C 431: Public-Key Encryption With Sodium (25 extra)

What You Need

Any machine with Python 3.

Purpose

To learn how to use the Sodium library to perform ECC as a replacement for RSA, as advocated in the video below.

Preparing a Virtual Environment

You may have already done this in a previous project. If not, follow the steps below.

This is the modern way to manage Python, and it's required by most modern operating systems.

In a Terminal window, execute these commands:

sudo apt update sudo apt install python3-pip python3-full -y mkdir sodium python3 -m venv sodium ./sodium/bin/pip install pynacl

Importing PyNaCl

In a Terminal window, execute these commands to launch Python 3 in interactive mode, and import the functions we need:

./sodium/bin/python3 import nacl.utils from nacl.public import PrivateKey, Box

Generating Bob's Keys

Bob needs to generate a key pair: skbob - his secret key, and pkbob - his public key.

Execute these commands:

skbob = PrivateKey.generate() skbob.encode(encoder = nacl.encoding.HexEncoder) pkbob = skbob.public_key.encode(encoder = nacl.encoding.HexEncoder) pkbob

Bob's public and private keys are both long strings of hexadecimal characters, as shown below.

Bob will publish his public key somewhere everyone can find it, such as a Web page, and keep his private key secret.

Generating Alice's Keys

Execute these commands to generate Alice's keys:

skalice = PrivateKey.generate() pkalice = skalice.public_key.encode(encoder = nacl.encoding.HexEncoder) pkalice

Alice's public key is a different string of random hexadecimal characters, as shown below.

Alice publishes her public key, just as Bob did.

Encrypting with Box

The Box class uses a private key and another person's public key to derive a shared key, which can be used to send encrypted messages.

Bob wants to send a message "HELLO FROM BOB" to Alice. He needs to encode Alice's public key from hexadecimal into a nacl PublicKey structure.

To do that, execute these commands:

pkalice decoded_pkalice = nacl.public.PublicKey(pkalice, encoder = nacl.encoding.HexEncoder) bob_box = Box(skbob, decoded_pkalice) plaintext = b"HELLO FROM BOB" ciphertext = bob_box.encrypt(plaintext).hex() ciphertext

pkalice is in hexadecimal, and we imported it into a nacl PublicKey structure named decoded_pkalice.

That object, together with Bob's private key, formed the shared secret key needed to create the Box object so we could encrypt the message.

The ciphertext is random-looking bytes, as shown below.

Decrypting

Bob sends the ciphertext to Alice. Alice can decrypt it using her private key and Bob's public key.

Execute these commands:

pkbob decoded_pkbob = nacl.public.PublicKey(pkbob, encoder = nacl.encoding.HexEncoder) alice_box = Box(skalice, decoded_pkbob) plaintext = alice_box.decrypt(bytes.fromhex(ciphertext)) plaintext

Both ciphertexts decrypt to the same message, as shown below.

C 431.1: Public Key (5 pts)
Larry's private key is:
ec6a35628ce2a22a5580ecf5f0a26c1b9be7fb472ef1ea76fafba8b5fc280d21
Find Larry's Public Key. That's the flag.
Hint:
To use a hexadecimal value for a private key, replace these two lines:
sk = PrivateKey.generate() sk.encode(encoder = nacl.encoding.HexEncoder)
with this line:
sk = b'ec6a35628ce2a22a5580ecf5f0a26c1b9be7fb472ef1ea76fafba8b5fc280d21'

C 431.2: Decryption with the Key (20 pts)
Felix has sent you the flag. Find the flag from the information below.

Felix's Public Key:
c211cf597e41c250f895b52cbf56e0c01f843d23cb2aeac14abcf1ed11b9b502

Your Public Key:
97ff076381c5d86915b6780ea3cf299b1de6ca9a52f9445e5f60899fd1f4420f

Your Private Key:
f9a99f5cb3174818e3a46587c8979e737ad823d9d80441881cb8676ae67adbd1

Encrypted Message:
bc24b2be13174ca12f76f4570c1b68334c5e39e32692fdb49f7bf4ddda801c66
4eec59405f7340de1351188a0ebfe1a62fb737c849ee00d94129858863

Sources

PyNaCl 1.3.0 documentation: Public Key Encryption
'Read the docs' doesn't explain how to import public keys.

Posted 11-13-20
Color updated 6-19-24
Hint for flag 1, added and python venv added 10-19-24
Video added 3-19-25