# Asymmetric Encryption

**ToDo**:
- Add illustration for Asymmetric Encryption - Similar to [this](https://lh3.googleusercontent.com/proxy/dCTxllT1M9nTQYlyzWcAG-svygYYNiFpD29S4s_rfdfiDAMF20YPOKR8hkoQmqx1kWPBHHnnxP5_uwYEL4Hgt4tmka6a-LfI80w) and [this](http://scientopia.org/img-archive/goodmath/img_340.png).
- Add illustration for digital signature - Similar to [this](http://www.zytrax.com/tech/survival/signature.png) and [this](https://www.researchgate.net/publication/339696424/figure/fig1/AS:865416696057857@1583342827835/A-Bitcoin-digital-signature-diagram.png) and [this](https://blog.mailfence.com/wp-content/uploads/2016/12/800px-Digital_Signature_diagram.svg.png)
- Explain the SSL Handshake - Similar to [this](https://www.101computing.net/wp/wp-content/uploads/SSL-Handshake.png)
- Add appendix using `requests` to show self-signed warnings.
- Add relevant resources at the end.
---


Asymmetric encryption does not have passwords or keys like symmetric but rather it splits the security into a pair of keys, one used to encrypt (usually called Public Key) and another used to decrypt (usually call Private Key). As the name implies one can be shared publicly and the other should be kept secret. This method is also known as [**Public-key cryptography**](https://en.wikipedia.org/wiki/Public-key_cryptography).

The keys are sequences of bytes generated together and are mathematically linked, they are also called "Key Pair". Each party in the communication should have its own key pair and have their Public Keys shared. This means that there is no need for a "secure channel" to exchange keys as in symmetric encryption since the Public key are by design sharable.

This type of encryption is used nowadays in many applications, ranging from the commonplace SSH protocol to the trendy Bitcoin transactions.

A party can generate as many Key Pairs as needed, meaning that, in case of a Private Key being compromised, a new Key Pair can be generated.

## Public Key Encryption != Digital Signature

The idea of a [Digital Signature](https://en.wikipedia.org/wiki/Digital_signature) is basically reversing Public Key Encryption, that is, instead of encrypting messages that only the holder of the Private Key can decrypt, a message is encrypted with the Private Key so that everyone else can decrypt it using the Public Key. In this case, even though the message is encrypted, the word **signature** is used to represent that it is no secret. The signature itself has the same format as an encrypted message, it is a sequence of bytes.

This scheme does not provide **privacy**, since everyone can decrypt the signature, but it provides **Authentication** (Only the holder of the Private Key could have signed this message) and in some context also legal **Non-Repudiation**. Some countries consider that digitally signed files/messages are subject to non-repudiation.

The Key Pair is exactly the the same as the one used in Public Key Encryption, however the terminology changes to avoid confusion. If Public Key Encryption is an asymmetric analog as symmetric encryption, digital signatures can be thought of as an asymmetric analog of HMACs.

## Public Key Encryption != Certificate Based Communication

One way to implement Public Key Encryption is through [**Certificates**](https://en.wikipedia.org/wiki/Public_key_certificate), a certificate is something bigger in scope than the Key Pair because the Key Pair is simply two sequences of bytes whereas the certificate includes not only the public key but also information about the algorithm, versioning, subject and issuer information and so on. 

Therefore, a Key Pair is enough to encrypt and decrypt but a certificate has metadata and additional information to establish a **secure channel of communication**. One of the most widely used algorithms for Public Key Encryption is [`RSA`](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) and the current standard for certificate is [`X.509`](https://en.wikipedia.org/wiki/X.509) (which uses RSA Public Key Encryption). Certificate based communication is used in most website, the key indicator is the use of TLS, more commonly reflected by the use of HTTPS (instead of HTTP).

Some of the information a certificate contains is:

- Information about the **identity** (Email, Organization Name, Country, State, [among others](https://en.wikipedia.org/wiki/Certificate_signing_request#Procedure)) of who generated the Public Key (the subject).
- A **digital signature** [^1] that validates the identity information is correct and it corresponds to the subject.

The drawback of this approach is that nothing impedes an attacker to sign their own certificates, i.e. anyone can claim being anyone else. These are the so-called [self-signed certificates](https://en.wikipedia.org/wiki/Self-signed_certificate). To avoid that, the signature should come from a trusted third party, known as [**Certificate Authority**](https://en.wikipedia.org/wiki/Certificate_authority). It needs to be an independent and trusted-by-everyone party that validates the identity of who is generating the Public Key. This is necessary if the subject is unknown or could not be trusted.

