Posted in Python onDecember 04, 2019
Python3.7 基于 pycryptodome 的AES加密解密、RSA加密解密、加签验签,具体代码如下所示:
#!/usr/bin/env python
# -*- coding: utf8 -*-
import os
import rsa
import json
import hashlib
import base64
from Crypto.Cipher import AES
from ..settings_manager import settings
class RSAEncrypter(object):
"""RSA加密解密
参考 https://stuvel.eu/python-rsa-doc/index.html
对应JavaScript版本参考 https://github.com/travist/jsencrypt
[description]
"""
@classmethod
def encrypt(cls, plaintext, keydata):
#明文编码格式
content = plaintext.encode('utf8')
if os.path.isfile(keydata):
with open(keydata) as publicfile:
keydata = publicfile.read()
pubkey = rsa.PublicKey.load_pkcs1_openssl_pem(keydata)
#公钥加密
crypto = rsa.encrypt(content, pubkey)
return base64.b64encode(crypto).decode('utf8')
@classmethod
def decrypt(cls, ciphertext, keydata):
if os.path.isfile(keydata):
with open(keydata) as privatefile:
keydata = privatefile.read()
try:
ciphertext = base64.b64decode(ciphertext)
privkey = rsa.PrivateKey.load_pkcs1(keydata, format='PEM')
con = rsa.decrypt(ciphertext, privkey)
return con.decode('utf8')
except Exception as e:
pass
return False
@classmethod
def signing(cls, message, privkey):
""" 签名
https://legrandin.github.io/pycryptodome/Doc/3.2/Crypto.Signature.pkcs1_15-module.html
"""
from Crypto.Signature import pkcs1_15
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
if os.path.isfile(privkey):
with open(privkey) as privatefile:
privkey = privatefile.read()
try:
key = RSA.import_key(privkey)
h = SHA256.new(message.encode('utf8'))
sign = pkcs1_15.new(key).sign(h)
sign = base64.b64encode(sign).decode('utf8')
return sign
except Exception as e:
raise e
@classmethod
def verify(cls, message, sign, pubkey):
""" 验证签名
https://legrandin.github.io/pycryptodome/Doc/3.2/Crypto.Signature.pkcs1_15-module.html
"""
from Crypto.Signature import pkcs1_15
from Crypto.Hash import SHA256
from Crypto.PublicKey import RSA
res = False
sign = base64.b64decode(sign)
# print('sign', type(sign), sign)
try:
key = RSA.importKey(pubkey)
h = SHA256.new(message.encode('utf8'))
pkcs1_15.new(key).verify(h, sign)
res = True
except (ValueError, TypeError) as e:
raise e
pass
except Exception as e:
raise e
pass
return res
class AESEncrypter(object):
def __init__(self, key, iv=None):
self.key = key.encode('utf8')
self.iv = iv if iv else bytes(key[0:16], 'utf8')
def _pad(self, text):
text_length = len(text)
padding_len = AES.block_size - int(text_length % AES.block_size)
if padding_len == 0:
padding_len = AES.block_size
t2 = chr(padding_len) * padding_len
t2 = t2.encode('utf8')
# print('text ', type(text), text)
# print('t2 ', type(t2), t2)
t3 = text + t2
return t3
def _unpad(self, text):
pad = ord(text[-1])
return text[:-pad]
def encrypt(self, raw):
raw = raw.encode('utf8')
raw = self._pad(raw)
cipher = AES.new(self.key, AES.MODE_CBC, self.iv)
encrypted = cipher.encrypt(raw)
return base64.b64encode(encrypted).decode('utf8')
def decrypt(self, enc):
enc = enc.encode('utf8')
enc = base64.b64decode(enc)
