C 431: Public-Key Encryption With Sodium (25 extra)

What You Need

Any machine with Python 3.


To learn how to use the Sodium library to perform ECC as a replacement for RSA, as advocated in the video below.

Installing and Importing PyNaCl

In a Terminal window, execute these commands to install the PyNaCl library, launch Python 3 in interactive mode, and import the functions we need:
python3 -m pip install pynacl
import nacl.utils
from nacl.public import PrivateKey, Box

Generating Bob's Keys

Bob needs to generate a key pair: skbob - his secret key, and pkbob - his public key.

Execute these commands:

skbob = PrivateKey.generate()
skbob.encode(encoder = nacl.encoding.HexEncoder)
pkbob = skbob.public_key.encode(encoder = nacl.encoding.HexEncoder)
Bob's public and private keys are both long strings of hexadecimal characters, as shown below.

Bob will publish his public key somewhere everyone can find it, such as a Web page, and keep his private key secret.

Generating Alice's Keys

Execute these commands to generate Alice's keys:
skalice = PrivateKey.generate()
pkalice = skalice.public_key.encode(encoder = nacl.encoding.HexEncoder)
Alice's public key is a different string of random hexadecimal characters, as shown below.

Alice publishes her public key, just as Bob did.

Encrypting with Box

The Box class uses a private key and another person's public key to derive a shared key, which can be used to send encrypted messages.

Bob wants to send a message "HELLO FROM BOB" to Alice. He needs to encode Alice's public key from hexadecimal into a nacl PublicKey structure.

To do that, execute these commands:

decoded_pkalice = nacl.public.PublicKey(pkalice, encoder = nacl.encoding.HexEncoder) 
bob_box = Box(skbob, decoded_pkalice)

plaintext = b"HELLO FROM BOB"
ciphertext = bob_box.encrypt(plaintext).hex()
pkalice is in hexadecimal, and we imported it into a nacl PublicKey structure named decoded_pkalice.

That object, together with Bob's private key, formed the shared secret key needed to create the Box object so we could encrypt the message.

The ciphertext is random-looking bytes, as shown below.


Bob sends the ciphertext to Alice. Alice can decrypt it using her private key and Bob's public key.

Execute these commands:

decoded_pkbob = nacl.public.PublicKey(pkbob, encoder = nacl.encoding.HexEncoder) 
alice_box = Box(skalice, decoded_pkbob)
plaintext = alice_box.decrypt(bytes.fromhex(ciphertext))
Both ciphertexts decrypt to the same message, as shown below.

C 431.1: Public Key (5 pts)

Larry's private key is:


Find Larry's Public Key. That's the flag.

C 431.2: Decryption with the Key (20 pts)

Felix has sent you the flag. Find the flag from the information below.
  • Felix's Public Key:

  • Your Public Key:

  • Your Private Key:

  • Encrypted Message:


PyNaCl 1.3.0 documentation: Public Key Encryption
'Read the docs' doesn't explain how to import public keys.

Posted 11-13-20