为什么 PyCrypto 不允许使用私有编码和使用 public 密钥解码来验证发件人身份
Why doesn't PyCrypto allow for encoding with the private and decoding with the public key to verify the sendersidentity
我一直在研究 PyCrypto 库,目的是制作一个像这样工作的系统:
- 为发送方和接收方创建一个 RSA 密钥集和一个单独的 AES 密钥
- 发件人:
- 使用 ECB 加密模式 ECB
使用 AES 密钥加密消息
- 使用发件人私钥加密 AES 密钥
- 将自己的名字连接到最后一步的结果
- 使用接收方 public 密钥
对最后一步的结果进行加密
- 将第 1 步和第 4 步的结果合并为 1 条消息并将其发送给接收方
- 和接收器
- 将消息拆分为实际消息和双重加密密钥(其中还包含发件人姓名)
- 使用自己的私钥解密双重加密的密钥
- 使用发件人的姓名检索发件人public 密钥
- 使用发件人 public 密钥解密 AES 密钥
- 使用 AES 密钥解密消息
但是我在双重加密方面遇到了问题。问题是当使用私钥加密时,我无法使用 public 密钥解密某些内容。我知道这是因为 ARS 不应该向后工作,但我想这样做是为了向接收者验证发送者的身份。我不知道该怎么做。
这是当前代码(我知道它很乱,我是 python 的初学者,对加密完全陌生):
from Crypto import Random
from Crypto.PublicKey import RSA
from Crypto.Cipher import AES, PKCS1_OAEP
from termcolor import colored
import base64, os
def generate_keys_rsa():
modulus_length = 256*4
privatekey = RSA.generate(modulus_length, Random.new().read)
publickey = privatekey.publickey()
return privatekey, publickey
def encrypt_message_rsa(a_message, publickey):
encryptor = PKCS1_OAEP.new(publickey)
encrypted_msg = encryptor.encrypt(a_message)
encoded_encrypted_msg = base64.b64encode(encrypted_msg)
return encoded_encrypted_msg
def decrypt_message_rsa(encoded_encrypted_msg, privatekey):
decoded_msg = base64.b64decode(encoded_encrypted_msg)
decryptor = PKCS1_OAEP.new(privatekey)
decoded_decrypted_msg = decryptor.decrypt(decoded_msg)
return decoded_decrypted_msg
def generate_key_aes():
aes_key_length = 32
secret_key = os.urandom(aes_key_length)
encoded_secret_key = base64.b64encode(secret_key)
return encoded_secret_key
def encrypt_message_aes(private_msg, encoded_secret_key, padding_character):
secret_key = base64.b64decode(encoded_secret_key)
cipher = AES.new(secret_key, AES.MODE_ECB)
padded_private_msg = private_msg + (padding_character * ((16 - len(private_msg)) % 16))
encrypted_msg = cipher.encrypt(padded_private_msg.encode("utf-8"))
encoded_encrypted_msg = base64.b64encode(encrypted_msg)
return encoded_encrypted_msg
def decrypt_message_aes(encoded_encrypted_msg, encoded_secret_key, padding_character):
secret_key = base64.b64decode(encoded_secret_key)
cipher = AES.new(secret_key, AES.MODE_ECB)
encrypted_msg = base64.b64decode(encoded_encrypted_msg)
decrypted_msg = cipher.decrypt(encrypted_msg)
unpadded_private_msg = decrypted_msg.rstrip(padding_character)
return unpadded_private_msg.decode("ascii")
# PROCESS #
# 'rec' means 'received' #
# 'enc' means 'encrypted' #
# 'dec' means 'decrypted' #
# 'pad' means 'padding' #
# 'div' means 'division' #
# PROCESS #
raw_txt = input("Message to send: ")
txt = str(raw_txt)
pad_char = "{"
div_char = "|"