When the subject acts as its own CA, generating a self-signed certificate, it triggers warnings in most environments, e.g. most programming libraries will throw validation errors. Web browsers will consider a self-signed certificate to be **insecure**. It is not a matter of security (i.e. the data will be encrypted anyway) but rather a matter of trust, trusting that the received Public Key comes from the intended subject and that there is no other man-in-the-middle.

For debugging and testing, self-signed certificates are usually not a concern, for all other use cases, a certificate signed by a CA should be used.

To get a certificate signed by a CA, one has to submit a [**Certificate Signing Request**](https://en.wikipedia.org/wiki/Certificate_signing_request), it normally takes several days and it is usually paid service, they also validate that the identity information corresponds to the one asking for the validation. A CA will not sign certificates to anyone on behalf of anyone else, i.e. I cannot get a CA signing a certificate saying I am Google.

[^1]: Digital signature is the topic of the next chapter

### Example

When logging in a service (e.g. email), one enters a username and a password. It is desired that the password travels encrypted through internet, so that no one can read it but the service provider. To encrypt that, certificate based communication is used, the Public Key is used to encrypt the password and then the service provider can use its private key to read it. 

That being said, what happens if the Public Key used does not come from the service provider and instead was injected by an attacker's Key Pair? They would have a corresponding Private Key with which they can see the password (and then if needed redirect to the real service provider).

That is when Certificate Authorities come in, because the certificate will also include a digital signature saying "This is the public key for this service provider". Attackers can mimic Public Keys from any subject, however, they cannot bypass the digital signature, because everyone can verify if a digital signature comes from a CA or not.

### Other usage for Certificates

Another usage of certificates is **User Authentication**, in this case one organization can generate specific certificates for each user with all the authentication relevant information. The user can add that certificate to their operating system, and then when making a request only a user id (email, GUID or similar) should be provided. 

If the user id matches the information in the certificate and the signature of the certificate is valid (i.e. is was signed by the organization server), the user is consider authenticated and the request is processed.

An example of such authentication mechanism in Flask can be seen in this [Anaconda Repo](https://github.com/ContinuumIO/flask-ssl-authentication)

### Practical Example

This particular site has **HTTPS** with a certificate signed by [DigiCert](https://www.digicert.com/), one of many Certificate Authorities.

<center>
<img src="../_static/images/certificate_CA_example.png">
</center>

When opened, some details are shown

<center>
<img src="../_static/images/certificate_details.png">
</center>

However, something might draw special attention, it says "**Issued to**: www.github.com" but the site is [**elc.github.io**](https://elc.github.io/). If we inspect the details, we can see that the **Issuer** is the CA, the **Subject** is Github and the there is an special field called **Subject Alternative Name**, there one of the DNS Names is **\*.github.io** which is compatible which this site URL. Therefore, the browser knows the certificate is from Github, validated by DigiCert and even though the URL is not Github's it is under one of the registered alternative names.

<center>
<img src="../_static/images/certificate_details_dns.png">
</center>

### Using Certificates - Implementation Considerations

Some times the process of getting a signed certificate might be troublesome or tedious, fortunately there are shortcuts:

- Using a hosting service that provides HTTPS out of the box (e.g. Github Pages does it freely)
- Outsourcing the certificate request (e.g. Most cloud providers will do that on our behalf)
- Using hosted services (e.g. Azure Web Apps comes with HTTPS support)

It is usually useful to work in layers, many times one can have a gateway server (Apache, Nginx or similar) that takes care of the TLS connection (certificate based communications) while the underlying application use it seemlessly. Meaning there is no code change needed on the application side.

The following examples will focus on the Public Key Encryption without the CA signing process for simplicity. To implement a certificate signed by a CA, [follow the official tutorial](https://cryptography.io/en/latest/x509/tutorial). However, **unless being supported by a security expert it is always recommended to trust hosted/managed services instead of doing security from scratch**.

## Caveats of Public Key Encryption

Asymmetric Encryption is usually much slower than symmetric encryption, that is way in many applications both are used:

1. Both parties exchange their Public Keys.
2. The Public Keys are then used to send an encrypted password/key for symmetric encryption.
3. All following communication is done encrypted using the symmetric encryption method.

