cryptography工具包

  1. from cryptography.hazmat.primitives.asymmetric import rsa, padding
  2. from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
  3. from cryptography.hazmat.backends import default_backend
  4. from cryptography.hazmat.primitives import serialization, hashes
  5. from cryptography.hazmat.primitives.serialization import Encoding, PrivateFormat, NoEncryption, PublicFormat
  6. import base64
  8. # 生成公钥和私钥
  9. def generate_keys():
  10.     private_key = rsa.generate_private_key(
  11.         public_exponent=655537,
  12.         key_size=1024,
  13.         backend=default_backend()
  14.     )
  15.     serialized_private_key = private_key.private_bytes(
  16.         Encoding.PEM,
  17.         PrivateFormat.PKCS8,
  18.         NoEncryption()
  19.     )
  20.     public_key = private_key.public_key()
  21.     serialized_public_key = public_key.public_bytes(
  22.         Encoding.PEM,
  23.         PublicFormat.SubjectPublicKeyInfo
  24.     )
  25.     print(private_key, public_key)
  26.     return serialized_private_key, serialized_public_key
  29. def get_private_key():
  30.     return """
  31. -----BEGIN PRIVATE KEY-----
  32. MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAM1vDAM29PvzQ76I
  33. BBSSeC6+9cb6hC29wSkkIv0widZCxjXv9pGUgcv+O45cyJAKz/BNYzfCBvhgYGQX
  34. v+ym2pT+viSdrNR3+loAKuG+JH4E/mpIf5t+nJiMaGaN4CIyJ4uTsTUHbytFALUt
  35. Td8Vhy9Hfwb1VZRNCKWoVByoBHezAgMKALECf2jve5Rl61MpCxNIqY+WaLTYQ9L5
  36. 6UGLHvlhBXgV/04fN1CiVMHsEeVj79HbZZsSTXpsLQPGxlFknWSorMyRG6Uy3hhp
  37. nvWSvtrQrbuZIgDUjMfLXncRHj8NMF8CFa4oNDSOSbkOBN7DRKYsfa2svZoeRWvf
  38. 7sEMfEzIgIFpk1ECQQDzjBgbHnipALjsHLcNje45KWSdLUejEteCjkL+qZtUodsT
  39. 53Bud9HsVPzBj4FTjfMsI468BNF1AFrXOct3eMihAkEA1/ARROMt4rHMgaSOGE/s
  40. zJnEDG51uGfWF6dJCNhWm94vAFUySz0ksvSgHLY8KgAxF8gQvQ0qduQoBez47Po7
  41. 0wJBALCggjzdavd8suzRyupN3ckVl4f2iMpsAoP/cJpk2GTnbSTKAON+SyCPiVHi
  42. 0s5+xv50QxdrUXUoarQXI0Rk93ECQG3omUD3iKNulAbC5UUQDP748tGnjxKo+Mv6
  43. 9u/3upNYa1V7dwY26DVoChsU4WoVhefz62kHnKUo15RNXhaqovMCQAxh/ctJ/oU4
  44. +h434f/NrDVRYYhwvxS9+8bTAbe9J7vbn20NrRYvW/A9YLADkANaxXtdC2hEwKpm
  45. m9+AhWGzmr0=
  46. -----END PRIVATE KEY-----
  47. """
  49. def get_public_key():
  50.     return """"
  51. -----BEGIN PUBLIC KEY-----
  52. MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNbwwDNvT780O+iAQUknguvvXG
  53. +oQtvcEpJCL9MInWQsY17/aRlIHL/juOXMiQCs/wTWM3wgb4YGBkF7/sptqU/r4k
  54. nazUd/paACrhviR+BP5qSH+bfpyYjGhmjeAiMieLk7E1B28rRQC1LU3fFYcvR38G
  55. 9VWUTQilqFQcqAR3swIDCgCx
  56. -----END PUBLIC KEY-----
  57. """
  59. # 载入公钥并加密
  60. def load_public_key(message, key):
  61.     public_key = serialization.load_pem_public_key(
  62.         data=key.encode(),
  63.         # data=get_public_key().encode(),
  64.         backend=default_backend()
  65.     )
  66.     plaintext = public_key.encrypt(
  67.         message,
  68.         padding.OAEP(  # 有疑问,不知道为啥填充还要有hash算法对原文hash,那这样不是解不了么
  69.             mgf=padding.MGF1(algorithm=hashes.SHA1()),
