将 java 加密代码转换为 python 等价物
Converting java crypto code to python equivalent
我一直在尝试将下面的 java 代码转换成它的 python 等效代码:
Encrypt.java
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
//import org.jose4j.base64url.Base64;
public class Encrypt {
public static void main(String[] args)
throws InvalidKeySpecException, NoSuchAlgorithmException, UnsupportedEncodingException, CertificateException, FileNotFoundException {
PublicKey pubKey;
Object localObject1 = new
String("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmy"
+
"qvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXe"
+
"iqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmE"
+ "MWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB");
//localObject1 = new X509EncodedKeySpec(Base64.decode(((String)localObject1).getBytes("utf-8")));
localObject1 = new X509EncodedKeySpec(Base64.decodeBase64(((String)localObject1).getBytes("utf-8")));
localObject1 = KeyFactory.getInstance("RSA").generatePublic((KeySpec)localObject1);
System.out.println((PublicKey)localObject1);
System.out.println("___________________________________________________________________________________________________________________________________________________");
// String secret_pub_key= //"-----BEGIN RSA PUBLIC KEY-----" +
// "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkvq7mHuTMGeJF/qiAot"+
// "OcLTd6hjDEcMHIk2IY35JInuypD6WieogOxSS6kHYho/U+BW/Cgz0XjziPIQSJZx"+
// "AGOrtdZrTa6n6S6I65YB2wPB93lLi/qnBmUSetEgAgM+MOfiYT8Dift9Mut+BvbE"+
// "iFMH163ovoiTyLDpbTYDB6InzFzu1l7G01pi/ZAc69kWrJ+yNMEUcnAerRPt30et"+
// "XAbKD2lC696VJa/2xtWZ5T7vwMpFLIaGFAg228ZifgwDIRFsBmwPsAsngQSGVVBo"+
// "Ijm3fb0PUDV4MTw+cNT0ldHbYCAWy6zgA0K7eL5LcUN8+ai7u6VMWYUT4FAvYNiP"+
// "IwIDAQAB";
// //"-----END RSA PUBLIC KEY-----";
// X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decode(secret_pub_key));
// KeyFactory keyFactory = KeyFactory.getInstance("RSA");
// PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
Object secret_pub_key= new String(//"-----BEGIN RSA PUBLIC KEY-----" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukY"+
"ycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz"+
"+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hd"+
"lnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNq"+
"XeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638T"+
"i8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl"+
"+wIDAQAB");
//"-----END RSA PUBLIC KEY-----";
secret_pub_key = new X509EncodedKeySpec(Base64.decodeBase64(((String)secret_pub_key).getBytes("utf-8")));
secret_pub_key = KeyFactory.getInstance("RSA").generatePublic((KeySpec)secret_pub_key);
pubKey = (PublicKey)secret_pub_key;
Object localObject;
Lc lc = new Lc();
System.out.println("\n\nlc.pub is" + lc.pub);
System.out.println("\n\n\nokokokokok" + pubKey.getEncoded());
//byte[] arrayOfByte = new String(Base64.encodeBase64(lc.pub.getEncoded())).getBytes();
byte[] arrayOfByte = new String(Base64.encodeBase64(pubKey.getEncoded())).getBytes();
StringBuilder localStringBuilder1 = new StringBuilder();
int i = 0;
while (i < arrayOfByte.length) {
if (arrayOfByte.length > i + 200) {
localObject = Arrays.copyOfRange(arrayOfByte, i, i + 200);
} else {
localObject = Arrays.copyOfRange(arrayOfByte, i, arrayOfByte.length + 1);
}
StringBuilder localStringBuilder2 = new StringBuilder();
lc.pub = (PublicKey)localObject1;
localObject = new String((byte[])localObject);
localStringBuilder1.append(lc.upperDot((String)localObject) + ":::");
