This protocol simulates a basic SSL/TLS-style secure communication using netcat for transport and Python for encryption.
Each party generates an RSA key pair
python3 keygen_rsa.py --out sender
python3 keygen_rsa.py --out receiverExchange public keys (sender_pub.pem, receiver_pub.pem) out-of-band or hardcode them for testing.
- Generate a random AES key and IV using your custom Python logic.
- Encrypt the plaintext message using your custom AES-256 (CBC mode) implementation.
- Sign the original plaintext using your custom SHA-256 hash function + RSA private key (custom implementation).
- Encrypt the AES key and IV together using the recipient's RSA public key (custom implementation).
- Base64-encode the outputs.
- Send the three lines (in order) to the receiver via
netcat:encrypted_AES_key_and_IVencrypted_messagedigital_signature
python3 secure_send_custom.py receiver_pub.txt sender_priv.txt | nc 9999
-
Receive three base64-encoded lines over netcat and pipe them into your custom script:
nc -l -p 9999 | python3 secure_receive_custom.py receiver_priv.txt sender_pub.txt
-
Read each line from standard input:
Line 1: encrypted_AES_key_and_IVLine 2: encrypted_messageLine 3: digital_signature -
Base64-decode each part.
-
Decrypt the AES key and IV using the receiver's RSA private key (custom).
-
Decrypt the message using AES-256 in CBC mode with the decrypted key and IV.
-
Verify the digital signature using the sender’s public RSA key and your custom SHA-256.
The message consists of three base64-encoded lines, sent in the following order:
encrypted_AES_key_and_IVencrypted_messagedigital_signature
Each line should be processed in sequence by the receiver.
secure_receive_custom.py: to decrept an verify the received messages and either accept them or reject them.
secure_send_custom.py: to encrypt the messages before sending them over the socket.