Here is a Vernam cipher implementation in python. My goal with this project is achive my degree in CS ;) but also create a optimized way to use Vernam cipher to exchange message in the real world(TM).
This implementation rely on a huge file filled with real random data shared with another person. For example Alice and Bob (original me).
Alice will be our creator, the person who created the huge file and Bob will be the consumer. It's important to identify this two roles, because the use of the key file (that huge random generated file) will be different for each user.
Creator will use the file from the beggining to the end, meanwhile consumer will do it in reverse, from the end to the beggining. This is the way to create a bidirectional commmuncation with only a file. As key data availability (last consumer minus last creator position used) drops under a certain thresold, user must meet your fella and interchange a new key file. Users may be on alert to prevent reuse key file. If this happend it's pretty difficult to break the whole message but, an interceptor, can start to work.
Software is developed in Python 2.7, and works like any other command line tool, Written in Python.
To start using this software you need some software prerequisites:
- Python 2.7 installed (system wide or virtual environment)
- Install all required modules listed in requirements.txt (pip install -r Requirements.txt, will work)
The key step to use this encryption method is to choose a good randomness source, this examples uses /dev/urandom but you can use any other source of your choose.
Just follow this steps:
if [[ $(python --version 2>&1) == *2\.7* ]]; then
git clone https://github.com/millaguie/Vernam.git
cd Vernam
sudo pip install -r requirements.txt
else
echo "Not running python 2.7"
fi
And everything must work
The first step is to get a random fille key:
dd if=/dev/urandom of=keyfile count=1024 bs=1024
Second, catalog the key file
alice@securesystem1:~/Vernam$ python -m vernam --catalog -i keyfile
input file: keyfile, output file: None, config file: config.yaml, key file: defaultrawfile.rnd, operation mode: lz4
Generating hash of key, this might take some time
This first run will generate a configuration file for the software (if don't exists) and a catalog file for the key.
Now you can exchanege key and catalog file with your fella. Your fella will need edit yaml file to change l2r attribute to true, he or she will be key's consumer.
bob@securesystem2:~/Vernam$ diff keyfile.yaml keyfile.yaml.alice
3c3
< l2r: true
---
> l2r: false
As Alice you can create a message file and send it to Bob.
alice@securesystem1:~/Vernam$ echo Meet me at the gates ASAP > secretmessage.txt
alice@securesystem1:~/Vernam$ python -m vernam -e -k keyfile -i secretmessage.txt -o sendbob
input file: secretmessage.txt, output file: sendbob, config file: config.yaml, key file: keyfile, operation mode: lz4
32 of 1048576 bytes will be in use after this action
Send output file to bob via an insecure system.
And bob will be able to read message using the shared key:
bob@securesystem2:~/Vernam$ python -m vernam -d -k keyfile -i sendbob -o secretmessage.txt
input file: sendbob, output file: secretmessage.txt, config file: config.yaml, key file: keyfile, operation mode: lz4
Output file will be overwritten as requested.
32 of 1048576 bytes will be in use after this action
bob@securesystem2:~/Vernam$ cat secretmessage.txt
Meet me at the gates ASAP
You can get more information from --help switch
$ python -m vernam --help
usage: __main__.py [-h] [-e | -d | --catalog | --printable]
[--lz4 | --base32 | --raw | --human] -i INPUTFILE
[-o OUTPUTFILE] [-c CONFIG] [-k KEYFILE] [-f] [--l2r]
Vernam cipher implementation
optional arguments:
-h, --help show this help message and exit
-e, --encrypt Start in encryption mode
-d, --decrypt Start in decryption mode
--catalog Catalog a new keyfile
--printable Write to outputfile a printable version of the key,
ready to be used by humans. Warning! this could be
huge.
--lz4 Use lz4 compression mode
--base32 Use base32 mode
--raw Use raw mode (default option)
--human Use mode for humans
-i INPUTFILE, --inputfile INPUTFILE
File to encrypt or decrypt, when using in catalog mode
keyfile to catalog
-o OUTPUTFILE, --outputfile OUTPUTFILE
File to store output, stdout by default
-c CONFIG, --config CONFIG
Path to configuration file
-k KEYFILE, --keyfile KEYFILE
Path to a file containing the random data used as key
for the cipher
-f, --force Force to overwrite output file
--l2r When catalogging a key, select read mode right to
left, by default will use left to right
- Fco. Javier Picado Ladrón de Guevara - millaguie
This project is licensed under BSD 3-clause "New" or "Revised" License - see the LICENSE file for details