The particular details of the implementation may vary depending on the specific protocol but generally Asymmetric Encryption is used as the so-called "Secure Channel" to exchange the keys for the symmetric encryption method. Modern HTTPS connections work like this.

## RSA Encryption

RSA is one of the asymmetric encryption algorithms available in the PyCA cryptography library. The particular objects used here are part of the `hazmat` package, `hazmat` stands for "Hazardous Materials" and quoting from their [site](https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/):

> This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.

In [1]:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.exceptions import InvalidSignature

### Generating Keys

The first step is to generate the private key, for that two parameters are needed the `public_exponent` and the `key_size`. The former should be fixed to `65537` whereas the second can be changed and as per modern security standards it should be at least `2048`. Then the Public Key is generated from the private Key object.

In [2]:
def generate_key_pair():
    key_size = 2048  # Should be at least 2048

    private_key = rsa.generate_private_key(
        public_exponent=65537,  # Do not change
        key_size=key_size,
    )

    public_key = private_key.public_key()
    return private_key, public_key

In [3]:
private_key, public_key = generate_key_pair()

### Encrypting

For the encryption process only the public key is used, no password is needed. The messages encrypted with this Public Key will only be decryptable with the linked Private Key. Moreover, if other messages are encrypted with different Public Keys, they will not be decryptable with the linked Private Key.

In [4]:
def encrypt(message, public_key):
    return public_key.encrypt(
        message,
        padding.OAEP(
            mgf=padding.MGF1(algorithm=hashes.SHA256()),
            algorithm=hashes.SHA256(),
            label=None
        )
    )

In [5]:
message = b"Hello World!"

message_encrypted = encrypt(message, public_key)

print(f"Encrypted Text: {message_encrypted.hex()}")

Encrypted Text: 604d06ed3e615682733493dd57624d99f0ca7a8fd53b5d5659c75984bb4f0be2b9c26d34c5ab85aede0dcfc2336dbe690bc70ce7c2ec8a8e9de0fa67cbdbbe1e40c77bfccc4b00fa36e3f7d41a4b3ef6799d43b667d241206c8d6a73b280c412b085f4f986284d92bf55b77ad28221a0d9a81cc99cc05bc8388b9f6c148964a34cba3181ad64f3a2503ffb05daf5cbbe3e119b5d3a1d33eb408318961e72c587a2aba9fe5c69eba5b720a60fbee472adcaeac7c07ecfac7c018e676714d2d57b23274ae5b8fdc0e702da780af7fdb7f9fb198db182bcd35bd348f47e624f062e27df5edef04835cfadd45eddf82cbb7d25487b5ef9dea1b20b2dedd05dda25eb


### Decrypting

Auxiliary Function to decrypt an encrypted message and returning a string message.

In [6]:
def decrypt(message_encrypted, private_key):
    try:
        message_decrypted = private_key.decrypt(
            message_encrypted,
            padding.OAEP(
                mgf=padding.MGF1(algorithm=hashes.SHA256()),
                algorithm=hashes.SHA256(),
                label=None
            )
        )
        return f"Decrypted Message: {message_decrypted}"
    except ValueError:
        return "Failed to Decrypt"

#### Using unlinked Private Key

If other **Private Key** different from the one of the original Key Pair is used, the decryption will fail.

In [7]:
private_key_other, _ = generate_key_pair()

message_decrypted = decrypt(message_encrypted, private_key_other)
print(message_decrypted)

Failed to Decrypt


#### Using unlinked Public Key

If other **Public Key** different from the one of the original Key Pair is used, the decryption will fail.

In [8]:
_, public_key_other = generate_key_pair()

message_encrypted_other = encrypt(message, public_key_other)

message_decrypted = decrypt(message_encrypted_other, private_key)
print(message_decrypted)

Failed to Decrypt


#### Using original Private Key

In [9]:
message_decrypted = decrypt(message_encrypted, private_key)
print(message_decrypted)

Decrypted Message: b'Hello World!'


### Signing Message

To use the Key Pair for Digital Signature, the Private Key is used for encryption. In this case the method is called `sign` and not `encrypt` to have consistent terminology and avoid confusion.

A pair (message, signature) will only be valid if the message, the signature and the public key are the original ones, if any of those gets modified, an error will be thrown.

In [10]:
def sign(message, private_key):
    return private_key.sign(
        message,
        padding.PSS(
            mgf=padding.MGF1(hashes.SHA256()),
            salt_length=padding.PSS.MAX_LENGTH
        ),
        hashes.SHA256()
    )

In [11]:
message = b"My website is http://elc.github.io"

signature = sign(message, private_key)

print(f"Digital Signature: {signature.hex()}")

Digital Signature: 1578aa3e0886266a47abd4067a137c277e656a052a9753d3d2b8260bae705fd92d0c67668f2a3b191eb4acefb598b683bce738384f40385a732a39fd885c2a8cbf6a7d9a3c63d1c5bc9fc8aabfab7d26663b2e354d63d362f0790245e46e3bde71c0d3508b076e84cc304311eceb6f25eff4285ba46e3b31d62d49a8d6a2b932d2ff997467ce9f5734b7c496414a7dfa33108238e38c479f098462a9db14b5b67396c9bcefce3037466437754a5cdfe1f38d56ffaf010b89c43550a7f66aecd15e90c1ef7451054048c0dd214dd29b5436a217bc80a7881e4b90196da5957eef42b68dbbd3f628b1b980dcc02189e403183aea6f0c952c10f21d4da03277a911


### Verifying Signature

This is a helper function to avoid code duplication, it will return a string message depending on whether the message, signature pair is valid.

In [12]:
def verify(signature, message, public_key):
    try:
        public_key.verify(
            signature,
            message,
            padding.PSS(
                mgf=padding.MGF1(hashes.SHA256()),
                salt_length=padding.PSS.MAX_LENGTH
            ),
            hashes.SHA256()
        )
        return "The message has been successfully verified"
    except InvalidSignature:
        return "The signature, the message or the Public Key is invalid"

#### Tampered Message

Possible scenario:

1. An attacker intercepts the message
1. They change the message and leave the signature intact

In [13]:
wrong_message = b"My website is http://www.google.com"

verification_message = verify(signature, wrong_message, public_key)
print(verification_message)

The signature, the message or the Public Key is invalid


#### Tampered Message and Signature

Possible scenario:

1. An attacker intercepts the message
1. They change the message and generate another signature with their own Private Key

Note: it would be possible to test leaving the message intact and only changing the signature but that has no practical purpose.

In [14]:
wrong_message = b"My website is http://www.google.com"

fake_private_key, _ = generate_key_pair()
fake_signature = sign(wrong_message, fake_private_key)

verification_message = verify(fake_signature, message, public_key)
print(verification_message)

The signature, the message or the Public Key is invalid


#### Unliked Public Key

This is an unlikely possibility. Because since Public Keys are shared and public, an attacker has very limited chance to inject a fake public key. It would need to hack the sender and modify their Public Key, if they were able to do such a thing, they would have access the original message anyway.

However, for illustration, if the Public Key is changed, the validation fails as well.

In [15]:
_, public_key_other = generate_key_pair()

verification_message = verify(signature, message, public_key_other)
print(verification_message)

The signature, the message or the Public Key is invalid


#### Original Message, Signature and Public Key

Only when the message, the signature and the public match will the verficiation process succeed

In [16]:
verification_message = verify(signature, message, public_key)
print(verification_message)

The message has been successfully verified


## Using PEM Files

Public Keys, Private Keys and certificates can be saved as files, in that case the [Privacy-Enhanced Mail (PEM)](https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail) format is used. Those are files with suffix `.pem`, `.cer`, `.cert` or `.crt`. They have a characteristic `BEGIN` and `END` line which encloses the content. Since a key pair is a sequence of bytes, base64 is used to convert those to string.

The extension is just to tell the content but the PEM format is a plain-text file, i.e. it can be opened with any text editor.

PEM Files can be used for either Public Key Encryption or Digital Signature.

In [17]:
from pathlib import Path

from cryptography.hazmat.primitives import serialization

### Storing the Keys as PEM Files

#### Saving Private Key

The PEM file for the private key **should be kept secret** and never shared, the **whole asymmetric encryption depends on it being hidden**.

Because the [Public-Key Cryptography Standards (PKCS) #8 (`PKCS8`)](https://en.wikipedia.org/wiki/PKCS_8) is used as the serialization format, the private key is not stored in raw bytes but rather it is encrypted using symmetric encryption. The symmetric algorithm used is [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2). Therefore, in theory there should not be any risks if the files is leaked, that being said, sharing private key files is against all good practices.

