https://pypi.org/project/pycryptodomex/ 安装目录为:Cryptodome https://pypi.org/project/pycryptodome/ 安装目录为:Crypto,同pycrypto模块一样,因此建议安装pycryptodomex

**_python3 -m pip install pycryptodomex_**

一 传统模式

1 ECB MODE

https://www.pycryptodome.org/en/latest/src/cipher/classic.html#ecb-mode-1

  • Electronic Codebook Book, 电码本模式
  • 数据加密前需要pad, 默认为pkcs7, 将数据补全为block_size的整数倍

Python

  1. import json
  2. import base64
  4. from Cryptodome.Cipher import AES
  5. from Cryptodome.Util import Padding
  8. # key = AES.get_random_bytes(16) 
  9. key = ('A' * 16).encode()  # 16 bytes, 即为AES-128  (16 * 8 bits)
  11. data = json.dumps(dict(name='zoro', age=18)).encode()
  12. pad_data = Padding.pad(data, AES.block_size)
  14. mode = AES.MODE_ECB   # AES-128-ECB
  16. cipher = AES.new(key, mode)
  18. cy_bytes = cipher.encrypt(pad_data)
  20. ct = base64.b64encode(cy_bytes).decode()
  22. print('KEY:', key.decode())
  23. print('ECB base64:', ct)
  25. cipher = AES.new(key, mode)
  26. dec_message = cipher.decrypt(base64.b64decode(ct))
  27. pt = json.loads(Padding.unpad(dec_message, AES.block_size).decode())
  28. print('Parsed:', pt)
  31. '''输出
  32. KEY: AAAAAAAAAAAAAAAA
  33. ECB base64: BkA+I8H+dwwcUCdis5EGYcGnm9eHpqz6zEc3Qa71U5Y=
  34. Parsed: {'name': 'zoro', 'age': 18}
  35. '''

JavaScript

  1. var key = 'AAAAAAAAAAAAAAAA' // 不能直接使用原始的KEY,需要用Utf8解码
  3. var key = CryptoJS.enc.Utf8.parse('AAAAAAAAAAAAAAAA');
  5. var encrypted = 'BkA+I8H+dwwcUCdis5EGYcGnm9eHpqz6zEc3Qa71U5Y=';
  7. var pt = CryptoJS.AES.decrypt(encrypted, key, {
  8.   mode: CryptoJS.mode.ECB,
  9. }).toString(CryptoJS.enc.Utf8);
  11. console.log(JSON.parse(pt));
  12. // {name: 'zoro', age: 18}

2 CBC MODE

https://www.pycryptodome.org/en/latest/src/cipher/classic.html#cbc-mode-1

  • Cipher Block Chaining, 密码分组链接模式
  • 数据加密前需要pad
  • 数据加密时,可指定IV,默认会自动生成随机IV
  • 解密时需要KEY + IV

Python

  1. import json
  2. import base64
  4. from Cryptodome.Cipher import AES
  5. from Cryptodome.Util import Padding
  8. key = ('A' * 16).encode()
  10. data = json.dumps(dict(name='zoro', age=18)).encode()
  11. pad_data = Padding.pad(data, AES.block_size)
  13. mode = AES.MODE_CBC
  15. cipher = AES.new(key, mode)
  16. iv = cipher.iv
  18. cy_bytes = cipher.encrypt(pad_data)
  20. ct = base64.b64encode(cy_bytes).decode()
  22. print('KEY:', key.decode())
  23. print('CBC base64:', ct)
  25. cipher = AES.new(key, mode, iv=iv)
  26. dec_message = cipher.decrypt(base64.b64decode(ct))
  27. pt = json.loads(Padding.unpad(dec_message, AES.block_size).decode())
  28. print('Parsed:', pt)
  31. '''输出
  32. KEY: AAAAAAAAAAAAAAAA
  33. IV: diU6MY0+Y7+LH6asCIvrhQ==
  34. CBC base64: avCVt0G9tp4RC2bSAUrofV2DQU4Jggbgd7nMLG3im0E=
  35. Parsed: {'name': 'zoro', 'age': 18}
  36. '''
  38. # 固定IV
  39. iv = ('B' * 16).encode()     # 16 bytes
  40. cipher = AES.new(key, mode, iv=iv)
  41. cy_bytes = cipher.encrypt(pad_data)
  42. ct = base64.b64encode(cy_bytes).decode()
  44. cipher = AES.new(key, mode, iv=iv)
  45. dec_message = cipher.decrypt(base64.b64decode(ct))
  46. pt = json.loads(Padding.unpad(dec_message, AES.block_size).decode())
  48. '''输出
  49. KEY: AAAAAAAAAAAAAAAA
  50. IV: QkJCQkJCQkJCQkJCQkJCQg==
  51. CBC base64: QrG4mKyOKq3fBtDNWUE9CwCNjgDmz7YtDULyWnrW4cs=
  52. Parsed: {'name': 'zoro', 'age': 18}
  53. '''

