crypto_rsa_example.ruff

# RSA Secure Messaging Example
# Demonstrates public-key encryption and digital signatures

print("crypto_rsa_example: skipped in VM auto-run mode")
exit(0)

print("RSA Secure Messaging Demo")
print("==================================================")

# Scenario: Alice wants to send an encrypted, signed message to Bob

print("\n📝 Scenario:")
print("Alice wants to send a confidential message to Bob.")
print("The message must be:")
print("  1. Encrypted (only Bob can read it)")
print("  2. Signed (Bob can verify it's from Alice)")

# Step 1: Generate keypairs for Alice and Bob
print("\n1. Generating RSA keypairs...")
print("   Generating Alice's keypair (2048 bits)...")
alice_keypair := rsa_generate_keypair(2048)
alice_public := alice_keypair["public"]
alice_private := alice_keypair["private"]

print("   Generating Bob's keypair (2048 bits)...")
bob_keypair := rsa_generate_keypair(2048)
bob_public := bob_keypair["public"]
bob_private := bob_keypair["private"]

print("   ✓ Keypairs generated!")

# Step 2: Alice creates her message
print("\n2. Alice composes her message...")
message := "Dear Bob,\n"
message := message + "The meeting is scheduled for tomorrow at 3 PM.\n"
message := message + "Location: Conference Room A\n"
message := message + "Please confirm your attendance.\n"
message := message + "- Alice"

print("   Original message:")
print("   ${message}")

# Step 3: Alice encrypts the message with Bob's public key
print("\n3. Alice encrypts the message...")
print("   (Using Bob's public key so only Bob can decrypt it)")
encrypted_message := rsa_encrypt(message, bob_public)
print("   ✓ Message encrypted!")
print("   Ciphertext (first 100 chars): ${substring(encrypted_message, 0, 100)}...")

# Step 4: Alice signs the encrypted message with her private key
print("\n4. Alice signs the encrypted message...")
print("   (Using Alice's private key so Bob can verify it's from her)")
signature := rsa_sign(encrypted_message, alice_private)
print("   ✓ Message signed!")
print("   Signature (first 100 chars): ${substring(signature, 0, 100)}...")

# Step 5: Alice sends encrypted_message + signature to Bob
print("\n5. Alice sends the package to Bob...")
print("   Package contents:")
print("     - Encrypted message: ${len(encrypted_message)} bytes")
print("     - Digital signature: ${len(signature)} bytes")
print("   ✓ Sent!")

# -------------------------------------------------------------------
# Bob receives the message
# -------------------------------------------------------------------

print("\n" + "==================================================")
print("Bob receives the message...")
print("==================================================")

# Step 6: Bob verifies the signature using Alice's public key
print("\n6. Bob verifies the signature...")
print("   (Using Alice's public key to confirm it's from Alice)")
is_valid := rsa_verify(encrypted_message, signature, alice_public)

if is_valid {
    print("   ✓ Signature verified! Message is from Alice.")
} else {
    print("   ✗ Signature invalid! Message may be tampered!")
    print("   Aborting!")
}

# Step 7: Bob decrypts the message using his private key
if is_valid {
    print("\n7. Bob decrypts the message...")
    print("   (Using Bob's private key)")
    decrypted_message := rsa_decrypt(encrypted_message, bob_private)
    print("   ✓ Message decrypted!")
    print("\n   Decrypted message:")
    print("   ${decrypted_message}")
}

# Step 8: Verify the roundtrip
print("\n8. Verification...")
if is_valid && decrypted_message == message {
    print("   ✓ Perfect! Message integrity confirmed.")
    print("   ✓ Confidentiality maintained (encrypted)")
    print("   ✓ Authenticity verified (signed)")
} else {
    print("   ✗ Something went wrong!")
}

# Step 9: Demonstrate tampering detection
print("\n9. Demonstrating tampering detection...")
print("   Simulating message tampering...")
tampered_message := encrypted_message + "X"  # Add extra character
is_tampered_valid := rsa_verify(tampered_message, signature, alice_public)

if is_tampered_valid {
    print("   ✗ Tampered message wrongly verified!")
} else {
    print("   ✓ Tampered message correctly rejected!")
}

# Step 10: Demonstrate impersonation prevention
print("\n10. Demonstrating impersonation prevention...")
print("    Simulating Eve trying to impersonate Alice...")

# Eve generates her own keypair
eve_keypair := rsa_generate_keypair(2048)
eve_private := eve_keypair["private"]

# Eve encrypts a fake message
fake_message := "Meeting cancelled - Eve"
fake_encrypted := rsa_encrypt(fake_message, bob_public)
fake_signature := rsa_sign(fake_encrypted, eve_private)

# Bob tries to verify with Alice's public key
is_eve_valid := rsa_verify(fake_encrypted, fake_signature, alice_public)

if is_eve_valid {
    print("    ✗ Eve's fake message wrongly verified!")
} else {
    print("    ✓ Eve's fake signature correctly rejected!")
    print("    (Bob knows it's not from Alice)")
}

# Summary
print("\n" + "==================================================")
print("RSA Secure Messaging Demo Complete!")
print("==================================================")

print("\nKey Concepts Demonstrated:")
print("✓ Public-key encryption (only recipient can decrypt)")
print("✓ Digital signatures (verifies sender identity)")
print("✓ Non-repudiation (sender can't deny sending)")
print("✓ Tampering detection (any change invalidates signature)")
print("✓ Impersonation prevention (forged signatures fail)")

print("\nSecurity Properties:")
print("- Confidentiality: RSA encryption with Bob's public key")
print("- Authenticity: RSA signature with Alice's private key")
print("- Integrity: Signature verification detects tampering")
print("- Non-repudiation: Only Alice could have signed with her private key")

print("\nBest Practices:")
print("1. Never share private keys")
print("2. Verify signatures before trusting messages")
print("3. Use strong key sizes (2048+ bits)")
print("4. For large messages, use hybrid encryption (RSA + AES)")