CPSC 526 NETWORK SYSTEMS SECURITY #15 – READING FROM STDIO, ENCRYPTING & DECRYPTING FILES TA: HENRIQUE PEREIRA SYS • https://docs.python.org/3/library/sys.html • sys.stdin.buffer.read( byte_size ) • To write or read binary data from/to the standard streams, use the underlying binary buffer object. For example, to read 32 bytes from standard input, use sys.stdin.buffer.read(32). SIMPLE PYTHON CODE TO COPY A FILE FROM STDIN • Demo CRYPTOGRAPHY • High level recipes and low level interfaces to common cryptographic algorithms such as symmetric ciphers, message digests, and key derivation functions. • https://cryptography.io/en/latest/ • pip install cryptography SYMMETRIC ENCRYPTION - AES • cryptography.hazmat.primitives.ciphers.algorithms.AES(key) • AES (Advanced Encryption Standard) is a block cipher standardized by NIST. AES is both fast, and cryptographically strong. It is a good default choice for encryption. • Parameters: key (bytes) – The secret key. This must be kept secret. Either 128 (16 bytes), 192, (24 bytes) or 256 bits (32 bytes) long. BASIC AES USAGE • Demo MULTIPLE OF THE BLOCK LENGTH PROBLEMS? • Padding is the solution. PADDING • https://cryptography.io/en/latest/hazmat/primitives/padding/ • Symmetric Padding • cryptography.hazmat.primitives.padding.PKCS7 • PKCS7 padding is a generalization of PKCS5 padding (also known as standard padding). PKCS7 padding works by appending N bytes with the value of chr(N), where N is the number of bytes required to make the final block of data the same size as the block size. AES + PADDING • Demo ENCRYPTING & DECRYPTING FILES • Encrypting a file: • https://github.com/crazyguitar/pysheeet/blob/master/docs/notes/python-crypto.rst#using-aes- cbc-mode-encrypt-a-file • Decrypting a file: • https://github.com/crazyguitar/pysheeet/blob/master/docs/notes/python-crypto.rst#using-aes- cbc-mode-decrypt-a-file CONSIDERATIONS • Both codes encrypt and decrypt full files. • Assignment #4 files cannot be encrypted/decrypted this way. • You are reading the files from STDIN • You don`t know the size of the input • You can`t save your input to disk because of that • You could probably use that logic to encrypt/decrypt small “slices” of your input file. • And reassemble those slices when decrypting.