该文介绍了Python的cryptography库,用于生成RSA密钥对,进行私钥加密和公钥解密,以及私钥签名和公钥验证。包括了密钥的序列化和反序列化过程。
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
译文:cryptography是一个旨在向Python开发人员公开加密原语和配方的包。
文档
- https://github.com/pyca/cryptography
- https://pypi.org/project/cryptography/
- https://cryptography.io/en/latest/
- https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/
安装
pip install cryptography
示例
1、生成私钥和获取公钥
# -*- coding: utf-8 -*-
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives.asymmetric import rsa
# 生成私钥
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
# 获取公钥
public_key = private_key.public_key()
2、私钥和公钥序列化
# 私钥序列化
private_key_pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
# 保存私钥到文件
with open('private.key', 'wb') as f:
f.write(private_key_pem)
# 公钥序列化
public_key_pem = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
# 保存公钥到文件
with open('public.pem', 'wb') as f:
f.write(public_key_pem)
3、私钥和公钥的反序列化
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
# 从文件加载私钥
with open("private.key", "rb") as private_key_file:
private_key = serialization.load_pem_private_key(
private_key_file.read(),
password=None,
backend=default_backend()
)
# 从文件加载公钥
with open("public.pem", "rb") as public_pem_file:
public_key = serialization.load_pem_public_key(
public_pem_file.read(),
backend=default_backend()
)
4、公钥加密私钥解密
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
# 公钥解密
message = 'Hello'
encrypted = public_key.encrypt(
plaintext=message.encode('utf-8'),
padding=padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
print(encrypted)
# b'm\xf2\x8d\xa84\xbe\x13\xe1...'
# 私钥解密
original_message = private_key.decrypt(
ciphertext=encrypted,
padding=padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
print(original_message.decode('utf-8'))
# Hello
5、私钥签名公钥验签
# -*- coding: utf-8 -*-
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
# 私钥签名
message = 'Hello'
signature = private_key.sign(
data=message.encode('utf-8'),
padding=padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
algorithm=hashes.SHA256()
)
print(signature)
# b'm\xf2\x8d\xa84\xbe\x13\xe1...'
# 公钥验签 如果验证失败抛出异常cryptography.exceptions.InvalidSignature
public_key.verify(
signature=signature,
data='Hello'.encode('utf-8'),
padding=padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
algorithm=hashes.SHA256()
)
源码
RSAPrivateKey源码
cryptography/hazmat/primitives/asymmetric/rsa.py
class RSAPrivateKey(metaclass=abc.ABCMeta):
@abc.abstractmethod
def decrypt(self, ciphertext: bytes, padding: AsymmetricPadding) -> bytes:
"""
Decrypts the provided ciphertext.
"""
@abc.abstractproperty
def key_size(self) -> int:
"""
The bit length of the public modulus.
"""
@abc.abstractmethod
def public_key(self) -> "RSAPublicKey":
"""
The RSAPublicKey associated with this private key.
"""
@abc.abstractmethod
def sign(
self,
data: bytes,
padding: AsymmetricPadding,
algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm],
) -> bytes:
"""
Signs the data.
"""
@abc.abstractmethod
def private_numbers(self) -> "RSAPrivateNumbers":
"""
Returns an RSAPrivateNumbers.
"""
@abc.abstractmethod
def private_bytes(
self,
encoding: _serialization.Encoding,
format: _serialization.PrivateFormat,
encryption_algorithm: _serialization.KeySerializationEncryption,
) -> bytes:
"""
Returns the key serialized as bytes.
"""
RSAPublicKey源码
cryptography/hazmat/primitives/asymmetric/rsa.py
class RSAPublicKey(metaclass=abc.ABCMeta):
@abc.abstractmethod
def encrypt(self, plaintext: bytes, padding: AsymmetricPadding) -> bytes:
"""
Encrypts the given plaintext.
"""
@abc.abstractproperty
def key_size(self) -> int:
"""
The bit length of the public modulus.
"""
@abc.abstractmethod
def public_numbers(self) -> "RSAPublicNumbers":
"""
Returns an RSAPublicNumbers
"""
@abc.abstractmethod
def public_bytes(
self,
encoding: _serialization.Encoding,
format: _serialization.PublicFormat,
) -> bytes:
"""
Returns the key serialized as bytes.
"""
@abc.abstractmethod
def verify(
self,
signature: bytes,
data: bytes,
padding: AsymmetricPadding,
algorithm: typing.Union[asym_utils.Prehashed, hashes.HashAlgorithm],
) -> None:
"""
Verifies the signature of the data.
"""
@abc.abstractmethod
def recover_data_from_signature(
self,
signature: bytes,
padding: AsymmetricPadding,
algorithm: typing.Optional[hashes.HashAlgorithm],
) -> bytes:
"""
Recovers the original data from the signature.
"""
参考文章
扫一扫
1115
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
