Python 加密&;使用PyCrypto AES 256解密
我正在尝试使用PyCrypto构建两个函数,它们接受两个参数:消息和密钥,然后对消息进行加密/解密 我在网上找到了几个帮助我解决问题的链接,但每个链接都有缺陷: 使用os.Uradom,PyCrypto不鼓励使用它 此外,我给函数的键不能保证具有预期的精确长度。我能做些什么来实现这一点 此外,还有几种模式,建议使用哪种模式?我不知道该用什么:/ 最后,什么是静脉注射?我可以为加密和解密提供一个不同的IV吗,或者这将以不同的结果返回Python 加密&;使用PyCrypto AES 256解密,python,encryption,padding,pycrypto,initialization-vector,Python,Encryption,Padding,Pycrypto,Initialization Vector,我正在尝试使用PyCrypto构建两个函数,它们接受两个参数:消息和密钥,然后对消息进行加密/解密 我在网上找到了几个帮助我解决问题的链接,但每个链接都有缺陷: 使用os.Uradom,PyCrypto不鼓励使用它 此外,我给函数的键不能保证具有预期的精确长度。我能做些什么来实现这一点 此外,还有几种模式,建议使用哪种模式?我不知道该用什么:/ 最后,什么是静脉注射?我可以为加密和解密提供一个不同的IV吗,或者这将以不同的结果返回 编辑:删除了不安全的代码部分。您可以使用加密哈希函数(而不是Py
编辑:删除了不安全的代码部分。您可以使用加密哈希函数(而不是Python的内置哈希函数,如SHA-1或SHA-256)从任意密码中获取密码短语。Python在其标准库中包括对以下两个方面的支持:
import hashlib
hashlib.sha1("this is my awesome password").digest() # => a 20 byte string
hashlib.sha256("another awesome password").digest() # => a 32 byte string
只需使用
[:16]
或[:24]
即可截断加密哈希值,它将在您指定的长度内保持其安全性。您可能需要以下两个函数:pad
-到pad(加密时)和unpad
-到unpad(解密时)当输入长度不是块大小的倍数时
BS = 16
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
unpad = lambda s : s[:-ord(s[len(s)-1:])]
你问的是钥匙的长度?您可以使用键的md5sum,而不是直接使用它
此外,根据我使用PyCrypto的一点经验,当输入相同时,IV用于混合加密的输出,因此选择IV作为随机字符串,并将其用作加密输出的一部分,然后使用它解密消息
以下是我的实现,希望对您有用:
import base64
from Crypto.Cipher import AES
from Crypto import Random
class AESCipher:
def __init__( self, key ):
self.key = key
def encrypt( self, raw ):
raw = pad(raw)
iv = Random.new().read( AES.block_size )
cipher = AES.new( self.key, AES.MODE_CBC, iv )
return base64.b64encode( iv + cipher.encrypt( raw ) )
def decrypt( self, enc ):
enc = base64.b64decode(enc)
iv = enc[:16]
cipher = AES.new(self.key, AES.MODE_CBC, iv )
return unpad(cipher.decrypt( enc[16:] ))
为了其他人的利益,这里是我通过结合@Cyril和@Marcus的答案得到的解密实现。这假设这是通过HTTP请求传入的,带有带引号的encryptedText和base64编码
import base64
import urllib2
from Crypto.Cipher import AES
def decrypt(quotedEncodedEncrypted):
key = 'SecretKey'
encodedEncrypted = urllib2.unquote(quotedEncodedEncrypted)
cipher = AES.new(key)
decrypted = cipher.decrypt(base64.b64decode(encodedEncrypted))[:16]
for i in range(1, len(base64.b64decode(encodedEncrypted))/16):
cipher = AES.new(key, AES.MODE_CBC, base64.b64decode(encodedEncrypted)[(i-1)*16:i*16])
decrypted += cipher.decrypt(base64.b64decode(encodedEncrypted)[i*16:])[:16]
return decrypted.strip()
这是我的实现,它为我提供了一些修复,并增强了密钥和密码短语与32字节和iv到16字节的对齐:
import base64
import hashlib
from Crypto import Random
from Crypto.Cipher import AES
class AESCipher(object):
def __init__(self, key):
self.bs = AES.block_size
self.key = hashlib.sha256(key.encode()).digest()
def encrypt(self, raw):
raw = self._pad(raw)
iv = Random.new().read(AES.block_size)
cipher = AES.new(self.key, AES.MODE_CBC, iv)
return base64.b64encode(iv + cipher.encrypt(raw.encode()))
def decrypt(self, enc):
enc = base64.b64decode(enc)
iv = enc[:AES.block_size]
cipher = AES.new(self.key, AES.MODE_CBC, iv)
return self._unpad(cipher.decrypt(enc[AES.block_size:])).decode('utf-8')
def _pad(self, s):
return s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs)
@staticmethod
def _unpad(s):
return s[:-ord(s[len(s)-1:])]
