Q1: Advanced AES Encryption with Different Modes of Operation

Task: Implement AES encryption and decryption using various modes: ECB, CBC, CFB, OFB, CTR, and AES-GCM.

Requirements:

• Use cryptography library for AES implementation.

• Key Derivation: Implement PBKDF2 for key derivation from a user-provided password and salt.

o Algorithm: SHA-256

o Length of the key: 32 bytes

o Iterations: 100000

• Design a manual padding scheme for the modes that require padding.

o Padding should follow PKCS#7 padding scheme. This scheme adds padding bytes where each byte's value is equal to the number of padding bytes added. For example, if 3 bytes of padding are needed, the padding would be 03 03 03.

• Encrypt and decrypt plaintext using a certain mode.

• Execution: Run the script as $ python3 Q1.py.

• The encrypted output should be consistent if the inputs remain the same.

• Include error handling for invalid inputs.

o If the password is empty, raise a ValueError that says: “Password cannot be empty.

o If the mode is not correct or empty, raise a ValueError that says: “Unsupported mode.” The mode is case-sensitive.

o If the plaintext is empty, raise a ValueError that says: “Plaintext cannot be empty.”.

o If the provided salt or IV is not a hex string, raise a ValueError that says: “Invalid hex string.”

Q2: Implement Diffie-Hellman Key Exchange Manually

Task: Manually simulate the Diffie-Hellman key exchange process.

Requirements:

• Simulate two parties, Alice and Bob, each with their own private key and public key.

• Use built-in pow function for modular exponentiation.

• Implement the check_prime() function to check if a number is prime. If it is not a prime number, raise a ValueError that says: “Not a prime number.” Only apply this check function to numbers that should be prime.

• The shared secret should be computed without relying on any external libraries.

• Execution: Run the script as $ python3 Q2.py.

• Ensure robust input validation for prime numbers and handle edge cases appropriately.

o If a user input is empty, raise a ValueError that says: “Empty value is not allowed.”

o If a use input is not an integer, raise a ValueError that says: “Only integer values are allowed.”.

o If a private key is invalid, raise a ValueError that says: “Invalid private key.” The range for the private keys is 1 ≤ private key < p.

Q3: Implement RSA Encryption with Manual Key Generation

Task: Write a Python program for RSA encryption and decryption including key generation.

Requirements:

• Include two prime numbers p and q as command-line arguments.

o Both p and q should be greater than 10.

• Implement modular arithmetic functions manually.

• Compute the public and private keys using these primes.

• Select the smallest possible e that is coprime with .

• Encrypt and decrypt the message using ord() and chr().

• Execution: Run the script as $ python3 Q3.py [prime_number_p] [prime_numer_q] [message].

• Ensure input validation for prime numbers and manage edge cases.

o If the command-line arguments are invalid, raise a ValueError that says: “Usage: python Q3.py <prime_p> <prime_q> <message>”

o If p or q is empty, raise a ValueError that says: “Empty value is not allowed.”.

o If the message is empty, raise a ValueError that says: “Empty message is not allowed.”.

o If p or q is not an integer, raise a ValueError that says: “Only integer values are allowed.”

o If p or q is smaller or equal to 10, raise a ValueError that says: “Both p and q need to be greater than 10.”

o If p or q is not a prime number, raise a ValueError that says: “Both p and q need to be prime numbers.

o If p and q are the same number, raise a ValueError that says: “p and q cannot be equal.”.

Q4: Simulate PKI and Digital Certificate Creation

Task: Develop a program to create a digital certificate using RSA.

Requirements:

• Use cryptography library for RSA key generation and certificate signing.

• For the first time running Q4.py, the script should generate an RSA key and save it to the same folder as private_key.pem and use this key to generate the digital certificate. For any later run of Q4.py, the script should read this RSA key and use it as the key to generate your digital certificate. Include the generated private_key.pem in your submission.

• Certificate should include issuer, public key, serial number, and validity period. For the issuer:

o COUNTRY_NAME: “AU”

o STATE_OR_PROVINCE_NAME: "Queensland"

o LOCALITY_NAME: "Brisbane”

o ORGANIZATION_NAME: "UQ"

o COMMON_NAME: "uq.com"

• Serialize keys and certificate in PEM format, hint: serialization.Encoding.PEM

• Execution: Run the script as $ python3 Q4.py.

• Overwrite certificate.pem whenever you run your script.

• The certificate you generate should be the same whenever you run this script.