using the Python function pow() where P = H.
SHA-256 (Secure Hash Algorithm)

Reference Document FEDERAL INFORMATION PROCESSING STANDARDS - Publication 180-4

  1. SHA256(infile, exe_time) - Computes a 256 bit hash of infile. If "exe_time" is true, then report execution time and bit rate. Within PEARS, SHA256() uses Python io.BytesIO() of the user entered RSA "secret_key_pw" as the 256 bit seed for AES_e(my_secret_key). SAH256() also computes a 256 bit hash of Python os.random(3200) to seed AES_e(anyfile.xyz).
  2. messageblock(infile, eof, totalbits) - Reads 64 bytes of infile and applies the appropriate padding. "eof" and "totalbits" are used to control padding.
  3. All Other Functions - Perform bit level operations on 32 bit words as defined in FIPS-180-4.
AES-256 (Advanced Encrytion Standard, 256 bit key)

Reference Document FEDERAL INFORMATION PROCESSING STANDARDS - Publication 197

  1. AES_e(infile, outfile, H, exe_time) - Encryptes infile to outfile. "H" is 256 bits computed by SHA256() and intializes the AES key. If "exe_time" is true, then report execution time and bit rate. Within PEARS AES256() encrypts the RSA "my_secret_key" and anyfile.xyz.
  2. expandkey(H, sb) - Performs AES key expansion of "H". Hard coded to 256 bit key.
  3. countbytes(infile, switch) - Counts total bytes of file to be encrytpted for padding purposes (files where (totalbits)mod(128) ≠ 0).
  4. readbytes() and writebytes() - Read and write from and to source and encrypted files without encoding (bytes).
  5. All Other Functions - Perform bit level operations on 8 bit words as defined in FIPS-197.

Footnote: This is the basic structure of PEARS. I don't have the time here to go into more detail. If you read the code and have questions or suggestions feel free to send me an email.