cipher = AES.new(self.key, AES.MODE_CBC, self.iv)
decrypted = cipher.decrypt(enc)
return self._unpad(decrypted.decode('utf8'))
class AESSkyPay:
"""
Tested under Python 3.7 and pycryptodome
"""
BLOCK_SIZE = 16
def __init__(self, key):
#菲律宾支付通道 SkyPay Payment Specification.lending.v1.16.pdf
# SkyPay 对密码做了如下处理
s1 = hashlib.sha1(bytes(key, encoding='utf-8')).digest()
s2 = hashlib.sha1(s1).digest()
self.key = s2[0:16]
self.mode = AES.MODE_ECB
def pkcs5_pad(self,s):
"""
padding to blocksize according to PKCS #5
calculates the number of missing chars to BLOCK_SIZE and pads with
ord(number of missing chars)
@see: http://www.di-mgt.com.au/cryptopad.html
@param s: string to pad
@type s: string
@rtype: string
"""
BS = self.BLOCK_SIZE
return s + ((BS - len(s) % BS) * chr(BS - len(s) % BS)).encode('utf8')
def pkcs5_unpad(self,s):
"""
unpadding according to PKCS #5
@param s: string to unpad
@type s: string
@rtype: string
"""
return s[:-ord(s[len(s) - 1:])]
# 加密函数,如果text不足16位就用空格补足为16位,
# 如果大于16当时不是16的倍数,那就补足为16的倍数。
# 补足方法:PKCS5
def encrypt(self, text):
cryptor = AES.new(self.key, self.mode)
# 这里密钥key 长度必须为16(AES-128),
# 24(AES-192),或者32 (AES-256)Bytes 长度
# 目前AES-128 足够目前使用
ciphertext = cryptor.encrypt(self.pkcs5_pad(text.encode('utf8')))
# 因为AES加密时候得到的字符串不一定是ascii字符集的,输出到终端或者保存时候可能存在问题
# 所以这里将加密的字符串进行base64编码
return base64.b64encode(ciphertext).decode()
def decrypt(self, text):
cryptor = AES.new(self.key, self.mode)
plain_text = cryptor.decrypt(base64.b64decode(text))
return bytes.decode(self.pkcs5_unpad(plain_text))
def aes_decrypt(ciphertext, secret=None, prefix='aes:::'):
secret = secret if secret else settings.default_aes_secret
cipher = AESEncrypter(secret)
prefix_len = len(prefix)
if ciphertext[0:prefix_len]==prefix:
return cipher.decrypt(ciphertext[prefix_len:])
else:
return ciphertext
def aes_encrypt(plaintext, secret=None, prefix='aes:::'):
secret = secret if secret else settings.default_aes_secret
cipher = AESEncrypter(secret)
encrypted = cipher.encrypt(plaintext)
return '%s%s' % (prefix, encrypted)
if __name__ == "__main__":
try:
# for RSA test
ciphertext = 'Qa2EU2EF4Eq4w75TnA1IUw+ir9l/nSdW3pMV+a6FkzV9bld259DxM1M4RxYkpPaVXhQFol04yFjuxzkRg12e76i6pkDM1itQSOy5hwmrud5PQvfnBf7OmHpOpS6oh6OQo72CA0LEzas+OANmRXKfn5CMN14GsmfWAn/F6j4Azhs='
public_key = '/Users/leeyi/workspace/joywin_staff/joywin_staff_api/datas/public.pem'
private_key = '/Users/leeyi/workspace/joywin_staff/joywin_staff_api/datas/private.pem'
ciphertext = RSAEncrypter.encrypt('admin888中国', public_key)
print("ciphertext: ", ciphertext)
plaintext = RSAEncrypter.decrypt(ciphertext, private_key)
print("plaintext: ", type(plaintext))
print("plaintext: ", plaintext)
# for AES test
key = 'abc20304050607081q2w3e4r*1K|j!ta'
cipher = AESEncrypter(key)
plaintext = '542#1504'
encrypted = cipher.encrypt(plaintext)
print('Encrypted: %s' % encrypted)
ciphertext = 'EPLtushldq9E1U8vG/sL3g=='
assert encrypted == ciphertext
plaintext = '542#1504你好'
encrypted = '+YGDvnakKi77SBD6GXmThw=='
decrypted = cipher.decrypt(encrypted)
