Learn RSA + AES Encryption: Secure Your Data with Double-Layer Protection

Explanation:

  • User provides the original message to be encrypted.
  • The message is then encrypted using AES encryption (which generates an AES key).
  • The AES key is encrypted using RSA encryption (public key).
  • The encrypted AES key and encrypted message are sent to the user.
  • To decrypt, the user first decrypts the AES key using their RSA private key.
  • Finally, the user decrypts the original message using the decrypted AES key.


To implement a double-layer encryption and decryption mechanism with RSA and AES in Python, you can follow these steps:

  1. RSA Encryption: First, encrypt the AES key using RSA public key encryption.
  2. AES Encryption: Then, use the AES key to encrypt the actual message.

When decrypting:

  1. RSA Decryption: First, decrypt the AES key using the RSA private key.
  2. AES Decryption: Then, use the decrypted AES key to decrypt the actual message.

Here’s an implementation using PyCryptodome for AES and RSA.

Install the required libraries:

pip install pycryptodome

Code Implementation:

from Crypto.PublicKey import RSA
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Cipher import PKCS1_OAEP
import base64

# Generate RSA keys (Private and Public)
def generate_rsa_keys():
    key = RSA.generate(2048)
    private_key = key.export_key()
    public_key = key.publickey().export_key()
    return private_key, public_key

# RSA Encryption and Decryption
def rsa_encrypt(public_key, data):
    rsa_key = RSA.import_key(public_key)
    cipher = PKCS1_OAEP.new(rsa_key)
    encrypted_data = cipher.encrypt(data)
    return encrypted_data

def rsa_decrypt(private_key, encrypted_data):
    rsa_key = RSA.import_key(private_key)
    cipher = PKCS1_OAEP.new(rsa_key)
    decrypted_data = cipher.decrypt(encrypted_data)
    return decrypted_data

# AES Encryption and Decryption
def aes_encrypt(key, data):
    cipher = AES.new(key, AES.MODE_GCM)
    ciphertext, tag = cipher.encrypt_and_digest(data)
    nonce = cipher.nonce
    return nonce + tag + ciphertext

def aes_decrypt(key, encrypted_data):
    nonce, tag, ciphertext = encrypted_data[:16], encrypted_data[16:32], encrypted_data[32:]
    cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
    decrypted_data = cipher.decrypt_and_verify(ciphertext, tag)
    return decrypted_data

# Encrypt the message with double layer (RSA + AES)
def double_encrypt(public_key, data):
    # Generate AES key
    aes_key = get_random_bytes(16)
    
    # AES encryption of data
    encrypted_data = aes_encrypt(aes_key, data)
    
    # RSA encryption of AES key
    encrypted_aes_key = rsa_encrypt(public_key, aes_key)
    
    return encrypted_aes_key + encrypted_data  # Return both AES key and encrypted message

# Decrypt the message with double layer (RSA + AES)
def double_decrypt(private_key, encrypted_data):
    # Extract encrypted AES key and encrypted message
    encrypted_aes_key = encrypted_data[:256]  # RSA key length (2048 bits = 256 bytes)
    encrypted_message = encrypted_data[256:]

    # RSA decryption of AES key
    aes_key = rsa_decrypt(private_key, encrypted_aes_key)
    
    # AES decryption of the message
    decrypted_data = aes_decrypt(aes_key, encrypted_message)
    
    return decrypted_data

# Example Usage
if __name__ == "__main__":
    private_key, public_key = generate_rsa_keys()
    
    # Message to encrypt
    message = b'Hello, this is a secret message!'
    
    # Encrypt the message
    encrypted_data = double_encrypt(public_key, message)
    print("Encrypted Data:", base64.b64encode(encrypted_data))
    
    # Decrypt the message
    decrypted_data = double_decrypt(private_key, encrypted_data)
    print("Decrypted Data:", decrypted_data.decode())

Explanation:

  1. RSA Keys: The generate_rsa_keys function generates a pair of public and private RSA keys.
  2. AES Encryption: The aes_encrypt function uses AES in GCM mode to encrypt the message. It generates a nonce, encrypts the data, and then combines the nonce, tag, and ciphertext.
  3. RSA Encryption: The rsa_encrypt function encrypts the AES key using RSA public key encryption with the PKCS1_OAEP scheme.
  4. Double Encryption: The double_encrypt function encrypts the message using AES, then encrypts the AES key using RSA.
  5. Decryption: The double_decrypt function first decrypts the AES key with RSA and then uses that key to decrypt the actual message.

This approach ensures that the message is securely encrypted with AES, and the AES key itself is secured using RSA.

Comments

Post a Comment

Popular posts from this blog

Spring Boot OpenAI Integration: Step-by-Step Guide

Image
Here's a simple explanation: User Interaction : The User interacts with Postman to send requests (e.g., test API endpoints of the Spring Boot application). Postman : Postman sends requests to the Spring Boot Application . Spring Boot Application : Postman calls the Controller in the Spring Boot application. The Controller handles the incoming requests and delegates the logic to the Service layer. The Service interacts with the OpenAiClient to perform the actual communication with OpenAI. External System : The OpenAiClient sends the request to the OpenAI API to get a response. The response flows back through the layers ( OpenAiClient → Service → Controller ) and is returned to the user via Postman . To integrate ChatGPT into a Spring Boot application, you can use the OpenAI API to send requests to ChatGPT and get responses. Below is an example of how you can create a simple Spring Boot service that integrates with OpenAI's API to use ChatGPT. 1: Set up your Spring Boo...
Read more

Orchestration-Based Saga Architecture and Spring Boot Microservices Implementation Guide

Image
The image illustrates an orchestration-based saga pattern for handling distributed transactions across two microservices: Order Service and Customer Service . This approach uses a central orchestrator (the saga) to coordinate the interactions between services and ensure consistency. Here’s an end-to-end explanation of the flow: 1. Order Creation Request A client sends an HTTP POST /orders request to the Order Controller in the Order Service . The Order Controller is responsible for receiving the request and delegating it to the Order Service . 2. Order Creation in the Saga The Order Service invokes the create() method in the Create Order Saga . The Create Order Saga is the orchestrator responsible for coordinating the steps involved in completing the transaction. 3. Order Aggregate Creation The Create Order Saga initiates the creation of the Order aggregate in the Order Service . The Order aggregate represents the state and business logic of the order. 4. Reserve Credit Com...
Read more

Spring Boot 3 + Angular 15 + Material - Full Stack CRUD Application Example

Image
In this section we will develop a full-stack application that is a basic Student management application using Spring Boot 3, Angular 15, Material and PostgreSQL. You could download the source code from our GitHub repository, the download link is provided at the end of this article. After completing this tutorial what we will build?   We will build a full-stack web application that is a basic Student Management Application with CRUD features:  Create Student List Student Update Student  Delete Student Technologies used: Spring Boot 3+ Spring Data JPA PostgreSQL Java 17 Angular 15 Angular Material UI 1. Backend Development Creating a Spring boot web application First, open the Spring initializr: https://start.spring.io/   Then, Provide the Group and Artifact name. We have provided Group name com.knf.dev.demo and Artifact spring-boot3-postgresql-crud-app . Here I selected the Maven project - language Java 17 ,  Spring Boot 3.1.4  (latest) and add Sp...
Read more