Crypto In Single Library
Crypto In Single Library
At the core of cybersecurity is CIA (Confidentiality, Integrity and Availability). For confidentiality and integrity we normally turn to cryptography methods in making sure that our data is protected, and where we can test its integrity (and where our protected data has not been changed). There are many existing ways of covering cryptography but these often a range of software libraries. Along with this, there’s a comborsum OpenSSL library, and which can be difficult to integrate and install. But there’s one library that aims to bring together all of the main methods into a single library: the Python cryptography library. It contains a wide range of interfaces to common cryptographic algorithms, including symmetric key methods, hashing, public key, and key derivation functions. Many of these are contained with the Hazmat (Harzardous Material) primative setup.
Hashing, HMAC and KDF
Within hashing methods, we take data in the form of a byte array, and then create a fixed length hash value. For MD5, the length of the hash is 128 bits, for SHA-1 it is 160 bits, and for SHA-256, it is 256 bits.
These hashes include MD5, SHA-1 and SHA-256. With MD5 we get a 128-bit output, and which is 32 hex characters. SHA-1 has an output of 160 bits, and SHA-256 has an output of 256 bits. MD5 should not be used in production environments as the method has weaknesses, along with the output hash begin too short. SHA-1, too, has been shown to have weaknesses, and thus we should use SHA-2 methods. These include SHA224, SHA-256, SHA-384 and SHA-512. A newer standard is known as SHA-3.
Here are the examples:
- Hazmat Hashes. Hazmat Hashes. This includes the hashing methods in the Hazmat cryptography library. This includes Blake2p, Blake2s, MD5, SHA1, SHA224, SHA256, SGA384, SHA3–224, SHA3–256, SHA3–384, SHA3–512, SHA512, SHA512–224, SHAKE128 and SHA256.
- Hazmat HMAC. Hazmat HMAC. HMAC methods using the Python cryptography primitives.
- Hazmat HKDF. Hazmat HKDF. HKDF methods using the Python cryptography primitives.
Symmetric key
With symmetric key, we use the same key to encrypt as we do to decryption. The two core methods implemented as AES and ChaCha20. Overall AES is generally a block cipher, and ChaCha20 is a stream cipher. AES, though can be made into a stream cipher using GCM mode. We can also add AEAD, and which can authentication the cipher using some additional data. Here are the examples:
- Hazmat Symmetric Key. Symmetric key. This includes the encryption of a wide range of methods implemented with Hazmat.
- ChaCha20/Poly1305 with Hazmat. ChaCha20/Poly1305 with Hazmat. Implementation of ChaCha20/Poly1305 with a random key using Hazmat.
- ChaCha20/Poly1305 with Hazmat. ChaCha20/Poly1305 with Hazmat using HKDF. Implementation of ChaCha20/Poly1305 with a key generated from HKDF using Hazmat.
- AES GCM with Hazmat. AES GCM with Hazmat. Implementation of AES GCM with a random key using Hazmat.
- AES GCM with Hazmat. AES GCM with Hazmat using HKDF. Implementation of AES GCM with a key generated from HKDF using Hazmat.
- Key Wrap with Hazmat (Symmetric key). Key Wrap with Hazmat (Symmetric). Generate an encrypted key using Hazmat.
Asymmetric key
With asymetric key we have a key pair: a public key and a private key. Normally the private key is kept secret, whereas the public key can be distributed. The two main methods of asymmetric encryption are: RSA and ECC. With asymmetric encryption, we can either encrypt data with the public key, and the decrypt with the private key, or we can sign the hash of a message with the private key, and then prove this with the public key. In the following, we create key pairs, and use RSA signing:
- RSA key generation with Hazmat. RSA Key Gen. RSA key generation using Python and with Hazmat.
- RSA key formats (PEM, DER and OpenSSH). RSA key formats (PEM, DER and OpenSSH). RSA key formats using Python and with Hazmat.
- Key Wrap with Hamat (RSA). Key Wrap with Hazmat (RSA). Generate an encrypted key using Hazmat.
- ECC key generaton with Hazmat. Elliptic Curve key gen. Creating ECC keys using Hazmat and Python.
- Key Wrap with Hamat (EC). Key Wrap with Hazmat (EC). Generate an encrypted key using Hazmat.
- Hazmat RSA signing. RSA signing with Hazmat. RSA signaing using Python and with Hazmat.
- Hazmat with RSA. Hazmat with RSA. RSA encryption using Python and with Hazmat.
Digital Signature: ECDSA/EdDSA
To signing a message we normally sign with the private key, and then prove the signing of the message with the public key. Two typical methods used are ECDSA (as used in Bitcoin) and EdDSA (as used in IOTA). The following provides some examples:
- ECDSA with Hazmat. ECDSA wih Hazmat. This outlines ECDSA with Hazmat.
- Ed25519 for EdDSA signatures with Hazmat. EdDSA: Ed25519. This page uses the Hazmat primitives for the cryptography library.
- Ed448 for EdDSA signatures with Hazmat. EdDSA: Ed448. This page uses the Hazmat primitives for the cryptography library.
Key exchange: ECDH
Normally we use symmetric key encryption to encrypt data, which means that Bob must pass a key to Alice. We typically do this with key exchange, and where Bob and Alice can communicate openly, and end up with the same shared key. A common method uses ECDH (Elliptic Curve Diffie-Hellman). The following provides some examples:
- ECDH with Hazmat. ECDH with Hazmat. Generate a shared key with ECDH and using the Hazmat primitives.
- X25519 with Hazmat. X25519 with Hazmat. Generate a shared key with X25519 and using the Hazmat primitives.
- X448 with Hazmat. X448 with Hazmat. Generate a shared key with X448 and using the Hazmat primitives.
Tokens
Tokens allow us to protect data and also provide multifactor authenication. The following provides some examples:
- Fernet tokens with Hazmat. Fernet with Hazmat. This outlines Fernet encryption
- HOTP with Hazmat. HOTP with Hazmat. Generate a sequence of HOTP using Hazmat.
- TOTP with Hazmat. TOTP with Hazmat. Generate a sequence of TOTP using Hazmat.