HiveBrain v1.2.0
Get Started
← Back to all entries
patternpythonMinor

Secure RSA encryption with PyCrypto

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
encryptionsecurersawithpycrypto

Problem

I'm coding a very simple reverse shell in python, and I want to encrypt the communication between the server and the client. The idea is to exchange an AES key using RSA then use it to encrypt everything sent on the network.

Right now I'm trying to use PyCrypto's Crypto.Cipher.PKCS1_v1_5 module for RSA and it seems to work, but since I'm no expert in cryptography (I know the maths behind RSA but thats about it) I have no idea whether this is secure or not. The test code:

from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5

msg = 'attack at dawn'
key = RSA.generate(4096)    # I know this is a huge overkill
pubkey = RSA.importKey(key.publickey().exportKey('DER'))
privkey = RSA.importKey(key.exportKey('DER'))
cipher = PKCS1_v1_5.new(pubkey)
ciphertext = cipher.encrypt(msg)
print ciphertext

dcipher = PKCS1_v1_5.new(privkey)
secret = dcipher.decrypt(ciphertext, 'thisIsForVerificationIfIAmRight')
print secret


The code works as expected. My questions:

  • Is this a correct way to use this module?



  • Is this secure?

Solution

I'm afraid that your second question ("Is this secure?") is one that you're not likely to get a good answer on here at Code Review. What you seem to be trying to do here is to design a cryptographic protocol, and cryptanalysis requires very specific expertise that I don't think any of the regulars here possess. I certainly don't. Also, to comment on the security of a protocol we have to see the whole protocol. The code in the question doesn't seem to have any defence against man-in-the-middle attacks, or any message authentication. But no doubt you plan to handle those problems elsewhere in your protocol.

However, I do have a couple of comments based on what you're shown us here:

-
The documentation for PKCS#1 v1.5 says, "If you are designing a new protocol, consider using the more robust PKCS#1 OAEP." Did you consider this?

-
The code says that the sentinel argument to PKCS115_Cipher.decrypt "is for verification", but in fact you are specifically warned in the documentation not to use it for verification: "you should not explicitly check if the returned value is the sentinel or not".

The usual advice when it comes to designing cryptographic protocols is "don't do it—use an industry standard instead". So in your use case ("encrypt the communication between the server and the client") I would use the TLS (Transport Layer Security) protocol via the built-in ssl module.

Context

StackExchange Code Review Q#115498, answer score: 6

Revisions (0)

No revisions yet.