cryptography工具包
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization, hashes
from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption, PublicFormat
import base64
# 生成公钥和私钥
def generate_keys():
private_key = rsa.generate_private_key(
public_exponent=655537,
key_size=1024,
backend=default_backend()
)
serialized_private_key = private_key.private_bytes(
Encoding.PEM,
PrivateFormat.PKCS8,
NoEncryption()
)
public_key = private_key.public_key()
serialized_public_key = public_key.public_bytes(
Encoding.PEM,
PublicFormat.SubjectPublicKeyInfo
)
print(private_key, public_key)
return serialized_private_key, serialized_public_key
def get_private_key():
return """
-----BEGIN PRIVATE KEY-----
MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAM1vDAM29PvzQ76I
BBSSeC6+9cb6hC29wSkkIv0widZCxjXv9pGUgcv+O45cyJAKz/BNYzfCBvhgYGQX
v+ym2pT+viSdrNR3+loAKuG+JH4E/mpIf5t+nJiMaGaN4CIyJ4uTsTUHbytFALUt
Td8Vhy9Hfwb1VZRNCKWoVByoBHezAgMKALECf2jve5Rl61MpCxNIqY+WaLTYQ9L5
6UGLHvlhBXgV/04fN1CiVMHsEeVj79HbZZsSTXpsLQPGxlFknWSorMyRG6Uy3hhp
nvWSvtrQrbuZIgDUjMfLXncRHj8NMF8CFa4oNDSOSbkOBN7DRKYsfa2svZoeRWvf
7sEMfEzIgIFpk1ECQQDzjBgbHnipALjsHLcNje45KWSdLUejEteCjkL+qZtUodsT
53Bud9HsVPzBj4FTjfMsI468BNF1AFrXOct3eMihAkEA1/ARROMt4rHMgaSOGE/s
zJnEDG51uGfWF6dJCNhWm94vAFUySz0ksvSgHLY8KgAxF8gQvQ0qduQoBez47Po7
0wJBALCggjzdavd8suzRyupN3ckVl4f2iMpsAoP/cJpk2GTnbSTKAON+SyCPiVHi
0s5+xv50QxdrUXUoarQXI0Rk93ECQG3omUD3iKNulAbC5UUQDP748tGnjxKo+Mv6
9u/3upNYa1V7dwY26DVoChsU4WoVhefz62kHnKUo15RNXhaqovMCQAxh/ctJ/oU4
+h434f/NrDVRYYhwvxS9+8bTAbe9J7vbn20NrRYvW/A9YLADkANaxXtdC2hEwKpm
m9+AhWGzmr0=
-----END PRIVATE KEY-----
"""
def get_public_key():
return """"
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNbwwDNvT780O+iAQUknguvvXG
+oQtvcEpJCL9MInWQsY17/aRlIHL/juOXMiQCs/wTWM3wgb4YGBkF7/sptqU/r4k
nazUd/paACrhviR+BP5qSH+bfpyYjGhmjeAiMieLk7E1B28rRQC1LU3fFYcvR38G
9VWUTQilqFQcqAR3swIDCgCx
-----END PUBLIC KEY-----
"""
# 载入公钥并加密
def load_public_key(message, key):
public_key = serialization.load_pem_public_key(
data=key.encode(),
# data=get_public_key().encode(),
backend=default_backend()
)
plaintext = public_key.encrypt(
message,
padding.OAEP( # 有疑问,不知道为啥填充还要有hash算法对原文hash,那这样不是解不了么
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
# padding.PKCS1v15() # 也可以用这个 和解密保持一致
)
return base64.b64encode(plaintext)
# 载入私钥并解密码
def load_private_key(ciphertext, key):
ciphertext = base64.b64decode(ciphertext)
private_key = serialization.load_pem_private_key(
data=key.encode(),
# data=get_private_key().encode(),
password=None,
backend=default_backend()
)
plaintext = private_key.decrypt(
ciphertext,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
# padding.PKCS1v15() # 也可以用这个 和加密保持一致
)
return plaintext
"""
注:
私钥签名过程:
1、hash算法对原文进行摘要
2、对上面的摘要用私钥进行加密得到一个签名
3、原文和签名一起发送给接收方
公钥验签过程:
1、用公钥对签名进行解密得到摘要1
2、hash算法对原文进行摘要得到摘要2
3、对比摘要2和摘要1是否一致
"""
# 载入私钥并用签名
def load_private_key_sign(message):
message = message.encode()
private_key = serialization.load_pem_private_key(
data=get_private_key().encode(),
password=None,
backend=default_backend()
)
signature = private_key.sign(
message,
# padding.PKCS1v15(), # # 也可以用这个
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
# 这里面不用base64编码也可以,只是如果直接转换成字符串很有可能乱码
return base64.b64encode(signature)
# 载入公钥并验签
def load_public_key_verify(signature, message):
message = message.encode()
signature = base64.b64decode(signature) # 上面用了base64编码,这里面就要解码
public_key = serialization.load_pem_public_key(
data=get_public_key().encode(),
backend=default_backend()
)
verify_flag = public_key.verify(
signature,
message,
# padding.PKCS1v15(), # 也可以用这个
padding.PSS(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return verify_flag
# 加密、解密测试
res = generate_keys()
# print(res[0].decode())
# print(res[1].decode())
ciphertext = load_public_key("123456".encode(), res[1].decode())
src_text = load_private_key(ciphertext, res[0].decode())
print(src_text.decode())
# 签名、验签测试
sign = load_private_key_sign("xion")
print(sign)
print(load_public_key_verify(sign, "xion"))