对于希望使用urlsafe_b64encode和urlsafe_b64decode的人,以下是我的工作版本(在花了一些时间处理unicode问题之后)
虽然有点晚了,但我认为这会很有帮助。没有人提到像PKCS#7填充这样的使用方案。您可以使用它来代替前面的函数pad(加密时)和unpad(解密时)
import base64
import hashlib
from Crypto import Random
from Crypto.Cipher import AES
import pkcs7
class Encryption:
def __init__(self):
pass
def Encrypt(self, PlainText, SecurePassword):
pw_encode = SecurePassword.encode('utf-8')
text_encode = PlainText.encode('utf-8')
key = hashlib.sha256(pw_encode).digest()
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CBC, iv)
pad_text = pkcs7.encode(text_encode)
msg = iv + cipher.encrypt(pad_text)
EncodeMsg = base64.b64encode(msg)
return EncodeMsg
def Decrypt(self, Encrypted, SecurePassword):
decodbase64 = base64.b64decode(Encrypted.decode("utf-8"))
pw_encode = SecurePassword.decode('utf-8')
iv = decodbase64[:AES.block_size]
key = hashlib.sha256(pw_encode).digest()
cipher = AES.new(key, AES.MODE_CBC, iv)
msg = cipher.decrypt(decodbase64[AES.block_size:])
pad_text = pkcs7.decode(msg)
decryptedString = pad_text.decode('utf-8')
return decryptedString
这是另一种观点(主要源自上述解决方案),但
- 使用null作为填充
- 不使用lambda(从未使用过风扇)
- 使用python 2.7和3.6.5进行测试
#!/usr/bin/python2.7 # you'll have to adjust for your setup, e.g., #!/usr/bin/python3 import base64, re from Crypto.Cipher import AES from Crypto import Random from django.conf import settings class AESCipher: """ Usage: aes = AESCipher( settings.SECRET_KEY[:16], 32) encryp_msg = aes.encrypt( 'ppppppppppppppppppppppppppppppppppppppppppppppppppppppp' ) msg = aes.decrypt( encryp_msg ) print("'{}'".format(msg)) """ def __init__(self, key, blk_sz): self.key = key self.blk_sz = blk_sz def encrypt( self, raw ): if raw is None or len(raw) == 0: raise NameError("No value given to encrypt") raw = raw + '\0' * (self.blk_sz - len(raw) % self.blk_sz) raw = raw.encode('utf-8') iv = Random.new().read( AES.block_size ) cipher = AES.new( self.key.encode('utf-8'), AES.MODE_CBC, iv ) return base64.b64encode( iv + cipher.encrypt( raw ) ).decode('utf-8') def decrypt( self, enc ): if enc is None or len(enc) == 0: raise NameError("No value given to decrypt") enc = base64.b64decode(enc) iv = enc[:16] cipher = AES.new(self.key.encode('utf-8'), AES.MODE_CBC, iv ) return re.sub(b'\x00*$', b'', cipher.decrypt( enc[16:])).decode('utf-8')
from Crypto.Cipher import AES
from Crypto.Util import Counter
from Crypto import Random
# AES supports multiple key sizes: 16 (AES128), 24 (AES192), or 32 (AES256).
key_bytes = 32
# Takes as input a 32-byte key and an arbitrary-length plaintext and returns a
# pair (iv, ciphtertext). "iv" stands for initialization vector.
def encrypt(key, plaintext):
assert len(key) == key_bytes
# Choose a random, 16-byte IV.
iv = Random.new().read(AES.block_size)
# Convert the IV to a Python integer.
iv_int = int(binascii.hexlify(iv), 16)
# Create a new Counter object with IV = iv_int.
ctr = Counter.new(AES.block_size * 8, initial_value=iv_int)
# Create AES-CTR cipher.
aes = AES.new(key, AES.MODE_CTR, counter=ctr)
# Encrypt and return IV and ciphertext.
ciphertext = aes.encrypt(plaintext)
return (iv, ciphertext)
