In this guide we will develop programs that use cryptographic methods,
relying in the Python3 Cryptography module.
The module can be installed using the typical package management methods
(e.g, apt install python3-cryptography), or using the pip3 tool
(e.g. pip3 install cryptography).
It will be useful to visualize and edit files in binary format. For that
purpose, if you are using Linux, you may install GHex or hexedit
from the repositories.
We will be exploring the low level interface of the python cryptography library, for educational purposes.
If you plan to use this library in real world application, stay with the Fernet interface.
As the documentation clearly states:
This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.
Symmetric Cryptography
Symmetric cryptography is used by creating an object that represents a
given cipher, with some parameters specifying the mode, as well as a
key. The cipher object presents an encryptor method, that is applied
(update) to the text in chunks (may require alignment with the cipher
block size). After the text is ciphered, a finalize method may be
used. Decryption is done in a similar way.
For more information please check the documentation available at the Cryptography.io Hazmat section.
File encryption
Create a function to encrypt the contents of a file, whose name should
be provided by the user. The key should be random, or provided by the user.
The user must provide (as program parameters or by request or
any other suitable method): (i) the name of the file to encrypt, (ii)
the name of the file to store the cryptogram, (iii) the name of the
encryption algorithm. Check the documentation and implement functions using
multiple ciphers. We recommend AES and ChaCha20.
If you need to save multiple fields to the same file (e.g, salt,
cryptogram), save these as fixed length fields to the beginning of the
file. A simpler alternative is to use Base64 to convert the objects to
text (base64 module), and then use a delimited such as \n.
Note 1: Take in consideration that data may need to be encrypted in
blocks, and the last block may require padding. Please see the PKCS#7 padding
method in the documentation.
Questions:
- What is the output of some encrypted data?
- Can you determine the structure of the text?
- What are the lengths of the text and the cryptogram?
- What is the impact of using different keys sizes (e.g. 16 vs 32 bytes)?
File decryption
Alter your program by adding a function that decrypts a user file. For this functionality, the user must provide the following (as program parameters or by request or any other suitable method): (i) the name of the file to decrypt, (ii) the name of the file to store the decryption result. The key must be requested.
Take care of removing the padding (if present!)
Questions:
- What is the impact of padding?
- Is padding visible in the decrypted text?
- What happens if the cryptogram is truncated?
- What happens if the cryptogram lacks some bytes in the beginning?
Cipher modes
Initialization Vector
Some cipher modes use feedback to add more complexity to the cryptogram,
namely CFB, OFB and CFB. Feedback implies the use of an Initialization Vector (IV),
which must be provided when
initializing an object for one of such cipher modes. Note that the
IV used to encrypt
some data must also be provided when decrypting it, therefore, the
IV is usually sent in clear text.
Alter your program so the user, when requesting an encryption operation, also indicates the cipher mode to be used. This should be applied both to encryption and decryption.
Note that the IV is only used on cipher modes with feedback, which is not the case of
ECB. Your program must be able to handle encryption using cipher modes both with and
without feedback.
Hint: Use the secrets module to obtain securely random
IVs.
Questions:
- What length should the
IVbe? - For each cipher mode, what is the impact of repeating the IV, while changing the Key?
- For each cipher mode, what is the impact of repeating the Key, while changing the IV?
Patterns
In this exercise we will analyze the impact of ECB and CBC cipher modes in the reproduction of
patterns in the original document into the encrypted document. For this,
we are going to encrypt an image in the bit map
(BMP) file format,
after which we are going to visualize the contents of the obtained
encrypted file and compare it with the original image. In order we can
visualize the contents of the encrypted file we must replace the first
54 bytes with the first 54 bytes from the original file (these bytes
constitute the header of BMP formatted files, which is necessary so
the file can be recognized as a BMP formatted file).
Use the program you developed in the previous sections to encrypt the
file p_ori.bmp using the ECB cipher mode and a cryptographic algorithm
of your choice. Using the dd application copy the copy the first 54
bytes from the original image file into the first 54 bytes of the
encrypted file:
$ dd if=p_ori.bmp of=p_enc.bmp ibs=1 count=54 conv=notrunc
Using a program to visualize images, open the original image and the encrypted image and compare them. What do you observe?
Repeat all the above operations, now using the CBC cipher mode instead of
ECB cipher mode,
and using the same algorithm. Then, compare the original image with the
obtained encrypted image. What do you observe?
Repeat the experience, using the same cipher modes, but varying the algorithm.
A typical image encrypted with feedback or without (mouse over) feedback will be:
(Images by Larry Ewing)
Questions:
- What do you conclude from the experiment?
- Can we have an insecure AES cryptogram?
Cryptogram corruption
In this exercise we are going to analyze the impact in a decrypted text
caused by errors in the cryptogram, when using ECB, CBC, OFB and CFB cipher modes.
Using the program developed in previous sections, encrypt the
p_ori.bmp file using the ECB cipher mode and an algorithm of your
choice. Using a binary file editor, change the value of a single bit in
some byte of the encrypted image (notice that the first 54 bytes are not
part of the image but rather part of the header of the file), for
example the byte in position 0x60.
Decrypt the file with the corrupted bit, using the same cipher mode and algorithm you used to encrypt. Using an binary file editor, open the original file and the decrypted file and compare them. What are your conclusions regarding the impact in the decrypted file produced by the corruption of a single bit in the cryptogram?
Repeat the experience for the remaining cipher modes and, for each of them, analyze the impact on the decrypted image produced by an error in a single bit of the cryptogram. Try to determine which are the cipher modes that produce a bigger impact and those that produce a smaller impact in the decrypted file.
Padding
A block cipher requires input blocks of a fixed size that equals the algorithm block size. However, its improbable that a file to encrypt as a number of bytes that is multiple of the block size of the algorithm to be used, i.e., frequently, the number of bytes that remain for the last block do not equals the block size. To solve this problem, extra bytes are added to have a block with the correct size. These extra bytes are then removed when in the decryption operation.
There are several standards for padding. PKCS#7 is one of them. The objective for this
exercise is that you demonstrate the existence of padding in a
encryption operation, and that it is according the
PKCS#7 standard.
Using a binary file editor and the program you developed, idealize an
experiment involving encryption and decryption operations with
ECB cipher mode,
PKCS#5 padding and an algorithm of your choice, that shows the presence of padding and how
PKCS#7 padding is made.
Hint: Do not use padding when decrypting a cryptogram with padding
Questions:
- Is padding required for all ciphers modes?
- What is the impact of padding when selecting the cryptographic primitive?
Additional Resources
While this guide mostly focus in using Python, the same processes can be
executed in other languages. We include an example using C for you to
observe what varies between your implementation and a similar implementation
in another language. Check it here.