[DSP] Site survey: Simple encryption case

by Paweł Świątkowski
06 Mar 2017

Yesterday evening I decided to take a look at a bunch of technologies I took under consideration to write my Get Noticed! project. Before, I was looking into how easy it would be to use Qt in them. It made sense, in a way, but not entirely. Since my project has to deal with cryptography, now I took a look at how easy it is to implement simple public key encryption (and decryption via private file). Additional requirements: key files are generated beforehand and stored in files and private key is password-protected.

Python

Last time I wrote a project in Python was probably at the university, some 6 years ago. As I’m a Ruby programmer, I never felt an urge to learn Python “by heart” – because it’s enough to know one web-plus-general-purpose scripting language. On the other hand, it never was really a problem for me to write in Python if needed. Yes, I’m not a fan of its object orientation (selfs everywhere!), but it’s a decent and easy language for me.

Using some StackOverflow and documentation of Pycryptodome library, I was able to have working code pretty fast:

from Cryptodome.PublicKey import RSA
from Cryptodome.Cipher import PKCS1_OAEP

f = open('private.pem', 'r')
private_key = RSA.importKey(f.read(), passphrase='12345')
f.close()

f = open('public.pem', 'r')
public_key = RSA.importKey(f.read())
f.close()

secret_message = "Daj się poznać!".encode('utf-8')

cipher = PKCS1_OAEP.new(public_key)
crypted_text = cipher.encrypt(secret_message)

print("Encrypted:")
print(crypted_text)
print("\n")

cipher = PKCS1_OAEP.new(private_key)
decrypted_text = cipher.decrypt(crypted_text).decode('utf-8')

print("Decrypted:")
print(decrypted_text)

It’s very simple and does exactly what I want. Just as expected.

Rust

Rust was on my learning waitlist for some time already. I have heard about it for the first time really long time ago, but never really tried it. To be honest, its syntax scared me a bit. But it wasn’t that hard. Completing this snippet took longer than the one in Python, of course, but I’m quite satisfied with the results:

extern crate openssl;
use openssl::rsa::{Rsa, PKCS1_PADDING};

fn main() {
    let pkey = include_bytes!("../../private.pem");
    let private_key = Rsa::private_key_from_pem_passphrase(pkey, b"12345").unwrap();

    let key = include_bytes!("../../public.pem");
    let public_key = Rsa::public_key_from_pem(key).unwrap();

    let mut result = vec![0; public_key.size()];
    let secret_message = String::from("Daj się poznać!");

    public_key.public_encrypt(secret_message.as_bytes(), &mut result, PKCS1_PADDING).unwrap();

    print!("Encrypted:\n");
    print!("{:?}\n\n", result);

    let mut decrypted_text = vec![0; private_key.size()];
    private_key.private_decrypt(&result, &mut decrypted_text, PKCS1_PADDING).unwrap();

    print!("Decrypted:\n");
    print!("{}\n", std::str::from_utf8(&decrypted_text).unwrap());
}

Some stuff is not very clear for me, but this exercise let me have a grasp of what Rust is about. And I must say: I really like it!

D

I thought of D as my low-level language of choice for a long time. I really didn’t like where C++ was couple years ago (it’s better nowadays) and D was exactly what was missing there. However, it never gained its momentum and right now ecosystem is in a bit weird place. After all those years there aren’t many rock-solid solutions and projects get abandoned all the time. A nice exception here is vibe.d, but… a web framework in that kind of language? I don’t think so…

I have no code to show for D, because I basically failed in producing it. There aren’t really many cryptography libraries to choose from. One is botan, which is pretty good adaptation of C++ library. However, a part about RSA keys and encryption was really to me. Also, from what I understand from Readme, it compiles only under Visual Studio on Windows and it is totally unacceptable.

Another solution is openssl for D, but it’s a very thin wrapper over C code. I don’t really want that from modern object-oriented language. There is also a dcrypto, but it seems abandoned.

Summary

I’m really disappointed with D this time. Maybe I will come back to it some day, but probably not within timeframe of the contest. I don’t have a slot in my timeline to write cryptography library from scratch.

Rust feels really good, however. And I’m closer to decision to choose it as a main language for my project. And I have a feel that I can any time fall back to Python, which is good too.

You can find the code I produced here - I decided to check it in the repository, even though final product will not include it. A nice idea for such open source contest, if you ask me.

end of the article

This article was written by Paweł Świątkowski on 06 Mar 2017. You can follow me on Twitter if you want.

Tags: dsp d python rust

Related posts:

Comments