  70.             algorithm=hashes.SHA1(),
  71.             label=None
  72.         )
  73.         # padding.PKCS1v15()  #   也可以用这个 和解密保持一致
  74.     )
  75.     return base64.b64encode(plaintext)
  78. # 载入私钥并解密码
  79. def load_private_key(ciphertext, key):
  80.     ciphertext = base64.b64decode(ciphertext)
  81.     private_key = serialization.load_pem_private_key(
  82.         data=key.encode(),
  83.         # data=get_private_key().encode(),
  84.         password=None,
  85.         backend=default_backend()
  86.     )
  87.     plaintext = private_key.decrypt(
  88.         ciphertext,
  89.         padding.OAEP(     
  90.             mgf=padding.MGF1(algorithm=hashes.SHA1()),
  91.             algorithm=hashes.SHA1(),
  92.             label=None
  93.         )
  94.         # padding.PKCS1v15()  #   也可以用这个 和加密保持一致
  95.     )
  96.     return plaintext
  99. """
  100.     注: 
  101.     私钥签名过程:
  102.         1、hash算法对原文进行摘要
  103.         2、对上面的摘要用私钥进行加密得到一个签名
  104.         3、原文和签名一起发送给接收方
  105.     公钥验签过程:
  106.         1、用公钥对签名进行解密得到摘要1
  107.         2、hash算法对原文进行摘要得到摘要2
  108.         3、对比摘要2和摘要1是否一致
  109. """
  111. # 载入私钥并用签名
  112. def load_private_key_sign(message):
  113.     message = message.encode()
  114.     private_key = serialization.load_pem_private_key(
  115.         data=get_private_key().encode(),
  116.         password=None,
  117.         backend=default_backend()
  118.     )
  119.     signature = private_key.sign(
  120.         message,
  121.         # padding.PKCS1v15(),  # # 也可以用这个
  122.         padding.PSS(
  123.             mgf=padding.MGF1(algorithm=hashes.SHA1()),
  124.             salt_length=padding.PSS.MAX_LENGTH
  125.         ),
  126.         hashes.SHA256()
  127.     )
  128.     # 这里面不用base64编码也可以,只是如果直接转换成字符串很有可能乱码
  129.     return base64.b64encode(signature)   
  131. # 载入公钥并验签
  132. def load_public_key_verify(signature, message):
  133.     message = message.encode()
  134.     signature = base64.b64decode(signature)  # 上面用了base64编码,这里面就要解码
  135.     public_key = serialization.load_pem_public_key(
  136.         data=get_public_key().encode(),
  137.         backend=default_backend()
  138.     )
  139.     verify_flag = public_key.verify(
  140.         signature,
  141.         message,
  142.         # padding.PKCS1v15(),    # 也可以用这个
  143.         padding.PSS(
  144.             mgf=padding.MGF1(algorithm=hashes.SHA1()),
  145.             salt_length=padding.PSS.MAX_LENGTH
  146.         ),
  147.         hashes.SHA256()
  148.     )
  149.     return verify_flag
  151. # 加密、解密测试
  152. res = generate_keys()
  153. # print(res[0].decode())
  154. # print(res[1].decode())
  155. ciphertext = load_public_key("123456".encode(), res[1].decode())
  156. src_text = load_private_key(ciphertext, res[0].decode())
  157. print(src_text.decode())
  159. # 签名、验签测试
  160. sign = load_private_key_sign("xion")
  161. print(sign)
  162. print(load_public_key_verify(sign, "xion"))