**Note: NEVER upload private key files to source control, make sure to add the file to your `.gitignore`**

In [18]:
password = b"my secret"

key_pem_bytes = private_key.private_bytes(
   encoding=serialization.Encoding.PEM,  # PEM Format is specified
   format=serialization.PrivateFormat.PKCS8,
   encryption_algorithm=serialization.BestAvailableEncryption(password),
)

# Filename could be anything
key_pem_path = Path("key.pem")
key_pem_path.write_bytes(key_pem_bytes);

warning_message = "\n\n     TRUNCATED CONTENT TO REMIND THIS SHOULD NOT BE SHARED\n"

content = key_pem_path.read_text()
content = content[:232] + warning_message + content[1597:]

print(content)

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIW8uBbXjZ11MCAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBDwHqmSqrJsw//hu2VisSP6BIIE
0PxJ0fbgwAoJhzL+G8VgCPDuxnxiQvES8gTgglikUqnQkVJ7AxHjOPCffRzKvf3D

     TRUNCATED CONTENT TO REMIND THIS SHOULD NOT BE SHARED

lIIRdTiZAhFqDskbZHafMJuUPf/OPB1XAKf/VCQ2eO7LpIr4NBWLgBeR6vzYj3oo
AHDapSkKQd+ZD+xOAQ4RJubmW1KIQg8+QeRxk0aFiW1ZnvdyqttRcPGxYImdlPkG
w4u/ENvCtnhnOTQFdsWoGrMnVWea8+7QhVhDtdFePXFEXjWMkWPw1W99JuExz2E4
uBtdrLQWIBxFioIgkb3iQH9vkEgoaRCoOk3JF8GZUweB
-----END ENCRYPTED PRIVATE KEY-----



#### Saving Public Key

The PEM file for the public key will be part of a public certificate which will be send to everyone wanting to comunicate with the subject. **There is no risk sharing this**.

In [19]:
public_key = private_key.public_key()

public_pem_bytes = public_key.public_bytes(
   encoding=serialization.Encoding.PEM,
   format=serialization.PublicFormat.SubjectPublicKeyInfo,
)

# Filename could be anything
public_pem_path = Path("public.pem")
public_pem_path.write_bytes(public_pem_bytes);

public_key_content = public_pem_path.read_text()
print(public_key_content)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwv8vDyznb240jsS4vem1
xR47Ka2bFG3VebavyQDSegSaK5cukplZhA1xnFI5YTo0ip/FZ6hJR427On3pXGMr
RQFJSvKtwjq4VM2XYqm/Zxoa8S+ATIJLxwWBtYxBcWnabaFQVZ2ARBGfw5ORVWc9
q2RsMtUHMc3rooYdYvRRZs5DfbsPJo5X7XDA4btXGihyYAKyKAnHB/8ybK7fJC6B
27P5mgfJLN6EYgpmZoCH8YRUd5J49B0A7tn0R8oqK7YPqtlMTgavXUlad2UW1nSc
VNV5vB1o7Chft0rFdam+hAIHNaoGB1uCUzAvgMgslw9EOlmar/ivKIeAsuNszZa0
ywIDAQAB
-----END PUBLIC KEY-----



### Loading PEM Files

PEM files can be loaded directly using the load methods, in the case of the private key, a password should be provided because the `PKCS8` was used to serialized it.

#### Wrong Password

The `cryptography` library will throw `ValueError` if the password is incorrect

In [20]:
private_pem_bytes = Path("key.pem").read_bytes()
public_pem_bytes = Path("public.pem").read_bytes()

guess_password = b"my pass"

try:
    private_key_from_pem = serialization.load_pem_private_key(
        private_pem_bytes,
        password=guess_password,
    )
    public_key_from_pem = serialization.load_pem_public_key(public_pem_bytes)
    print("Keys Correctly Loaded")
except ValueError:
    print("Incorrect Password")

Incorrect Password


#### Right Password

If the correct password is used, no errors should be thrown

In [21]:
private_pem_bytes = Path("key.pem").read_bytes()
public_pem_bytes = Path("public.pem").read_bytes()

try:
    private_key_from_pem = serialization.load_pem_private_key(
        private_pem_bytes,
        password=password,
    )
    public_key_from_pem = serialization.load_pem_public_key(public_pem_bytes)
    print("Keys Correctly Loaded")
except ValueError:
    print("Incorrect Password")

