Question

In: Computer Science

Try to make it as simple as you can. You need to do some research on...

Try to make it as simple as you can.

You need to do some research on different types of cryptography libraries in Python. Find out how can we use cryptography libraries in Python. Write down the steps to install the cryptography library in Python. Write a small program to encrypt and decrypt a message using the Python library.

Solutions

Expert Solution

The most useful high-level secure primitive in cryptography is the Fernet implementation. Fernet is a standard for encrypting buffers in a way that follows best-practices cryptography. It is not suitable for very big files—anything in the gigabyte range and above—since it requires you to load the whole buffer that you want to encrypt or decrypt into memory at once.

Fernet supports symmetric, or secret key, cryptography: the same key is used for encryption and decryption, and therefore must be kept safe.

Generating a key is easy:

 

>>> k = fernet.Fernet.generate_key()
>>> type(k)
<class 'bytes'>

Those bytes can be written to a file with appropriate permissions, ideally on a secure machine.

Once you have key material, encrypting is easy as well:

 

>>> frn = fernet.Fernet(k)
>>> encrypted = frn.encrypt(b"x marks the spot")
>>> encrypted[:10]
b'gAAAAABb1'

You will get slightly different values if you encrypt on your machine. Not only because (I hope) you generated a different key from me, but because Fernet concatenates the value to be encrypted with some randomly generated buffer. This is one of the "best practices" I alluded to earlier: it will prevent an adversary from being able to tell which encrypted values are identical, which is sometimes an important part of an attack.

Decryption is equally simple:

 

>>> frn = fernet.Fernet(k)
>>> frn.decrypt(encrypted)
b'x marks the spot'

Note that this only encrypts and decrypts byte strings. In order to encrypt and decrypt text strings, they will need to be encoded and decoded, usually with UTF-8.

One of the most interesting advances in cryptography in the mid-20th century was public key cryptography. It allows the encryption key to be published while the decryption key is kept secret. It can, for example, be used to store API keys to be used by a server: the server is the only thing with access to the decryption key, but anyone can add to the store by using the public encryption key.

While cryptography does not have any public key cryptographic secure primitives, the PyNaCl library does. PyNaCl wraps and offers some nice ways to use the NaCl encryption system invented by Daniel J. Bernstein.

NaCl always encrypts and signs or decrypts and verifies signatures simultaneously. This is a way to prevent malleability-based attacks, where an adversary modifies the encrypted value.

Encryption is done with a public key, while signing is done with a secret key:

 

>>> from nacl.public import PrivateKey, PublicKey, Box
>>> source = PrivateKey.generate()
>>> with open("target.pubkey", "rb") as fpin:
...   target_public_key = PublicKey(fpin.read())
>>> enc_box = Box(source, target_public_key)
>>> result = enc_box.encrypt(b"x marks the spot")
>>> result[:4]
b'\xe2\x1c0\xa4'

Decryption reverses the roles: it needs the private key for decryption and the public key to verify the signature:

 

>>> from nacl.public import PrivateKey, PublicKey, Box
>>> with open("source.pubkey", "rb") as fpin:
...   source_public_key = PublicKey(fpin.read())
>>> with open("target.private_key", "rb") as fpin:
...   target = PrivateKey(fpin.read())
>>> dec_box = Box(target, source_public_key)
>>> dec_box.decrypt(result)
b'x marks the spot'

The PocketProtector library builds on top of PyNaCl and contains a


Related Solutions

Try to make it as simple as you can. Please provide the answers with some examples...
Try to make it as simple as you can. Please provide the answers with some examples as fast as you can. 11-Which of the following do all domains in the same forest have in common? (Choose all that apply.) a) The same domain name    b) The same schema c) The same user accounts    d) The same global catalog   12-Which of the following is a valid reason for using multiple forests? a) Centralized management     b) Need for different schemas c) Easy...
Try to make it as simple as you can and explain as much as it needed....
Try to make it as simple as you can and explain as much as it needed. What is Trusted Third Party (TTP)? What are the problems with TTP? (3 points) Ans: Using Caesar cipher algorithm and key value = 4, encrypt the plain text “Network Security”. Show your work.          (3 points) Ans: Let k be the encipherment key for a Caesar cipher. The decipherment key differs; it is 26 - k. One of the characteristics of a public key system...
Economics: Can make considerable fortunes for some? How do we collect data, disseminate research – can...
Economics: Can make considerable fortunes for some? How do we collect data, disseminate research – can we bring research results into areas outside of the academic world?
Can you give some specific examples of financial management decisions that organizations need to make? 
Can you give some specific examples of financial management decisions that organizations need to make? 
“Even if psychological research cannot be completely objective, psychologists should try to make their research as...
“Even if psychological research cannot be completely objective, psychologists should try to make their research as objective as possible, and should try to minimize the influence of their values in the research process.”  Do you agree or disagree with this statement? What do you think are the advantages and the disadvantages of this point of view? Include an example of possible psychological research (this could be something you make up) when discussing the merits and limits of objectivity in research.
I need to do a research paper on self-esteem and job performance. I just need some...
I need to do a research paper on self-esteem and job performance. I just need some ideas to get me started
Can you tell me why in some experiments (such as biodiesel production) do we need to...
Can you tell me why in some experiments (such as biodiesel production) do we need to test the cloud point and pour point? What is the purpose?
In order to make a Chromatin Immunoprecipitation (ChIP) dilution buffer, you need to make some concentrated...
In order to make a Chromatin Immunoprecipitation (ChIP) dilution buffer, you need to make some concentrated stock solutions first. Describe how to make the following solution: make 500 mL of a 1 M Tris-Cl pH 8.0 stock solution (Tris base is a solid with a FW: 121.14 g/mol) 

You need to make a purchase decision on a computer for your classwork. Conduct research on...
You need to make a purchase decision on a computer for your classwork. Conduct research on the following computer forms: Desktops All-in-ones Laptops Tablets What are some pros and cons of each form? Which one best fits your need? Why? Provide an example of a brand and model you would purchase. What are the technical specifications of your selection – for example memory, storage space, processor speed? Compare your result with other students and choose one student who selected a...
Assume you want to try make some additional money over the next three months to cushion...
Assume you want to try make some additional money over the next three months to cushion the blow of no year-end bonus will be pay by your employer. Call options on a stock TKM are available with strike prices of $13, $15, $17.5, $18.5 and $20 and expiration dates in three months. Their prices are $5.5, $4, $2, $1.5 and $0.5 respectively. Put options on the same stock are available with strike prices of $24, $23.5, $22.5, $21 and $19...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT