溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
Python3.7 基于 pycryptodome 的AES加密解密、RSA加密解密、加簽驗簽,具體代碼如下所示:
#!/usr/bin/env python
# -*- coding: utf8 -*-
import os
import rsa
import json
import hashlib
import base64
from Crypto.Cipher import AES
from ..settings_manager import settings
class RSAEncrypter(object):
"""RSA加密解密
參考 https://stuvel.eu/python-rsa-doc/index.html
對應JavaScript版本參考 https://github.com/travist/jsencrypt
[description]
"""
@classmethod
def encrypt(cls, plaintext, keydata):
#明文編碼格式
content = plaintext.encode('utf8')
if os.path.isfile(keydata):
with open(keydata) as publicfile:
keydata = publicfile.read()
pubkey = rsa.PublicKey.load_pkcs1_openssl_pem(keydata)
#公鑰加密
crypto = rsa.encrypt(content, pubkey)
return base64.b64encode(crypto).decode('utf8')
@classmethod
def decrypt(cls, ciphertext, keydata):
if os.path.isfile(keydata):
with open(keydata) as privatefile:
keydata = privatefile.read()
try:
ciphertext = base64.b64decode(ciphertext)
privkey = rsa.PrivateKey.load_pkcs1(keydata, format='PEM')
con = rsa.decrypt(ciphertext, privkey)
return con.decode('utf8')
except Exception as e:
pass
return False
@classmethod
def signing(cls, message, privkey):
""" 簽名
https://legrandin.github.io/pycryptodome/Doc/3.2/Crypto.Signature.pkcs1_15-module.html
"""
from Crypto.Signature import pkcs1_15
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
if os.path.isfile(privkey):
with open(privkey) as privatefile:
privkey = privatefile.read()
try:
key = RSA.import_key(privkey)
h = SHA256.new(message.encode('utf8'))
sign = pkcs1_15.new(key).sign(h)
sign = base64.b64encode(sign).decode('utf8')
return sign
except Exception as e:
raise e
@classmethod
def verify(cls, message, sign, pubkey):
""" 驗證簽名
https://legrandin.github.io/pycryptodome/Doc/3.2/Crypto.Signature.pkcs1_15-module.html
"""
from Crypto.Signature import pkcs1_15
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
res = False
sign = base64.b64decode(sign)
# print('sign', type(sign), sign)
try:
key = RSA.importKey(pubkey)
h = SHA256.new(message.encode('utf8'))
pkcs1_15.new(key).verify(h, sign)
res = True
except (ValueError, TypeError) as e:
raise e
pass
except Exception as e:
raise e
pass
return res
class AESEncrypter(object):
def __init__(self, key, iv=None):
self.key = key.encode('utf8')
self.iv = iv if iv else bytes(key[0:16], 'utf8')
def _pad(self, text):
text_length = len(text)
padding_len = AES.block_size - int(text_length % AES.block_size)
if padding_len == 0:
padding_len = AES.block_size
t2 = chr(padding_len) * padding_len
t2 = t2.encode('utf8')
# print('text ', type(text), text)
# print('t2 ', type(t2), t2)
t3 = text + t2
return t3
def _unpad(self, text):
pad = ord(text[-1])
return text[:-pad]
def encrypt(self, raw):
raw = raw.encode('utf8')
raw = self._pad(raw)
cipher = AES.new(self.key, AES.MODE_CBC, self.iv)
encrypted = cipher.encrypt(raw)
return base64.b64encode(encrypted).decode('utf8')
def decrypt(self, enc):
enc = enc.encode('utf8')
enc = base64.b64decode(enc)
cipher = AES.new(self.key, AES.MODE_CBC, self.iv)
decrypted = cipher.decrypt(enc)
return self._unpad(decrypted.decode('utf8'))
class AESSkyPay:
"""
Tested under Python 3.7 and pycryptodome
"""
BLOCK_SIZE = 16
def __init__(self, key):
#菲律賓支付通道 SkyPay Payment Specification.lending.v1.16.pdf
# SkyPay 對密碼做了如下處理
s1 = hashlib.sha1(bytes(key, encoding='utf-8')).digest()
s2 = hashlib.sha1(s1).digest()
self.key = s2[0:16]
self.mode = AES.MODE_ECB
def pkcs5_pad(self,s):
"""
padding to blocksize according to PKCS #5
calculates the number of missing chars to BLOCK_SIZE and pads with
ord(number of missing chars)
@see: http://www.di-mgt.com.au/cryptopad.html
@param s: string to pad
@type s: string
@rtype: string
"""
BS = self.BLOCK_SIZE
return s + ((BS - len(s) % BS) * chr(BS - len(s) % BS)).encode('utf8')
def pkcs5_unpad(self,s):
"""
unpadding according to PKCS #5
@param s: string to unpad
@type s: string
@rtype: string
"""
return s[:-ord(s[len(s) - 1:])]
# 加密函數,如果text不足16位就用空格補足為16位,
# 如果大于16當時不是16的倍數,那就補足為16的倍數。
# 補足方法:PKCS5
def encrypt(self, text):
cryptor = AES.new(self.key, self.mode)
# 這里密鑰key 長度必須為16(AES-128),
# 24(AES-192),或者32 (AES-256)Bytes 長度
# 目前AES-128 足夠目前使用
ciphertext = cryptor.encrypt(self.pkcs5_pad(text.encode('utf8')))
# 因為AES加密時候得到的字符串不一定是ascii字符集的,輸出到終端或者保存時候可能存在問題
# 所以這里將加密的字符串進行base64編碼
return base64.b64encode(ciphertext).decode()
def decrypt(self, text):
cryptor = AES.new(self.key, self.mode)
plain_text = cryptor.decrypt(base64.b64decode(text))
return bytes.decode(self.pkcs5_unpad(plain_text))
def aes_decrypt(ciphertext, secret=None, prefix='aes:::'):
secret = secret if secret else settings.default_aes_secret
cipher = AESEncrypter(secret)
prefix_len = len(prefix)
if ciphertext[0:prefix_len]==prefix:
return cipher.decrypt(ciphertext[prefix_len:])
else:
return ciphertext
def aes_encrypt(plaintext, secret=None, prefix='aes:::'):
secret = secret if secret else settings.default_aes_secret
cipher = AESEncrypter(secret)
encrypted = cipher.encrypt(plaintext)
return '%s%s' % (prefix, encrypted)
if __name__ == "__main__":
try:
# for RSA test
ciphertext = 'Qa2EU2EF4Eq4w75TnA1IUw+ir9l/nSdW3pMV+a6FkzV9bld259DxM1M4RxYkpPaVXhQFol04yFjuxzkRg12e76i6pkDM1itQSOy5hwmrud5PQvfnBf7OmHpOpS6oh7OQo72CA0LEzas+OANmRXKfn5CMN14GsmfWAn/F6j4Azhs='
public_key = '/Users/leeyi/workspace/joywin_staff/joywin_staff_api/datas/public.pem'
private_key = '/Users/leeyi/workspace/joywin_staff/joywin_staff_api/datas/private.pem'
ciphertext = RSAEncrypter.encrypt('admin888中國', public_key)
print("ciphertext: ", ciphertext)
plaintext = RSAEncrypter.decrypt(ciphertext, private_key)
print("plaintext: ", type(plaintext))
print("plaintext: ", plaintext)
# for AES test
key = 'abc20304050607081q2w3e4r*1K|j!ta'
cipher = AESEncrypter(key)
plaintext = '542#1504'
encrypted = cipher.encrypt(plaintext)
print('Encrypted: %s' % encrypted)
ciphertext = 'EPLtushldq9E1U8vG/sL3g=='
assert encrypted == ciphertext
plaintext = '542#1504你好'