# Takes as input a 32-byte key, a 16-byte IV, and a ciphertext, and outputs the
# corresponding plaintext.
def decrypt(key, iv, ciphertext):
assert len(key) == key_bytes
# Initialize counter for decryption. iv should be the same as the output of
# encrypt().
iv_int = int(iv.encode('hex'), 16)
ctr = Counter.new(AES.block_size * 8, initial_value=iv_int)
# Create AES-CTR cipher.
aes = AES.new(key, AES.MODE_CTR, counter=ctr)
# Decrypt and return the plaintext.
plaintext = aes.decrypt(ciphertext)
return plaintext
(iv, ciphertext) = encrypt(key, 'hella')
print decrypt(key, iv, ciphertext)
这通常被称为AES-CTR我建议将AES-CBC与PyCrypto一起使用时要小心。原因是它要求您指定填充方案,如给出的其他解决方案所示。一般来说,如果你对填充不太小心,有完全破坏加密的强>
现在,需要注意的是,密钥必须是一个随机的32字节字符串;密码不够用。通常,密钥的生成方式如下:
# Nominal way to generate a fresh key. This calls the system's random number
# generator (RNG).
key1 = Random.new().read(key_bytes)
密钥也可以从密码派生而来:
# It's also possible to derive a key from a password, but it's important that
# the password have high entropy, meaning difficult to predict.
password = "This is a rather weak password."
# For added # security, we add a "salt", which increases the entropy.
#
# In this example, we use the same RNG to produce the salt that we used to
# produce key1.
salt_bytes = 8
salt = Random.new().read(salt_bytes)
# Stands for "Password-based key derivation function 2"
key2 = PBKDF2(password, salt, key_bytes)
上面的一些解决方案建议使用SHA256来派生密钥,但通常会考虑这一点。
查看更多关于操作模式的信息。感谢其他的答案,这些答案启发了我,但对我来说并不奏效
在花了几个小时试图弄清楚它是如何工作的之后,我用最新的PyCryptodomex库想出了下面的实现(这是另一个故事,我是如何在代理之后,在Windows上,在virtualenv..phew中设置它的)
在您的实现上工作的,记住写下填充、编码、,加密步骤(反之亦然)。你必须记住顺序来包装和解包 import base64 import hashlib from Cryptodome.Cipher import AES from Cryptodome.Random import get_random_bytes __key__ = hashlib.sha256(b'16-character key').digest() def encrypt(raw): BS = AES.block_size pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS) raw = base64.b64encode(pad(raw).encode('utf8')) iv = get_random_bytes(AES.block_size) cipher = AES.new(key= __key__, mode= AES.MODE_CFB,iv= iv) return base64.b64encode(iv + cipher.encrypt(raw)) def decrypt(enc): unpad = lambda s: s[:-ord(s[-1:])] enc = base64.b64decode(enc) iv = enc[:AES.block_size] cipher = AES.new(__key__, AES.MODE_CFB, iv) return unpad(base64.b64decode(cipher.decrypt(enc[AES.block_size:])).decode('utf8')) 导入base64 导入hashlib 从Cryptodome.Cipher导入AES 从Cryptodome.Random导入获取\u随机\u字节 __key=hashlib.sha256(b'16个字符的key').digest() def加密(原始): BS=AES.块大小 pad=λs:s+(BS-长度%BS)*chr(BS-长度%BS) raw=base64.b64编码(pad(raw).encode('utf8')) iv=获取随机字节(AES.块大小) 密码=AES.new(key=\uuuuu key\uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu 返回base64.b64编码(iv+密码加密(原始)) def解密(enc): unpad=lambda s:s[:-ord(s[-1:])] enc=base64.b64解码(enc) iv=附件[:AES.块大小] 密码=AES.new(_密钥_uu,AES.MODE CFB,iv) 返回unpad(base64.b64解码(cipher.decrypt(enc[AES.block\u size:])).decode('utf8')) 兼容utf-8编码
def _pad(self, s):
s = s.encode()
res = s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs).encode()
return res
我已经使用了
Crypto
和PyCryptodomex
库,它的速度非常快
import base64
import hashlib
from Cryptodome.Cipher import AES as domeAES
from Cryptodome.Random import get_random_bytes
from Crypto import Random
from Crypto.Cipher import AES as cryptoAES
BLOCK_SIZE = AES.block_size
key = "my_secret_key".encode()
__key__ = hashlib.sha256(key).digest()
print(__key__)
def encrypt(raw):
BS = cryptoAES.block_size
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
raw = base64.b64encode(pad(raw).encode('utf8'))
iv = get_random_bytes(cryptoAES.block_size)
cipher = cryptoAES.new(key= __key__, mode= cryptoAES.MODE_CFB,iv= iv)
a= base64.b64encode(iv + cipher.encrypt(raw))
IV = Random.new().read(BLOCK_SIZE)
aes = domeAES.new(__key__, domeAES.MODE_CFB, IV)
b = base64.b64encode(IV + aes.encrypt(a))
return b
def decrypt(enc):
passphrase = __key__
encrypted = base64.b64decode(enc)
IV = encrypted[:BLOCK_SIZE]
aes = domeAES.new(passphrase, domeAES.MODE_CFB, IV)
enc = aes.decrypt(encrypted[BLOCK_SIZE:])
unpad = lambda s: s[:-ord(s[-1:])]
enc = base64.b64decode(enc)
iv = enc[:cryptoAES.block_size]
cipher = cryptoAES.new(__key__, cryptoAES.MODE_CFB, iv)
b= unpad(base64.b64decode(cipher.decrypt(enc[cryptoAES.block_size:])).decode('utf8'))
return b
encrypted_data =encrypt("Hi Steven!!!!!")