i += 200;
}
System.out.println("The ducking key is " + localStringBuilder1.toString());
}
}
Lc.java
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public class Lc {
public static PublicKey pub;
public static PrivateKey pri;
public byte[] by;
public String dot;
public Lc() {
Object localObject = "RSA";
try
{
localObject = KeyPairGenerator.getInstance((String)localObject);
KeyPair localKeyPair = ((KeyPairGenerator)localObject).generateKeyPair();
localObject = localKeyPair.getPublic();
pub = (PublicKey)localObject;
localObject = localKeyPair.getPrivate();
pri = (PrivateKey)localObject;
}
catch (NoSuchAlgorithmException localNoSuchAlgorithmException)
{
localNoSuchAlgorithmException.printStackTrace();
}
}
public static String upperDot(String paramString)
{
Object localObject = "RSA/ECB/PKCS1Padding";
try
{
Cipher localCipher = Cipher.getInstance((String)localObject);
localObject = pub;
int i = 1;
localCipher.init(i, (Key)localObject);
localObject = paramString.getBytes();
byte[] arrayOfByte1 = localCipher.doFinal((byte[])localObject);
byte[] arrayOfByte2 = Base64.encodeBase64(arrayOfByte1);
localObject = new String(arrayOfByte2);
return (String)localObject;
}
catch (Exception localException)
{
System.out.print(localException);
}
return null;
}
}
请忽略上面2个java文件和调试打印语句的糟糕设计
上面产生的输出,我感兴趣的是最后输出语句的内容:
The ducking key is t4z2jf9GKtKvXiXCPYU3u7Y0LwQOOeQBVi+YRATc3GqyTNb085bRLUVqiNT5v/ZcZl2FZPegeN8OTG9vPbwuY1HrQ04xv0vUf3ohJORiUXwEQtoBVMDnKHib50FPZCbAZIp/1u0KgEPBV9rEe7BmHi2UGCNnp0e50G68cBPLknUinBIIYIIrw/o3U4SAT+uBdo6wyi/x0tWR3El8gJpL34JJVWzdzi4y61cPZI31gxyY19t1EzzmtqB0wnjV5RvTsavR5s3RgtBu3EV+b43poam2K0CsRyfB2lFawkZBnvRL6GzvozBpUYe4awdPbU4Pjvuju5B3zWXloQ5kMVZAkg==:::MpcHcJWhGdYrS1VLza+ereOU1ZRZ9LyVTN0KBBdQLIjYXChX1eKtRdftrF306L5BE8Ni9ibTylbcsc6tocphVpYnCvYN2eKVcEoHLyk9Iz/Cf2ikYJCUFtHh/cPnSILhwI7txdVds0Il58uDMevMnvvRntqVR7nw6UUmUVwmtFvNWVdceP61BHc9YsDMdQs8jPOeGAHWmqA2g4ODYB2W07yQhmwNIQZEmkmrfRHUd1dqM57sIWS9HdgEbrnqhyt1pIWrCxzgYbzZCuaDS/llcFsqgLBbaPpTg2qNUFi2x3r1jJ1UeJeX+y/mOhrEvBXSLmadsCYmEROIutNgoVWigg==:::
现在我想通过 python 实现完全相同的行为(如果重要的话是 2.7)。到目前为止,我一直依赖 pycrypto 和 M2Crypto 但都没有帮助。
这是我尝试制作一个 python 等同于上述内容的尝试:
from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
def ecnryptorFun(key, secret):
encrypted = key.encrypt(secret, 1)
final_text = b64encode(encrypted[0])
return final_text
def sayHello(body):
url = 'https://consumer-app-development.appspot.com/api/sayHello'
res = requests.post(url=url, data=body)
return res.text
key64 = b'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmyqvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXeiqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmEMWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB'
keyDER = b64decode(key64)
keyPub = RSA.importKey(keyDER)
secret = b"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukYycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hdlnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNqXeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638Ti8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl+wIDAQAB"
#secret1 = b64encode(secret)
arrayOfByte = bytearray(secret)
i = 0
localStringBuilder1 = ""
while i < len(arrayOfByte):
if len(arrayOfByte) > (i+200):
localObject = arrayOfByte[i:i+200]
else:
localObject = arrayOfByte[i:len(arrayOfByte)+1]
localObj_byte_array = bytearray(localObject)
localStringBuilder1 = localStringBuilder1 + ecnryptorFun(keyPub, str(localObject)) + ':::'