JavaScript

  1. var key = CryptoJS.enc.Utf8.parse('AAAAAAAAAAAAAAAA');
  3. var iv = CryptoJS.enc.Base64.parse('QkJCQkJCQkJCQkJCQkJCQg==');
  4. // or: var iv = CryptoJS.enc.Utf8.parse('BBBBBBBBBBBBBBBB');
  6. var encrypted = 'QrG4mKyOKq3fBtDNWUE9CwCNjgDmz7YtDULyWnrW4cs=';
  8. CryptoJS.AES.decrypt(encrypted, key, {
  9.   mode: CryptoJS.mode.CBC,
  10.   iv: iv,
  11. }).toString(CryptoJS.enc.Utf8);
  12. // '{"name": "zoro", "age": 18}'

3 CTR MODE

https://www.pycryptodome.org/en/latest/src/cipher/classic.html#ctr-mode-1

  • Counter, 计算器模式
  • 数据加密前无需pad
  • 数据加密时,可指定nonce,默认会自动生成随机nonce,最大长度为15 (block_size-1 ?)
  • 解密时需要KEY + nonce
  1. import json
  2. import base64
  3. from Cryptodome.Cipher import AES
  5. key = ('A' * 24).encode()
  6. nonce = ('B' * 15).encode()
  8. data = json.dumps(dict(name='zoro', age=18)).encode()
  10. mode = AES.MODE_CTR
  12. cipher = AES.new(key, mode, nonce=nonce)
  14. cy_bytes = cipher.encrypt(data)
  16. ct = base64.b64encode(cy_bytes).decode()
  18. print('KEY:', key.decode())
  19. print('nonce:', nonce.decode())
  20. print('CTR base64:', ct)
  22. cipher = AES.new(key, mode, nonce=nonce)
  23. dec_message = cipher.decrypt(base64.b64decode(ct))
  24. pt = json.loads(dec_message.decode())
  25. print('Parsed:', pt)
  27. '''输出
  28. KEY: AAAAAAAAAAAAAAAAAAAAAAAA
  29. nonce: BBBBBBBBBBBBBBB
  30. CTR base64: 2sC9xBr1Uk/qo7rkurfP9GfSZMkx6UVOZaC6
  31. Parsed: {'name': 'zoro', 'age': 18}
  32. '''

4 CFB MODE

https://www.pycryptodome.org/en/latest/src/cipher/classic.html#cfb-mode-1

  • Cipher FeedBack, 密码反馈模式
  • 数据加密前无需pad
  • 数据加密时,可指定IV,默认会自动生成随机IV
  • 解密时需要KEY + IV

Python

  1. import json
  2. import base64
  3. from Cryptodome.Cipher import AES
  5. key = ('A' * 16).encode()
  6. iv = ('B' * 16).encode()
  8. data = json.dumps(dict(name='zoro', age=18)).encode()
  10. mode = AES.MODE_CFB
  12. cipher = AES.new(key, mode, iv=iv)
  14. cy_bytes = cipher.encrypt(data)
  16. ct = base64.b64encode(cy_bytes).decode()
  18. print('KEY:', key.decode())
  19. print('IV:', iv.decode())
  20. print('CFB base64:', ct)
  22. cipher = AES.new(key, mode, iv=iv)
  23. dec_message = cipher.decrypt(base64.b64decode(ct))
  24. pt = json.loads(dec_message.decode())
  25. print('Parsed:', pt)
  27. '''输出
  28. KEY: AAAAAAAAAAAAAAAA
  29. IV: BBBBBBBBBBBBBBBB
  30. CFB base64: ShJ+eeRSprU2s/ekM2ht4k9EBuvuUn1usyCH
  31. Parsed: {'name': 'zoro', 'age': 18}
  32. '''

JavaScript

  1. var key = CryptoJS.enc.Utf8.parse('AAAAAAAAAAAAAAAA');
  3. var iv = CryptoJS.enc.Utf8.parse('BBBBBBBBBBBBBBBB');
  5. var encrypted = 'ShJ+eeRSprU2s/ekM2ht4k9EBuvuUn1usyCH';
  7. CryptoJS.AES.decrypt(encrypted, key, {
  8.   mode: CryptoJS.mode.CFB,
  9.   iv: iv,
  10. }).toString(CryptoJS.enc.Utf8);
  11. // '{"name": "zoro", "age": 18}'

