patternpythonMinor
Secure RSA encryption with PyCrypto
Viewed 0 times
encryptionsecurersawithpycrypto
Problem
I'm coding a very simple reverse shell in python, and I want to encrypt the communication between the server and the client. The idea is to exchange an AES key using RSA then use it to encrypt everything sent on the network.
Right now I'm trying to use PyCrypto's
The code works as expected. My questions:
Right now I'm trying to use PyCrypto's
Crypto.Cipher.PKCS1_v1_5 module for RSA and it seems to work, but since I'm no expert in cryptography (I know the maths behind RSA but thats about it) I have no idea whether this is secure or not. The test code:from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
msg = 'attack at dawn'
key = RSA.generate(4096) # I know this is a huge overkill
pubkey = RSA.importKey(key.publickey().exportKey('DER'))
privkey = RSA.importKey(key.exportKey('DER'))
cipher = PKCS1_v1_5.new(pubkey)
ciphertext = cipher.encrypt(msg)
print ciphertext
dcipher = PKCS1_v1_5.new(privkey)
secret = dcipher.decrypt(ciphertext, 'thisIsForVerificationIfIAmRight')
print secretThe code works as expected. My questions:
- Is this a correct way to use this module?
- Is this secure?
Solution
I'm afraid that your second question ("Is this secure?") is one that you're not likely to get a good answer on here at Code Review. What you seem to be trying to do here is to design a cryptographic protocol, and cryptanalysis requires very specific expertise that I don't think any of the regulars here possess. I certainly don't. Also, to comment on the security of a protocol we have to see the whole protocol. The code in the question doesn't seem to have any defence against man-in-the-middle attacks, or any message authentication. But no doubt you plan to handle those problems elsewhere in your protocol.
However, I do have a couple of comments based on what you're shown us here:
-
The documentation for PKCS#1 v1.5 says, "If you are designing a new protocol, consider using the more robust PKCS#1 OAEP." Did you consider this?
-
The code says that the
The usual advice when it comes to designing cryptographic protocols is "don't do it—use an industry standard instead". So in your use case ("encrypt the communication between the server and the client") I would use the TLS (Transport Layer Security) protocol via the built-in
However, I do have a couple of comments based on what you're shown us here:
-
The documentation for PKCS#1 v1.5 says, "If you are designing a new protocol, consider using the more robust PKCS#1 OAEP." Did you consider this?
-
The code says that the
sentinel argument to PKCS115_Cipher.decrypt "is for verification", but in fact you are specifically warned in the documentation not to use it for verification: "you should not explicitly check if the returned value is the sentinel or not".The usual advice when it comes to designing cryptographic protocols is "don't do it—use an industry standard instead". So in your use case ("encrypt the communication between the server and the client") I would use the TLS (Transport Layer Security) protocol via the built-in
ssl module.Context
StackExchange Code Review Q#115498, answer score: 6
Revisions (0)
No revisions yet.