[DSP] Site survey: Simple encryption case

This is a part of my Daj się poznać / Get Noticed! 2017 series. It is for a contest where I have to write a blog post twice a week abd create a open source project. Read more about it here.

Yesterday evening I decided to take a look at a bunch of technologies I took under consideration to write my Get Noticed! project. Before, I was looking into how easy it would be to use Qt in them. It made sense, in a way, but not entirely. Since my project has to deal with cryptography, now I took a look at how easy it is to implement simple public key encryption (and decryption via private file). Additional requirements: key files are generated beforehand and stored in files and private key is password-protected.

Python

Last time I wrote a project in Python was probably at the university, some 6 years ago. As I’m a Ruby programmer, I never felt an urge to learn Python “by heart” – because it’s enough to know one web-plus-general-purpose scripting language. On the other hand, it never was really a problem for me to write in Python if needed. Yes, I’m not a fan of its object orientation (selfs everywhere!), but it’s a decent and easy language for me.

Using some StackOverflow and documentation of Pycryptodome library, I was able to have working code pretty fast:

from Cryptodome.PublicKey import RSA
from Cryptodome.Cipher import PKCS1_OAEP

f = open('private.pem', 'r')
private_key = RSA.importKey(f.read(), passphrase='12345')
f.close()

f = open('public.pem', 'r')
public_key = RSA.importKey(f.read())
f.close()

secret_message = "Daj się poznać!".encode('utf-8')

cipher = PKCS1_OAEP.new(public_key)
crypted_text = cipher.encrypt(secret_message)

print("Encrypted:")
print(crypted_text)
print("\n")

cipher = PKCS1_OAEP.new(private_key)
decrypted_text = cipher.decrypt(crypted_text).decode('utf-8')

print("Decrypted:")
print(decrypted_text)

It’s very simple and does exactly what I want. Just as expected.

Rust

Rust was on my learning waitlist for some time already. I have heard about it for the first time really long time ago, but never really tried it. To be honest, its syntax scared me a bit. But it wasn’t that hard. Completing this snippet took longer than the one in Python, of course, but I’m quite satisfied with the results:

extern crate openssl;
use openssl::rsa::{Rsa, PKCS1_PADDING};

fn main() {
    let pkey = include_bytes!("../../private.pem");
    let private_key = Rsa::private_key_from_pem_passphrase(pkey, b"12345").unwrap();

    let key = include_bytes!("../../public.pem");
    let public_key = Rsa::public_key_from_pem(key).unwrap();

    let mut result = vec![0; public_key.size()];
    let secret_message = String::from("Daj się poznać!");

    public_key.public_encrypt(secret_message.as_bytes(), &mut result, PKCS1_PADDING).unwrap();

    print!("Encrypted:\n");
    print!("{:?}\n\n", result);

    let mut decrypted_text = vec![0; private_key.size()];
    private_key.private_decrypt(&result, &mut decrypted_text, PKCS1_PADDING).unwrap();

    print!("Decrypted:\n");
    print!("{}\n", std::str::from_utf8(&decrypted_text).unwrap());
}

Some stuff is not very clear for me, but this exercise let me have a grasp of what Rust is about. And I must say: I really like it!

D

I thought of D as my low-level language of choice for a long time. I really didn’t like where C++ was couple years ago (it’s better nowadays) and D was exactly what was missing there. However, it never gained its momentum and right now ecosystem is in a bit weird place. After all those years there aren’t many rock-solid solutions and projects get abandoned all the time. A nice exception here is vibe.d, but… a web framework in that kind of language? I don’t think so…

I have no code to show for D, because I basically failed in producing it. There aren’t really many cryptography libraries to choose from. One is botan, which is pretty good adaptation of C++ library. However, a part about RSA keys and encryption was really to me. Also, from what I understand from Readme, it compiles only under Visual Studio on Windows and it is totally unacceptable.

Another solution is openssl for D, but it’s a very thin wrapper over C code. I don’t really want that from modern object-oriented language. There is also a dcrypto, but it seems abandoned.

Summary

I’m really disappointed with D this time. Maybe I will come back to it some day, but probably not within timeframe of the contest. I don’t have a slot in my timeline to write cryptography library from scratch.

Rust feels really good, however. And I’m closer to decision to choose it as a main language for my project. And I have a feel that I can any time fall back to Python, which is good too.

You can find the code I produced here - I decided to check it in the repository, even though final product will not include it. A nice idea for such open source contest, if you ask me.

Related posts