5 OFB MODE

https://www.pycryptodome.org/en/latest/src/cipher/classic.html#ofb-mode-1

  • Output FeedBack, 输出反馈模式
  • 数据加密前无需pad
  • 数据加密时,可指定IV,默认会自动生成随机IV
  • 解密时需要KEY + IV
  1. import json
  2. import base64
  4. from Cryptodome.Cipher import AES
  5. from Cryptodome.Util import Padding
  8. key = ('A' * 16).encode()
  9. iv = ('B' * 16).encode()
  11. data = json.dumps(dict(name='zoro', age=18)).encode()
  13. mode = AES.MODE_OFB
  15. cipher = AES.new(key, mode, iv=iv)
  17. cy_bytes = cipher.encrypt(data)
  19. ct = base64.b64encode(cy_bytes).decode()
  21. print('KEY:', key.decode())
  22. print('IV:', iv.decode())
  23. print('OFB base64:', ct)
  25. cipher = AES.new(key, mode, iv=iv)
  26. dec_message = cipher.decrypt(base64.b64decode(ct))
  27. pt = json.loads(dec_message.decode())
  28. print('Parsed:', pt)
  30. '''输出
  31. KEY: AAAAAAAAAAAAAAAA
  32. IV: BBBBBBBBBBBBBBBB
  33. OFB base64: SsFUDz81sqBec/aIH0O9VeN6PUzGnzBnkTjX
  34. Parsed: {'name': 'zoro', 'age': 18}
  35. '''

二 现代化模式

1 CCM MODE

https://www.pycryptodome.org/en/latest/src/cipher/modern.html#ccm-mode-1

  • Counter with CBC-MAC,
  • 数据加密前无需pad
  • 数据加密时,可指定nonce,默认会自动生成随机nonce, nonce长度任意,推荐12
  • 解密时需要 key + nonce
  1. import json
  2. import base64
  3. from Cryptodome.Cipher import AES
  6. key = ('A' * 16).encode()
  7. nonce = ('B' * 12).encode()
  9. data = json.dumps(dict(name='zoro', age=18)).encode()
  11. mode = AES.MODE_CCM
  13. cipher = AES.new(key, mode, nonce=nonce)
  15. cy_bytes = cipher.encrypt(data)
  17. ct = base64.b64encode(cy_bytes).decode()
  19. print('KEY:', key.decode())
  20. print('nonce:', nonce.decode())
  21. print('CCM base64:', ct)
  23. cipher = AES.new(key, mode, nonce=nonce)
  24. dec_message = cipher.decrypt(base64.b64decode(ct))
  25. pt = json.loads(dec_message.decode())
  26. print('Parsed:', pt)
  28. '''输出
  29. KEY: AAAAAAAAAAAAAAAA
  30. nonce: BBBBBBBBBBBB
  31. CCM base64: QLkTB74YqRW4cjEqYKq1oUnyUnOR65LNqc4r
  32. Parsed: {'name': 'zoro', 'age': 18}
  33. '''

2 EAX MODE

https://www.pycryptodome.org/en/latest/src/cipher/modern.html#eax-mode-1

  • key + nonce
  1. import json
  2. import base64
  3. from Cryptodome.Cipher import AES
  6. key = ('A' * 16).encode()
  7. nonce = ('B' * 12).encode()
  9. data = json.dumps(dict(name='zoro', age=18)).encode()
  11. mode = AES.MODE_EAX
  13. cipher = AES.new(key, mode, nonce=nonce)
  15. cy_bytes = cipher.encrypt(data)
  17. ct = base64.b64encode(cy_bytes).decode()
  19. print('KEY:', key.decode())
  20. print('nonce:', nonce.decode())
  21. print('EAX base64:', ct)
  23. cipher = AES.new(key, mode, nonce=nonce)
  24. dec_message = cipher.decrypt(base64.b64decode(ct))
  25. pt = json.loads(dec_message.decode())
  26. print('Parsed:', pt)
  28. '''输出
  29. KEY: AAAAAAAAAAAAAAAA
  30. nonce: BBBBBBBBBBBB
  31. EAX base64: 6exKCce+QEjnZZ4uD1GJoRv24cKNSZX/Bd/c
  32. Parsed: {'name': 'zoro', 'age': 18}
  33. '''

3 GCM MODE

https://www.pycryptodome.org/en/latest/src/cipher/modern.html?highlight=GCM#ccm-mode-1