#localStringBuilder1 = localStringBuilder1 + ecnryptorFun(encryption_key, localObj_byte_array) + ':::'
i += 200;
print localStringBuilder1
以上python代码的输出
vkqbraD/5HMvs9LG59VXCGCLUoJ0msU6fVvLMDCc8fQ41S3R3IC0EfxLCk9FoHUIGK5h90Rd0at2ROvcOVCtESAYZlYYCB1U99NqWCFLvyDBxS4uEAVHD5yv4U82Dmn/p/asi+D/GxnvP/xvyiI+tp39lWx77DuV4hlnRbltHu9f4o4cvqZ+Nn7wCzY1TBzIClT8f4lx2g9E/5+mhfkQIHejGIAMyJXl3xy+qhQSoy8DvudGQU95eGfDRdci4yqOwDeG2+QlUip627tMbttAroWQjM8jC419kFPetTlmV/RczE/vcwnyM3iEnrhB9KnjRLYEecJ8mEYU7L/TxBe+Tg==:::V1oZBPETF9ryap59T4zOwfW0/pASSCULWL8ZlvUrSlRLeaZmIxplNmewqyUnrhwIbnpDvwhmz7+2/Dd2EN4hJndRnGl7aoEX8/GJP0Kz9vL2qEDbIGQC/Dv6O75KPFZ/E06DYLcycLhNZYxudwVP9rJAhFEEMgefpY40v1+B6sqqogrGnZhfwITaqpU0FKTbHSlHUymlD6Cn4lb0yLMISG6MZRQrP5B67UkGexlpxPQTHsXcLy0vTEzMZkvdxbv4YtawNvmgeQEgD1jqIB45pOngrwp3jcs9D9Ib2hCwpOoqkwOV/YaA+XO+dkPo8BxOw5DH/jWRcksb3N65YEmlvQ==:::
现在虽然上面产生了一个非常相似的输出,但它不是正确的。为什么?因为当上面 java 代码的输出发送到后端时,我收到了 HTTP 200 OK 和预期的响应。
但是,当上面 python 代码的输出类似地发送到后端时,我收到 500 内部服务器错误,这意味着(根据我的假设,假设所有其他参数,headers 等在 java 和 python HTTP 请求之间保持完全相同)后端的输入不正确,因此它坏了(再次请忽略 500,我同意它应该是更有意义的东西,绝对不是 500)
我无法访问后端。它更像是我们正在做的红队-蓝队练习
此外,我可能会从 python 调用上面的 java 代码,并且仍然设法实现最终结果并完成工作,但这更像是一种 hack,这虽然就足够了,但我更想知道如何单独使用 Python 才能达到同样的效果。
根据下面评论中的一些建议,我也尝试了这个:
所以我也尝试了这个:
from Crypto.Cipher import PKCS1_v1_5
def encryptMsg(secret):
message = secret
key = RSA.importKey(open('myPubkey.pem').read())
cipher = PKCS1_v1_5.new(key)
ciphertext = b64encode(cipher.encrypt(message))
return ciphertext
然后在 while 循环中,这个:
localStringBuilder1 = localStringBuilder1 + encryptMsg(str(localObject)) + ':::'
好像还是不行。结果与之前相同。
感谢 https://whosebug.com/users/1816580/artjom-b 在上面的评论中为我指明了正确的方向。
行。这是有效的:
from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
from Crypto.Cipher import PKCS1_v1_5
def encryptMsg(key, secret):
message = secret
cipher = PKCS1_v1_5.new(key)
ciphertext = b64encode(cipher.encrypt(message))
return ciphertext
from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
from Crypto.Cipher import PKCS1_v1_5
import requests
# def ecnryptorFun(key, secret):
# encrypted = key.encrypt(secret, 1)
# final_text = b64encode(encrypted[0])
# return final_text
def encryptMsg(key, secret):
message = secret
cipher = PKCS1_v1_5.new(key)
ciphertext = b64encode(cipher.encrypt(message))
return ciphertext
def sayHello(body):
url = 'https://consumer-app-development.appspot.com/api/sayHello'
res = requests.post(url=url, data=body)
return res.text
# this is basically the keyString value itself
key64 = b'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmyqvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXeiqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmEMWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB'
keyDER = b64decode(key64)
keyPub = RSA.importKey(keyDER)
secret = b"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukYycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hdlnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNqXeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638Ti8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl+wIDAQAB"
arrayOfByte = bytearray(secret)
i = 0
localStringBuilder1 = ""
while i < len(arrayOfByte):
if len(arrayOfByte) > (i+200):
localObject = arrayOfByte[i:i+200]
else:
localObject = arrayOfByte[i:len(arrayOfByte)+1]
localObj_byte_array = bytearray(localObject)
localStringBuilder1 = localStringBuilder1 + encryptMsg(keyPub, str(localObject)) + ':::'
i += 200;