print(encrypted_data)
print("=======")
decrypted_data = decrypt(encrypted_data)
print(decrypted_data)
如果您的输入正好是块大小的倍数,会发生什么情况?我认为unpad函数会有点混乱…@Kjir,然后一个长度为BLOCK_SIZE的值chr(BS)序列将被追加到原始数据中。@Marcus
pad
函数被破坏(至少在Py3中),替换为s[:-ord(s[len(s)-1:])
它可以跨版本工作。@带pycryptodome(pycrypto followup)的CryptoUtil.Padding.pad()中可以使用Torxed pad函数,为什么不将字符常量作为
import base64
import hashlib
from Cryptodome.Cipher import AES
from Cryptodome.Random import get_random_bytes
__key__ = hashlib.sha256(b'16-character key').digest()
def encrypt(raw):
BS = AES.block_size
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
raw = base64.b64encode(pad(raw).encode('utf8'))
iv = get_random_bytes(AES.block_size)
cipher = AES.new(key= __key__, mode= AES.MODE_CFB,iv= iv)
return base64.b64encode(iv + cipher.encrypt(raw))
def decrypt(enc):
unpad = lambda s: s[:-ord(s[-1:])]
enc = base64.b64decode(enc)
iv = enc[:AES.block_size]
cipher = AES.new(__key__, AES.MODE_CFB, iv)
return unpad(base64.b64decode(cipher.decrypt(enc[AES.block_size:])).decode('utf8'))
def _pad(self, s):
s = s.encode()
res = s + (self.bs - len(s) % self.bs) * chr(self.bs - len(s) % self.bs).encode()
return res
import base64
import hashlib
from Cryptodome.Cipher import AES as domeAES
from Cryptodome.Random import get_random_bytes
from Crypto import Random
from Crypto.Cipher import AES as cryptoAES
BLOCK_SIZE = AES.block_size
key = "my_secret_key".encode()
__key__ = hashlib.sha256(key).digest()
print(__key__)
def encrypt(raw):
BS = cryptoAES.block_size
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
raw = base64.b64encode(pad(raw).encode('utf8'))
iv = get_random_bytes(cryptoAES.block_size)
cipher = cryptoAES.new(key= __key__, mode= cryptoAES.MODE_CFB,iv= iv)
a= base64.b64encode(iv + cipher.encrypt(raw))
IV = Random.new().read(BLOCK_SIZE)
aes = domeAES.new(__key__, domeAES.MODE_CFB, IV)
b = base64.b64encode(IV + aes.encrypt(a))
return b
def decrypt(enc):
passphrase = __key__
encrypted = base64.b64decode(enc)
IV = encrypted[:BLOCK_SIZE]
aes = domeAES.new(passphrase, domeAES.MODE_CFB, IV)
enc = aes.decrypt(encrypted[BLOCK_SIZE:])
unpad = lambda s: s[:-ord(s[-1:])]
enc = base64.b64decode(enc)
iv = enc[:cryptoAES.block_size]
cipher = cryptoAES.new(__key__, cryptoAES.MODE_CFB, iv)
b= unpad(base64.b64decode(cipher.decrypt(enc[cryptoAES.block_size:])).decode('utf8'))
return b
encrypted_data =encrypt("Hi Steven!!!!!")
print(encrypted_data)
print("=======")
decrypted_data = decrypt(encrypted_data)
print(decrypted_data)