encrypted = '+YGDvnakKi77SBD6GXmThw=='
decrypted = cipher.decrypt(encrypted)
print('Decrypted: %s' % decrypted)
assert decrypted == plaintext
except KeyboardInterrupt:
sys.exit(0)
ps:Python3 RSA加密解密加簽驗簽示例代碼
本代碼引入Pycryptodome基于Python3.50版本編譯庫
#!/usr/bin/env python3
# coding=utf-8
# Author: Luosu201803
"""
create_rsa_key() - 創建RSA密鑰
my_encrypt_and_decrypt() - 測試加密解密功能
rsa_sign() & rsa_signverify() - 測試簽名與驗簽功能
"""
from binascii import unhexlify
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP, PKCS1_v1_5
import base64
from Crypto.Hash import SHA1
from Crypto.Signature import pkcs1_15
def create_rsa_key(password="123456"):
"""
創建RSA密鑰,步驟說明:
1、從 Crypto.PublicKey 包中導入 RSA,創建一個密碼(此密碼不是RSA秘鑰對)
2、生成 1024/2048 位的 RSA 密鑰對(存儲在私鑰文件和公鑰文件)
3、調用 RSA 密鑰實例的 exportKey 方法(傳入"密碼"、"使用的 PKCS 標準"、"加密方案"這三個參數)得到私鑰。
4、將私鑰寫入磁盤的文件。
5、使用方法鏈調用 publickey 和 exportKey 方法生成公鑰,寫入磁盤上的文件。
"""
key = RSA.generate(1024)
encrypted_key = key.exportKey(passphrase=password, pkcs=8,protection="scryptAndAES128-CBC")
# encrypted_key = key.exportKey(pkcs=1)
print('encrypted_key:',encrypted_key)
with open("my_private_rsa_key.pem", "wb") as f:
f.write(encrypted_key)
with open("my_rsa_public.pem", "wb") as f:
f.write(key.publickey().exportKey())
def encrypt_and_decrypt_test(password="123456"):
# 加載私鑰用于加密
recipient_key = RSA.import_key(
open("my_rsa_public.pem").read()
)
cipher_rsa = PKCS1_v1_5.new(recipient_key)
#使用base64編碼保存數據方便查看,同樣解密需要base64解碼
en_data = base64.b64encode(cipher_rsa.encrypt(b"123456,abcdesd"))
print("加密數據信息:",type(en_data),'\n',len(en_data),'\n',en_data)
# 加載公鑰用于解密
encoded_key = open("my_private_rsa_key.pem").read()
private_key = RSA.import_key(encoded_key,passphrase=password)
cipher_rsa = PKCS1_v1_5.new(private_key)
data = cipher_rsa.decrypt(base64.b64decode(en_data), None)
print(data)
def rsa_sign(message,password="123456"):
#讀取私鑰信息用于加簽
private_key = RSA.importKey(open("my_private_rsa_key.pem").read(),passphrase=password)
hash_obj = SHA1.new(message)
# print(pkcs1_15.new(private_key).can_sign()) #check wheather object of pkcs1_15 can be signed
#base64編碼打印可視化
signature = base64.b64encode(pkcs1_15.new(private_key).sign(hash_obj))
return signature
def rsa_signverify(message,signature):
#讀取公鑰信息用于驗簽
public_key = RSA.importKey(open("my_rsa_public.pem").read())
#message做“哈希”處理,RSA簽名這么要求的
hash_obj = SHA1.new(message)
try:
#因為簽名被base64編碼,所以這里先解碼,再驗簽
pkcs1_15.new(public_key).verify(hash_obj,base64.b64decode(signature))
print('The signature is valid.')
return True
except (ValueError,TypeError):
print('The signature is invalid.')
if __name__ == '__main__':
# create_rsa_key()
encrypt_and_decrypt_test()
# message = b'Luosu is a Middle-aged uncle.'
# signature = rsa_sign(message)
# print('signature:',signature)
# print(rsa_signverify(message,signature))
總結
以上所述是小編給大家介紹的Python3.7 基于 pycryptodome 的AES加密解密、RSA加密解密、加簽驗簽,希望對大家有所幫助,如果大家有任何疑問請給我留言,小編會及時回復大家的。在此也非常感謝大家對億速云網站的支持!
如果你覺得本文對你有幫助,歡迎轉載,煩請注明出處,謝謝!
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
