Break-down-of-code

#Imports

import os
from Crypto.Cipher import AES, PKCS1_OAEP 
#AES: Advanced Encryption Standard algorithm to encrypt and decrypt data
#Supports block sizes of 128, 192 and 256 bits 

#PKCS1_OAEP: Optimal Asymmetric Encryption Padding (OAEP) scheme, widely used padding scheme for RSA encryption

from Crypto.PublicKey import RSA

#RSA: Implements RSA encryption algorithm 
#RSA uses a public key for encryption and a private key for decryption
#Widely used for key exchange, digital signatures and more

from Crypto.Random import get_random_bytes

#Function used to generate cryptographically secure random bytes (AES key here)
# Necessary for symmetric encryption process

AES_blocksize = 16
AES_padding = b'\x00'
#Constants that define AES block size and padding scheme (Represents padding value used to pad the plaintext to a multiple of the AES block size)

#RSA Key Pair
key = RSA.generate(2048) #Key length of 2048 bits, key length determines strength of encryption and security level of RSA algorithm
private_key = key.export_key() 
#Private key: secret key generated during RSA key pair, kept confidential by owner
#Used for decrypting messages that are encrypted with the corresponding public key
public_key = key.publickey().export_key()
#Derived from private key and is shared with others
#Used by others to encrypt messages that are meant to be sent to the owner of the private key
#Once encrypted, message can only be decrypted using the corresponding private key. 

# RSA Key write to file
with open('private_key.pem', 'wb') as f:
    f.write(private_key)
with open('public_key.pem', 'wb') as f:
    f.write(public_key)

def generate_aes_key():
    """Generate a random AES key."""
    return get_random_bytes(AES_blocksize) #Generates random AES key of size AES_blocksize by using the get_random_bytes function

def encrypt_file(filename, aes_key, rsa_public_key):
    """Encrypt a file using AES and RSA."""
    # Read file contents
    with open(filename, 'rb') as file:
        plaintext = file.read() #Reads content of file (filename parameter) in binary mode and stores it in plaintext variable
    
    # Pad the plaintext to be a multiple of AES block size  by appending AES_padding multiple times
    #No. of padding bytes added is calculated as the difference between AES block size and modulus of (length of plaintext / AES block size)
    plaintext += AES_padding * (AES_blocksize - len(plaintext) % AES_blocksize)

    # Generate AES cipher using the AES key
    aes_cipher = AES.new(aes_key, AES.MODE_EAX)

    # Encrypt the plaintext using AES
    ciphertext, tag = aes_cipher.encrypt_and_digest(plaintext)

    # Encrypt the AES key using RSA public key
    rsa_cipher = PKCS1_OAEP.new(rsa_public_key)
    encrypted_aes_key = rsa_cipher.encrypt(aes_key)

    #Writing encrypted AES key and ciphertext to output file
    with open('encrypted_' + filename, 'wb') as output_file:
        output_file.write(encrypted_aes_key)
        output_file.write(aes_cipher.nonce)
        output_file.write(tag)
        output_file.write(ciphertext) 

def decrypt_file(filename, aes_key, rsa_private_key):
    #Decrypt a file using AES and RSA private key
    rsa_cipher = PKCS1_OAEP.new(rsa_private_key)
    decrypted_aes_key = rsa_cipher.decrypt(aes_key)

    # Read encrypted file contents
    with open(filename, 'rb') as file:
        encrypted_data = file.read()
    
    # Extract AES cipher nonce, tag, and ciphertext from encrypted data
    encrypted_aes_key_size = rsa_private_key.size_in_bytes()
    nonce = encrypted_data[:AES_blocksize]
    tag = encrypted_data[AES_blocksize:AES_blocksize+16]
    ciphertext = encrypted_data[AES_blocksize+16:encrypted_aes_key_size]

    # Create AES cipher using decrypted AES key and extracted nonce
    aes_cipher = AES.new(decrypted_aes_key, AES.MODE_EAX, nonce=nonce)

    # Decrypting the ciphertext using AES
    plaintext = aes_cipher.decrypt_and_verify(ciphertext, tag)

    # Writing the decrypted plaintext to output file
    with open('decrypted_' + filename, 'wb') as output_file:
        output_file.write(plaintext)