print localStringBuilder1
现在对于我得到的字符串,后端响应 200 OK
我一直在尝试将下面的 java 代码转换成它的 python 等效代码:
Encrypt.java
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
//import org.jose4j.base64url.Base64;
public class Encrypt {
public static void main(String[] args)
throws InvalidKeySpecException, NoSuchAlgorithmException, UnsupportedEncodingException, CertificateException, FileNotFoundException {
PublicKey pubKey;
Object localObject1 = new
String("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmy"
+
"qvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXe"
+
"iqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmE"
+ "MWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB");
//localObject1 = new X509EncodedKeySpec(Base64.decode(((String)localObject1).getBytes("utf-8")));
localObject1 = new X509EncodedKeySpec(Base64.decodeBase64(((String)localObject1).getBytes("utf-8")));
localObject1 = KeyFactory.getInstance("RSA").generatePublic((KeySpec)localObject1);
System.out.println((PublicKey)localObject1);
System.out.println("___________________________________________________________________________________________________________________________________________________");
// String secret_pub_key= //"-----BEGIN RSA PUBLIC KEY-----" +
// "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkvq7mHuTMGeJF/qiAot"+
// "OcLTd6hjDEcMHIk2IY35JInuypD6WieogOxSS6kHYho/U+BW/Cgz0XjziPIQSJZx"+
// "AGOrtdZrTa6n6S6I65YB2wPB93lLi/qnBmUSetEgAgM+MOfiYT8Dift9Mut+BvbE"+
// "iFMH163ovoiTyLDpbTYDB6InzFzu1l7G01pi/ZAc69kWrJ+yNMEUcnAerRPt30et"+
// "XAbKD2lC696VJa/2xtWZ5T7vwMpFLIaGFAg228ZifgwDIRFsBmwPsAsngQSGVVBo"+
// "Ijm3fb0PUDV4MTw+cNT0ldHbYCAWy6zgA0K7eL5LcUN8+ai7u6VMWYUT4FAvYNiP"+
// "IwIDAQAB";
// //"-----END RSA PUBLIC KEY-----";
// X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decode(secret_pub_key));
// KeyFactory keyFactory = KeyFactory.getInstance("RSA");
// PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
Object secret_pub_key= new String(//"-----BEGIN RSA PUBLIC KEY-----" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukY"+
"ycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz"+
"+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hd"+
"lnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNq"+
"XeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638T"+
"i8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl"+
"+wIDAQAB");
//"-----END RSA PUBLIC KEY-----";
secret_pub_key = new X509EncodedKeySpec(Base64.decodeBase64(((String)secret_pub_key).getBytes("utf-8")));
secret_pub_key = KeyFactory.getInstance("RSA").generatePublic((KeySpec)secret_pub_key);
pubKey = (PublicKey)secret_pub_key;
Object localObject;
Lc lc = new Lc();
System.out.println("\n\nlc.pub is" + lc.pub);
System.out.println("\n\n\nokokokokok" + pubKey.getEncoded());
//byte[] arrayOfByte = new String(Base64.encodeBase64(lc.pub.getEncoded())).getBytes();
byte[] arrayOfByte = new String(Base64.encodeBase64(pubKey.getEncoded())).getBytes();
StringBuilder localStringBuilder1 = new StringBuilder();
int i = 0;
while (i < arrayOfByte.length) {
if (arrayOfByte.length > i + 200) {
localObject = Arrays.copyOfRange(arrayOfByte, i, i + 200);
} else {
localObject = Arrays.copyOfRange(arrayOfByte, i, arrayOfByte.length + 1);
}
StringBuilder localStringBuilder2 = new StringBuilder();
lc.pub = (PublicKey)localObject1;
localObject = new String((byte[])localObject);
localStringBuilder1.append(lc.upperDot((String)localObject) + ":::");
i += 200;
