Seguridad de la Información y Criptografía
Homework 5
Homework 5
The homework for this week is:
Implement a HTTP public-key repository for key exchange that employs RSA-based digital signatures.
My program is running in the web hosting Heroku. I used this host because it's free and I can write code in python. You can see the page in the next url:
The web page must be displayed like the next image:
How this work?
- Imagine that you are in a Facebook chat, and you are talking with Alice. Then Alice start talking with you but saying strange things, so you aren't sure if is the real Alice.
- Now you want to verify if is Alice or not, so you send a challenge in the chat.
- Previously Alice, created a private and a public key for the RSA algorithm, and she is registered in a web service where the public key is stored.
- Then you enter to the web service, send the challenge showed to Alice.
- Alice use the script provided in the same web service.
- In the script she write the x (challenge), her d, and her n. The script returns a response.
- Alice send the response of the script to you via Facebook chat.
- You write the response in the web service and click in the verify button.
- The web service show if is the correct Alice or not.
Code
This is the script where the other person download for get the response:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| def function(x): | |
| return x**2 + x | |
| def fastmodexp(x, y, mod): | |
| p = 1 | |
| aux = x | |
| while y > 0: | |
| if y % 2 == 1: | |
| p = (p * aux) % mod | |
| aux = (aux * aux) % mod | |
| y = y >> 1 | |
| return p | |
| def main(): | |
| x = int(raw_input('Write the x: ')) | |
| d = int(raw_input('Write the d: ')) | |
| n = int(raw_input('Write the n: ')) | |
| y = function(x) | |
| r = fastmodexp(y, d, n) | |
| print 'Return this to your friend:', r | |
| main() |
The python script in the server:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import os | |
| import random | |
| from flask import Flask, request, render_template | |
| app = Flask(__name__) | |
| def function(x): | |
| return x**2 + x | |
| def fastmodexp(x, y, mod): | |
| p = 1 | |
| aux = x | |
| while y > 0: | |
| if y % 2 == 1: | |
| p = (p * aux) % mod | |
| aux = (aux * aux) % mod | |
| y = y >> 1 | |
| return p | |
| def verify(x, user, r): | |
| f = open('users.dat', 'r') | |
| get_user = '' | |
| while (get_user != user): | |
| line = f.readline() | |
| sep = line.split() | |
| get_user = str(sep[0]) | |
| e = int(sep[1]) | |
| n = int(sep[2]) | |
| f.close() | |
| y = fastmodexp(r, e, n) | |
| if (y == function(x)): | |
| approved = True | |
| else: | |
| approved = False | |
| return approved | |
| def get_users(): | |
| users = [] | |
| f = open('users.dat', 'r') | |
| for line in f: | |
| sep = line.split() | |
| user = str(sep[0]) | |
| users.append(user) | |
| f.close() | |
| return users | |
| @app.route('/', methods=['GET','POST']) | |
| def index(): | |
| users = get_users() | |
| if request.method == 'POST': | |
| x = int(request.form['challenge']) | |
| user = request.form['user'] | |
| if (request.form['response']): | |
| try: | |
| r = int(request.form['response']) | |
| approved = verify(x, user, r) | |
| return render_template('index.html', x=x, users=users, user=user, option=user, approved=approved) | |
| except ValueError: | |
| return render_template('index.html', x=x, users=users, option=user, error='Response must be numeric!') | |
| else: | |
| return render_template('index.html', x=x, users=users, option=user, error='Missing response!') | |
| else: | |
| x = random.randint(1000,9999) | |
| return render_template('index.html', x=x, users=users) | |
| if __name__ == '__main__': | |
| port = int(os.environ.get('PORT', 5000)) | |
| app.debug = True | |
| app.run(host='0.0.0.0', port=port) |
And the template that I created for the page:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>RSA</title> | |
| <meta charset="utf-8"> | |
| <link rel="icon" href="static/favicon.ico"> | |
| <link rel="stylesheet" href="static/style.css" type="text/css" media="all"/> | |
| </head> | |
| <body> | |
| <header> | |
| <h1>RSA-Based Digital Signatures</h1> | |
| </header> | |
| <section> | |
| <form action="/" method="post"> | |
| <span>Challenge:</span> | |
| <input type="text" name="challenge" value="{{x}}" readonly="readonly"> | |
| <a href="/" class="gr-button">Generate</a> | |
| <br /> | |
| <span>User:</span> | |
| <select name="user"> | |
| {% for user in users %} | |
| {% if user == option %} | |
| <option selected="selected">{{ user }}</option> | |
| {% else %} | |
| <option>{{ user }}</option> | |
| {% endif %} | |
| {% endfor %} | |
| </select> | |
| <br /> | |
| <span>Response:</span> | |
| <input type="text" name="response"> | |
| <button class="button" type="submit">Verify</button> | |
| </form> | |
| {% if error %} | |
| <p class="center red">{{error}}</p> | |
| {% endif %} | |
| {% if user %} | |
| <div class="center"> | |
| {% if approved %} | |
| <p class="green">It was {{user}}!</p> | |
| {% else %} | |
| <p class="red">It wasn't {{user}}!</p> | |
| {% endif%} | |
| </div> | |
| {% endif %} | |
| <div class="separator center"> | |
| <a href="static/script.py" class="gr-button">Download script</a> | |
| </div> | |
| </section> | |
| <footer> | |
| Developed by Ramón González | |
| </footer> | |
| </body> | |
| </html> |
Screenshots
When the client don't write the response and click verify.
When the client write a text instead of a number in the response field.
When the verification fails.
Test
I test my app with Juan Espinosa.
And I verify if was the real Juan Espinosa, and was correct.
References:
RSA Algorithm - Elisa Schaeffer
Bien :) 10 pts.
ResponderEliminar