RSA "length must be equal to key size" 错误
RSA "length must be equal to key size" error
我目前正在尝试使用 python 加密库和 RSA 加密和解密密码。密钥生成工作正常,加密工作但是在解密密码时,我遇到了这个回溯错误消息:
raise ValueError("Ciphertext length must be equal to key size.")
我的加解密代码是这样的:
class AppCryptography():
def generate_rsa_keypair(self, bits=4096):
return rsa.generate_private_key(
public_exponent=65537,
key_size=bits,
backend=default_backend()
)
def load_private_key(self, pem_file_path):
with open(pem_file_path, "rb") as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password=None,
backend=default_backend()
)
return private_key
def load_public_key(self, pem_file_path):
with open(pem_file_path, "rb") as key_file:
public_key = serialization.load_pem_public_key(
key_file.read(),
backend=default_backend()
)
return public_key
def encrypt_password(self, public_key, password):
password = bytes(password) if not isinstance(password, bytes) else password
public_key = public_key if isinstance(public_key, RSAPublicKey) else self.load_pem_public_key(
public_key_pem_export=public_key
)
cipher_pass = public_key.encrypt(
password,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
return str(base64.b64encode(cipher_pass))
def decrypt(self, private_key, cipher_pass):
cipher_pass = base64.b64decode(cipher_pass) if not isinstance(cipher_pass, bytes) else cipher_pass
private_key = private_key if isinstance(private_key, RSAPrivateKey) else self.load_pem_private_key(
private_key_pem_export=private_key
)
plain_text_pass = private_key.decrypt(
cipher_pass,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
return str(plain_text_pass)
错误发生在我 运行 这个脚本时:
crypter = AppCryptography()
backend_public_key = crypter.load_public_key(dir_path + "/util/keys/backend_public_key.pem")
frontend_private_key = crypter.load_private_key(dir_path + "/util/keys/frontend_private_key.pem")
encrypted_password = crypter.encrypt_password(backend_public_key, password)
signature = crypter.sign_data(frontend_private_key, password)
backend_private_key = crypter.load_private_key(dir_path + "/util/keys/backend_private_key.pem")
cleartext = crypter.decrypt(backend_private_key, encrypted_password)
我的堆栈跟踪显示错误来自解密函数,但我无法在函数定义中看到错误所在。
File "/Users/Me/anaconda/envs/flask_dream/lib/python2.7/site-packages/sqlalchemy/orm/state.py", line 411, in _initialize_instance
return manager.original_init(*mixed[1:], **kwargs)
File "/Users/Me/anaconda/envs/flask_dream/lib/python2.7/site-packages/sqlalchemy/ext/declarative/base.py", line 650, in _declarative_constructor
setattr(self, k, kwargs[k])
File "/Users/Me/Desktop/Projects/Flask-Dream/project_app/models.py", line 114, in password
cleartext = crypter.decrypt(backend_private_key, encrypted_password)
File "/Users/Me/Desktop/Projects/Flask-Dream/project_app/util/crypto.py", line 121, in decrypt
label=None
File "/Users/Me/anaconda/envs/flask_dream/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 397, in decrypt
raise ValueError("Ciphertext length must be equal to key size.")
您的代码中的问题似乎是以下行:
cipher_pass = base64.b64decode(cipher_pass) if not isinstance(cipher_pass, bytes) else cipher_pass
现在 - 如果我理解 Python 正确 - 字符串以特定编码的字节存储(Python 2 肯定是这种情况,Python 也可能是这种情况3 当使用 str
时)。
这意味着base64字符串是也是字节串,isinstance(cipher_pass, bytes)
returns是真的。但这意味着没有触发base64解码,这反过来意味着你的密文太大,在解密过程中会失败。
如果您需要文本界面,最好始终解码 base64。
我目前正在尝试使用 python 加密库和 RSA 加密和解密密码。密钥生成工作正常,加密工作但是在解密密码时,我遇到了这个回溯错误消息:
raise ValueError("Ciphertext length must be equal to key size.")
我的加解密代码是这样的:
class AppCryptography():
def generate_rsa_keypair(self, bits=4096):
return rsa.generate_private_key(
public_exponent=65537,
key_size=bits,
backend=default_backend()
)
def load_private_key(self, pem_file_path):
with open(pem_file_path, "rb") as key_file:
private_key = serialization.load_pem_private_key(
key_file.read(),
password=None,
backend=default_backend()
)
return private_key
def load_public_key(self, pem_file_path):
with open(pem_file_path, "rb") as key_file:
public_key = serialization.load_pem_public_key(
key_file.read(),
backend=default_backend()
)
return public_key
def encrypt_password(self, public_key, password):
password = bytes(password) if not isinstance(password, bytes) else password
public_key = public_key if isinstance(public_key, RSAPublicKey) else self.load_pem_public_key(
public_key_pem_export=public_key
)
cipher_pass = public_key.encrypt(
password,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
return str(base64.b64encode(cipher_pass))
def decrypt(self, private_key, cipher_pass):
cipher_pass = base64.b64decode(cipher_pass) if not isinstance(cipher_pass, bytes) else cipher_pass
private_key = private_key if isinstance(private_key, RSAPrivateKey) else self.load_pem_private_key(
private_key_pem_export=private_key
)
plain_text_pass = private_key.decrypt(
cipher_pass,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA1()),
algorithm=hashes.SHA1(),
label=None
)
)
return str(plain_text_pass)
错误发生在我 运行 这个脚本时:
crypter = AppCryptography()
backend_public_key = crypter.load_public_key(dir_path + "/util/keys/backend_public_key.pem")
frontend_private_key = crypter.load_private_key(dir_path + "/util/keys/frontend_private_key.pem")
encrypted_password = crypter.encrypt_password(backend_public_key, password)
signature = crypter.sign_data(frontend_private_key, password)
backend_private_key = crypter.load_private_key(dir_path + "/util/keys/backend_private_key.pem")
cleartext = crypter.decrypt(backend_private_key, encrypted_password)
我的堆栈跟踪显示错误来自解密函数,但我无法在函数定义中看到错误所在。
File "/Users/Me/anaconda/envs/flask_dream/lib/python2.7/site-packages/sqlalchemy/orm/state.py", line 411, in _initialize_instance
return manager.original_init(*mixed[1:], **kwargs)
File "/Users/Me/anaconda/envs/flask_dream/lib/python2.7/site-packages/sqlalchemy/ext/declarative/base.py", line 650, in _declarative_constructor
setattr(self, k, kwargs[k])
File "/Users/Me/Desktop/Projects/Flask-Dream/project_app/models.py", line 114, in password
cleartext = crypter.decrypt(backend_private_key, encrypted_password)
File "/Users/Me/Desktop/Projects/Flask-Dream/project_app/util/crypto.py", line 121, in decrypt
label=None
File "/Users/Me/anaconda/envs/flask_dream/lib/python2.7/site-packages/cryptography/hazmat/backends/openssl/rsa.py", line 397, in decrypt
raise ValueError("Ciphertext length must be equal to key size.")
您的代码中的问题似乎是以下行:
cipher_pass = base64.b64decode(cipher_pass) if not isinstance(cipher_pass, bytes) else cipher_pass
现在 - 如果我理解 Python 正确 - 字符串以特定编码的字节存储(Python 2 肯定是这种情况,Python 也可能是这种情况3 当使用 str
时)。
这意味着base64字符串是也是字节串,isinstance(cipher_pass, bytes)
returns是真的。但这意味着没有触发base64解码,这反过来意味着你的密文太大,在解密过程中会失败。
如果您需要文本界面,最好始终解码 base64。