}
System.out.println("The ducking key is " + localStringBuilder1.toString());
}
}
Lc.java
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public class Lc {
public static PublicKey pub;
public static PrivateKey pri;
public byte[] by;
public String dot;
public Lc() {
Object localObject = "RSA";
try
{
localObject = KeyPairGenerator.getInstance((String)localObject);
KeyPair localKeyPair = ((KeyPairGenerator)localObject).generateKeyPair();
localObject = localKeyPair.getPublic();
pub = (PublicKey)localObject;
localObject = localKeyPair.getPrivate();
pri = (PrivateKey)localObject;
}
catch (NoSuchAlgorithmException localNoSuchAlgorithmException)
{
localNoSuchAlgorithmException.printStackTrace();
}
}
public static String upperDot(String paramString)
{
Object localObject = "RSA/ECB/PKCS1Padding";
try
{
Cipher localCipher = Cipher.getInstance((String)localObject);
localObject = pub;
int i = 1;
localCipher.init(i, (Key)localObject);
localObject = paramString.getBytes();
byte[] arrayOfByte1 = localCipher.doFinal((byte[])localObject);
byte[] arrayOfByte2 = Base64.encodeBase64(arrayOfByte1);
localObject = new String(arrayOfByte2);
return (String)localObject;
}
catch (Exception localException)
{
System.out.print(localException);
}
return null;
}
}
请忽略上面2个java文件和调试打印语句的糟糕设计
上面产生的输出,我感兴趣的是最后输出语句的内容:
The ducking key is t4z2jf9GKtKvXiXCPYU3u7Y0LwQOOeQBVi+YRATc3GqyTNb085bRLUVqiNT5v/ZcZl2FZPegeN8OTG9vPbwuY1HrQ04xv0vUf3ohJORiUXwEQtoBVMDnKHib50FPZCbAZIp/1u0KgEPBV9rEe7BmHi2UGCNnp0e50G68cBPLknUinBIIYIIrw/o3U4SAT+uBdo6wyi/x0tWR3El8gJpL34JJVWzdzi4y61cPZI31gxyY19t1EzzmtqB0wnjV5RvTsavR5s3RgtBu3EV+b43poam2K0CsRyfB2lFawkZBnvRL6GzvozBpUYe4awdPbU4Pjvuju5B3zWXloQ5kMVZAkg==:::MpcHcJWhGdYrS1VLza+ereOU1ZRZ9LyVTN0KBBdQLIjYXChX1eKtRdftrF306L5BE8Ni9ibTylbcsc6tocphVpYnCvYN2eKVcEoHLyk9Iz/Cf2ikYJCUFtHh/cPnSILhwI7txdVds0Il58uDMevMnvvRntqVR7nw6UUmUVwmtFvNWVdceP61BHc9YsDMdQs8jPOeGAHWmqA2g4ODYB2W07yQhmwNIQZEmkmrfRHUd1dqM57sIWS9HdgEbrnqhyt1pIWrCxzgYbzZCuaDS/llcFsqgLBbaPpTg2qNUFi2x3r1jJ1UeJeX+y/mOhrEvBXSLmadsCYmEROIutNgoVWigg==:::
现在我想通过 python 实现完全相同的行为(如果重要的话是 2.7)。到目前为止,我一直依赖 pycrypto 和 M2Crypto 但都没有帮助。
这是我尝试制作一个 python 等同于上述内容的尝试:
from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
def ecnryptorFun(key, secret):
encrypted = key.encrypt(secret, 1)
final_text = b64encode(encrypted[0])
return final_text
def sayHello(body):
url = 'https://consumer-app-development.appspot.com/api/sayHello'
res = requests.post(url=url, data=body)
return res.text
key64 = b'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmyqvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXeiqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmEMWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB'
keyDER = b64decode(key64)
keyPub = RSA.importKey(keyDER)
secret = b"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukYycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hdlnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNqXeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638Ti8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl+wIDAQAB"
#secret1 = b64encode(secret)
arrayOfByte = bytearray(secret)
i = 0
localStringBuilder1 = ""
while i < len(arrayOfByte):
if len(arrayOfByte) > (i+200):
localObject = arrayOfByte[i:i+200]
else:
localObject = arrayOfByte[i:len(arrayOfByte)+1]
localObj_byte_array = bytearray(localObject)
localStringBuilder1 = localStringBuilder1 + ecnryptorFun(keyPub, str(localObject)) + ':::'