Keys Correctly Loaded


### Encryption and Decryption using PEM Files

This are simple examples of encryption and decryption, the functions used are the same as the ones in the above section

#### Encrypting

In [22]:
message = b"Hello World!"

public_pem_bytes = Path("public.pem").read_bytes()
public_key_from_pem = serialization.load_pem_public_key(public_pem_bytes)

message_encrypted = encrypt(message, public_key_from_pem)

print(f"Encrypted Text: {message_encrypted.hex()}")

Encrypted Text: 746644b2c1cef10322aac1f82f84b95638a66073c0cc1b28c47ce9da05b93d4ae5e9025d8013027d9c5c5e95cf9cfea9ad0335982cf346d9fb62e5fb7dcdd867e200065791e9f8701bebb778d56047c64b6d150e2bddbe59fd764ecc7a6622d78d83d3fd6328f1327b2533e6256e2f4614ec9576a9e9960bcc122552b140062fab36f52906a6493d0b573ca51629acebd1eb146ab8491d4fcea94763578d7a485e79e4ec52991bb17e838df66c5d06ac25a7d5e6fdd716bd24a9ab8916ca3306cb03be61f7e4dc6e4723317bc956d8986aa1a83f34bf3daec91dab5577d61d3e76c6cc2fbaf31208636580fe7a8bccb62f8772f13330525f54513eb5b98a8a42


#### Decrypting

In [23]:
private_pem_bytes = Path("key.pem").read_bytes()

private_key_from_pem = serialization.load_pem_private_key(
    private_pem_bytes,
    password=password,
)

message_decrypted = decrypt(message_encrypted, private_key_from_pem)

print(message_decrypted)

Decrypted Message: b'Hello World!'


### Digital Signature using PEM Files

This are simple examples of signing and verification, the functions used are the same as the ones in the above section

#### Signing a Message

In [24]:
message = b"My website is http://elc.github.io"

private_pem_bytes = Path("key.pem").read_bytes()

private_key_from_pem = serialization.load_pem_private_key(
    private_pem_bytes,
    password=password,
)

signature = sign(message, private_key_from_pem)

print(f"Digital Signature: {signature.hex()}")

Digital Signature: 8faa56668bb842e13fff8bf4b51f716a67d7ff131118442cc6f3c0b635ef81a7fddcbed616f4ddb32c43d4015e05bbf38df6ff49f2006ce6f9058c28d7b61526777107b05be01b95a506b9cf2c4c541b74e8ce8c9944dc6da149a81a7500486fba3d6d423bfe97e42d2ee00f3a345be8e8ee3a7b3cb22462cfedcf34ab49d18c865ec36d7765016d3022c4cedb4736e85d8a4ad777aa4e2d1ce699dbbe267c3017b9ea8ea895c906eda4815fad711ecf4a99a74508b646e106d57f43d5c82b254fbefd2c7ca675493589cbf129b4d777fd47607dc5866875099227e8e540781390ca52dcdfffc0ae20bcd16de589656004d25d09ca3759aa391e4eb855431cb2


#### Verifying Signature

In [25]:
public_pem_bytes = Path("public.pem").read_bytes()
public_key_from_pem = serialization.load_pem_public_key(public_pem_bytes)

verification_message = verify(signature, message, public_key_from_pem)
print(verification_message)

The message has been successfully verified


## Conclusion

As opposed to symmetric encryption, asymmetric encryption does not rely on a single key shared across parties. Instead, a Key Pair, consisting of a Public and a Private Key which are mathematically linked, is generated by each party, then the public keys are shared. The public key is used to encrypt the message and only the linked Private Key can decrypt it.

Digital Signatures used the same principle in reverse, the Private Key is used to encrypt and the Public Key to decrypt, this does not provide privacy but guarantees that a message has not been tampered with.

For serialization and persistance Key Pairs can be stored in disk using the PEM format, for security reasons the Private Key PEM file is saved encrypted with symmetric encryption and hence requires a passphrase.

Asymmetric Encryption is mostly used as part of a bigger technology called Certificates which provides not only access to the Public Key needed to encrypt the message but also information about the subject, the issuer and a digital signature (among other fields). Certificates could be self-signed (insecure or only suitable for testing) or signed by a trusted third party called Certificate Authority.

The most widely used algorithm for Public Key Encryption and Digital Signatures is RSA and for Certificate Based Comunication is X.509