print('Decrypted: %s' % decrypted)
assert decrypted == plaintext
except KeyboardInterrupt:
sys.exit(0)
ps:Python3 RSA加密解密加签验签示例代码
本代码引入Pycryptodome基于Python3.50版本编译库
#!/usr/bin/env python3
# coding=utf-8
# Author: Luosu201803
"""
create_rsa_key() - 创建RSA密钥
my_encrypt_and_decrypt() - 测试加密解密功能
rsa_sign() & rsa_signverify() - 测试签名与验签功能
"""
from binascii import unhexlify
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP, PKCS1_v1_5
import base64
from Crypto.Hash import SHA1
from Crypto.Signature import pkcs1_15
def create_rsa_key(password="123456"):
"""
创建RSA密钥,步骤说明:
1、从 Crypto.PublicKey 包中导入 RSA,创建一个密码(此密码不是RSA秘钥对)
2、生成 1024/2048 位的 RSA 密钥对(存储在私钥文件和公钥文件)
3、调用 RSA 密钥实例的 exportKey 方法(传入"密码"、"使用的 PKCS 标准"、"加密方案"这三个参数)得到私钥。
4、将私钥写入磁盘的文件。
5、使用方法链调用 publickey 和 exportKey 方法生成公钥,写入磁盘上的文件。
"""
key = RSA.generate(1024)
encrypted_key = key.exportKey(passphrase=password, pkcs=8,protection="scryptAndAES128-CBC")
# encrypted_key = key.exportKey(pkcs=1)
print('encrypted_key:',encrypted_key)
with open("my_private_rsa_key.pem", "wb") as f:
f.write(encrypted_key)
with open("my_rsa_public.pem", "wb") as f:
f.write(key.publickey().exportKey())
def encrypt_and_decrypt_test(password="123456"):
# 加载私钥用于加密
recipient_key = RSA.import_key(
open("my_rsa_public.pem").read()
)
cipher_rsa = PKCS1_v1_5.new(recipient_key)
#使用base64编码保存数据方便查看,同样解密需要base64解码
en_data = base64.b64encode(cipher_rsa.encrypt(b"123456,abcdesd"))
print("加密数据信息:",type(en_data),'\n',len(en_data),'\n',en_data)
# 加载公钥用于解密
encoded_key = open("my_private_rsa_key.pem").read()
private_key = RSA.import_key(encoded_key,passphrase=password)
cipher_rsa = PKCS1_v1_5.new(private_key)
data = cipher_rsa.decrypt(base64.b64decode(en_data), None)
print(data)
def rsa_sign(message,password="123456"):
#读取私钥信息用于加签
private_key = RSA.importKey(open("my_private_rsa_key.pem").read(),passphrase=password)
hash_obj = SHA1.new(message)
# print(pkcs1_15.new(private_key).can_sign()) #check wheather object of pkcs1_15 can be signed
#base64编码打印可视化
signature = base64.b64encode(pkcs1_15.new(private_key).sign(hash_obj))
return signature
def rsa_signverify(message,signature):
#读取公钥信息用于验签
public_key = RSA.importKey(open("my_rsa_public.pem").read())
#message做“哈希”处理,RSA签名这么要求的
hash_obj = SHA1.new(message)
try:
#因为签名被base64编码,所以这里先解码,再验签
pkcs1_15.new(public_key).verify(hash_obj,base64.b64decode(signature))
print('The signature is valid.')
return True
except (ValueError,TypeError):
print('The signature is invalid.')
if __name__ == '__main__':
# create_rsa_key()
encrypt_and_decrypt_test()
# message = b'Luosu is a Middle-aged uncle.'
# signature = rsa_sign(message)
# print('signature:',signature)
# print(rsa_signverify(message,signature))
总结
以上所述是小编给大家介绍的Python3.7 基于 pycryptodome 的AES加密解密、RSA加密解密、加签验签,希望对大家有所帮助,如果大家有任何疑问请给我留言,小编会及时回复大家的。在此也非常感谢大家对三水点靠木网站的支持!
如果你觉得本文对你有帮助,欢迎转载,烦请注明出处,谢谢!
Python3.7 基于 pycryptodome 的AES加密解密、RSA加密解密、加签验签
- Author -
mrr声明:登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述。
Reply on: @reply_date@
@reply_contents@