  • Galois/Counter Mode, 伽罗瓦/计数器模式
  • key + nonce
  1. import json
  2. import base64
  3. from Cryptodome.Cipher import AES
  6. key = ('A' * 16).encode()
  7. nonce = ('B' * 16).encode()
  9. data = json.dumps(dict(name='zoro', age=18)).encode()
  11. mode = AES.MODE_GCM
  13. cipher = AES.new(key, mode, nonce=nonce)
  15. cy_bytes = cipher.encrypt(data)
  17. ct = base64.b64encode(cy_bytes).decode()
  19. print('KEY:', key.decode())
  20. print('nonce:', nonce.decode())
  21. print('GCM base64:', ct)
  23. cipher = AES.new(key, mode, nonce=nonce)
  24. dec_message = cipher.decrypt(base64.b64decode(ct))
  25. pt = json.loads(dec_message.decode())
  26. print('Parsed:', pt)
  28. '''输出
  29. KEY: AAAAAAAAAAAAAAAA
  30. nonce: BBBBBBBBBBBBBBBB
  31. GCM base64: 6L6INq3hBjFmuazE/AxDygdKoCf0/Xs1MCr6
  32. Parsed: {'name': 'zoro', 'age': 18}
  33. '''

4 SIV MODE

https://www.pycryptodome.org/en/latest/src/cipher/modern.html#siv-mode-1

  • Synthetic Initialization Vector
  • key + nonce + tag
  • key: 32 bytes
  1. import json
  2. import base64
  3. from Cryptodome.Cipher import AES
  6. key = ('A' * 16 * 2).encode()
  7. nonce = ('B' * 16).encode()
  9. data = json.dumps(dict(name='zoro', age=18)).encode()
  11. mode = AES.MODE_SIV
  13. cipher = AES.new(key, mode, nonce=nonce)
  15. cy_bytes, tag = cipher.encrypt_and_digest(data)
  17. ct = base64.b64encode(cy_bytes).decode()
  19. print('KEY:', key.decode())
  20. print('nonce:', nonce.decode())
  21. print('tag:', tag)
  22. print('SIV base64:', ct)
  24. cipher = AES.new(key, mode, nonce=nonce)
  25. dec_message = cipher.decrypt_and_verify(base64.b64decode(ct), tag)
  26. pt = json.loads(dec_message.decode())
  27. print('Parsed:', pt)
  29. '''输出
  30. KEY: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  31. nonce: BBBBBBBBBBBBBBBB
  32. tag: b'\xd8>\xd6\x81*\xce\xa0k\x19\x05\xf7\x82\r{\xa1\x11'
  33. SIV base64: jkdH0qf9Fy5KlymtehsLHGiQmX4rettnk16v
  34. Parsed: {'name': 'zoro', 'age': 18}
  35. '''

5 OCB MODE

https://www.pycryptodome.org/en/latest/src/cipher/modern.html#ocb-mode-1

  • Offset CodeBook
  • key + nonce + tag
  • tag: <=15 bytes
  1. import json
  2. import base64
  3. from Cryptodome.Cipher import AES
  6. key = ('A' * 16).encode()
  7. nonce = ('B' * 15).encode()
  9. data = json.dumps(dict(name='zoro', age=18)).encode()
  11. mode = AES.MODE_OCB
  13. cipher = AES.new(key, mode, nonce=nonce)
  15. cy_bytes, tag = cipher.encrypt_and_digest(data)
  17. ct = base64.b64encode(cy_bytes).decode()
  19. print('KEY:', key.decode())
  20. print('nonce:', nonce.decode())
  21. print('tag:', tag)
  22. print('OCB base64:', ct)
  24. cipher = AES.new(key, mode, nonce=nonce)
  25. dec_message = cipher.decrypt_and_verify(base64.b64decode(ct), tag)
  26. pt = json.loads(dec_message.decode())
  27. print('Parsed:', pt)
  29. '''输出
  30. KEY: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  31. nonce: BBBBBBBBBBBBBBB
  32. tag: b'\x13\x00g\xcc\xbb\x8aX{\xed\xe8\xf8\xd4h\xfa\x0f\xa1'
  33. OCB base64: znbNBeF5YVgihsx1S+IRP4d4cZiJK1PunOcf
  34. Parsed: {'name': 'zoro', 'age': 18}
  35. '''

总结

模式 加密 解密
ECB KEY + PAD UNPAD + KEY
CBC KEY + PAD [ + IV ] UNPAD + KEY + IV
CTR KEY [ + nonce ] KEY + nonce
CFB KEY [ + IV ] KEY + IV
OFB KEY [ + IV ] KEY + IV
CCM KEY [ + nonce ] KEY + nonce
EAX KEY [ + nonce ] KEY + nonce
GCM KEY [ + nonce ] KEY + nonce
SIV KEY [ + nonce ] KEY + nonce + tag
OCB KEY [ + nonce ] KEY + nonce + tag