#localStringBuilder1 = localStringBuilder1 + ecnryptorFun(encryption_key, localObj_byte_array) + ':::'
i += 200;
print localStringBuilder1
以上python代码的输出
vkqbraD/5HMvs9LG59VXCGCLUoJ0msU6fVvLMDCc8fQ41S3R3IC0EfxLCk9FoHUIGK5h90Rd0at2ROvcOVCtESAYZlYYCB1U99NqWCFLvyDBxS4uEAVHD5yv4U82Dmn/p/asi+D/GxnvP/xvyiI+tp39lWx77DuV4hlnRbltHu9f4o4cvqZ+Nn7wCzY1TBzIClT8f4lx2g9E/5+mhfkQIHejGIAMyJXl3xy+qhQSoy8DvudGQU95eGfDRdci4yqOwDeG2+QlUip627tMbttAroWQjM8jC419kFPetTlmV/RczE/vcwnyM3iEnrhB9KnjRLYEecJ8mEYU7L/TxBe+Tg==:::V1oZBPETF9ryap59T4zOwfW0/pASSCULWL8ZlvUrSlRLeaZmIxplNmewqyUnrhwIbnpDvwhmz7+2/Dd2EN4hJndRnGl7aoEX8/GJP0Kz9vL2qEDbIGQC/Dv6O75KPFZ/E06DYLcycLhNZYxudwVP9rJAhFEEMgefpY40v1+B6sqqogrGnZhfwITaqpU0FKTbHSlHUymlD6Cn4lb0yLMISG6MZRQrP5B67UkGexlpxPQTHsXcLy0vTEzMZkvdxbv4YtawNvmgeQEgD1jqIB45pOngrwp3jcs9D9Ib2hCwpOoqkwOV/YaA+XO+dkPo8BxOw5DH/jWRcksb3N65YEmlvQ==:::
现在虽然上面产生了一个非常相似的输出,但它不是正确的。为什么?因为当上面 java 代码的输出发送到后端时,我收到了 HTTP 200 OK 和预期的响应。
但是,当上面 python 代码的输出类似地发送到后端时,我收到 500 内部服务器错误,这意味着(根据我的假设,假设所有其他参数,headers 等在 java 和 python HTTP 请求之间保持完全相同)后端的输入不正确,因此它坏了(再次请忽略 500,我同意它应该是更有意义的东西,绝对不是 500)
我无法访问后端。它更像是我们正在做的红队-蓝队练习
此外,我可能会从 python 调用上面的 java 代码,并且仍然设法实现最终结果并完成工作,但这更像是一种 hack,这虽然就足够了,但我更想知道如何单独使用 Python 才能达到同样的效果。
根据下面评论中的一些建议,我也尝试了这个: 所以我也尝试了这个:
from Crypto.Cipher import PKCS1_v1_5
def encryptMsg(secret):
message = secret
key = RSA.importKey(open('myPubkey.pem').read())
cipher = PKCS1_v1_5.new(key)
ciphertext = b64encode(cipher.encrypt(message))
return ciphertext
然后在 while 循环中,这个:
localStringBuilder1 = localStringBuilder1 + encryptMsg(str(localObject)) + ':::'
好像还是不行。结果与之前相同。
感谢 https://whosebug.com/users/1816580/artjom-b 在上面的评论中为我指明了正确的方向。 行。这是有效的:
from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
from Crypto.Cipher import PKCS1_v1_5
def encryptMsg(key, secret):
message = secret
cipher = PKCS1_v1_5.new(key)
ciphertext = b64encode(cipher.encrypt(message))
return ciphertext
from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
from Crypto.Cipher import PKCS1_v1_5
import requests
# def ecnryptorFun(key, secret):
# encrypted = key.encrypt(secret, 1)
# final_text = b64encode(encrypted[0])
# return final_text
def encryptMsg(key, secret):
message = secret
cipher = PKCS1_v1_5.new(key)
ciphertext = b64encode(cipher.encrypt(message))
return ciphertext
def sayHello(body):
url = 'https://consumer-app-development.appspot.com/api/sayHello'
res = requests.post(url=url, data=body)
return res.text
# this is basically the keyString value itself
key64 = b'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmyqvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXeiqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmEMWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB'
keyDER = b64decode(key64)
keyPub = RSA.importKey(keyDER)
secret = b"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukYycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hdlnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNqXeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638Ti8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl+wIDAQAB"
arrayOfByte = bytearray(secret)
i = 0
localStringBuilder1 = ""
while i < len(arrayOfByte):
if len(arrayOfByte) > (i+200):
localObject = arrayOfByte[i:i+200]
else:
localObject = arrayOfByte[i:len(arrayOfByte)+1]
localObj_byte_array = bytearray(localObject)
localStringBuilder1 = localStringBuilder1 + encryptMsg(keyPub, str(localObject)) + ':::'
i += 200;
print localStringBuilder1
现在对于我得到的字符串,后端响应 200 OK