# ASSEMBLY #
privatekey0_RSA , publickey0_RSA = generate_keys_rsa()
privatekey1_RSA , publickey1_RSA = generate_keys_rsa()
key_AES = generate_key_aes()
enc_txt = encrypt_message_aes(txt, key_AES, pad_char)
enc_key = encrypt_message_rsa(key_AES, privatekey0_RSA)
msg = (
pad_char.encode("utf-8") +
div_char.encode("utf-8") +
enc_txt +
div_char.encode("utf-8") +
enc_key
)
# DISASSEMBLY #
rec_pad = msg[: 1]
rec_div = chr(msg[1])
rec_enc_txt = msg[2: (msg[2:].find(rec_div.encode("utf-8")) + 2)]
rec_enc_key = msg[(msg[2:].find(rec_div.encode("utf-8")) + 3):]
rec_dec_key = decrypt_message_rsa(rec_enc_key, publickey0_RSA)
rec_dec_txt = decrypt_message_aes(rec_enc_txt, rec_dec_key, rec_pad)
# RESULT LOG #
print()
print(colored("Total message: ", "blue", None, ["bold"]), "%s" % msg)
print()
print(colored(" Original key_AES: ", "blue", None, ["bold"]), "%s - (%d)" % (key_AES, len(key_AES)))
print(colored("Encrypted key_AES: ", "blue", None, ["bold"]), "%s - (%d)" % (enc_key, len(enc_key)))
print(colored("Decrypted key_AES: ", "blue", None, ["bold"]), "%s - (%d)" % (rec_dec_key, len(rec_dec_key)))
print(colored("Decrypted key_AES == Original key_AES: ", "blue", None, ["bold"]), colored("%s" % (rec_dec_key == key_AES), "green" if (rec_dec_key == key_AES) else "red", None, ["bold"]))
print()
print(colored(" Original text: ", "blue", None, ["bold"]), "%s - (%d)" % (txt, len(txt)))
print(colored("Encrypted text: ", "blue", None, ["bold"]), "%s - (%d)" % (enc_txt, len(enc_txt)))
print(colored("Decrypted text: ", "blue", None, ["bold"]), "%s - (%d)" % (rec_dec_txt, len(rec_dec_txt)))
print(colored("Decrypted text == Original text: ", "blue", None, ["bold"]), colored("%s" % (rec_dec_txt == txt), "green" if (rec_dec_txt == txt) else "red", None, ["bold"]))
那么,您知道向后使用 ARS 的解决方案,还是验证发件人身份的替代方法吗?
an alternative way of verifying the senders identity
会不会是 digital signature? It is supported by PyCryptodome and uses RSA.
我一直在研究 PyCrypto 库,目的是制作一个像这样工作的系统:
- 为发送方和接收方创建一个 RSA 密钥集和一个单独的 AES 密钥
- 发件人:
- 使用 ECB 加密模式 ECB 使用 AES 密钥加密消息
- 使用发件人私钥加密 AES 密钥
- 将自己的名字连接到最后一步的结果
- 使用接收方 public 密钥 对最后一步的结果进行加密
- 将第 1 步和第 4 步的结果合并为 1 条消息并将其发送给接收方
- 和接收器
- 将消息拆分为实际消息和双重加密密钥(其中还包含发件人姓名)
- 使用自己的私钥解密双重加密的密钥
- 使用发件人的姓名检索发件人public 密钥
- 使用发件人 public 密钥解密 AES 密钥
- 使用 AES 密钥解密消息
但是我在双重加密方面遇到了问题。问题是当使用私钥加密时,我无法使用 public 密钥解密某些内容。我知道这是因为 ARS 不应该向后工作,但我想这样做是为了向接收者验证发送者的身份。我不知道该怎么做。
这是当前代码(我知道它很乱,我是 python 的初学者,对加密完全陌生):
from Crypto import Random
from Crypto.PublicKey import RSA
from Crypto.Cipher import AES, PKCS1_OAEP
from termcolor import colored
import base64, os
def generate_keys_rsa():
modulus_length = 256*4
privatekey = RSA.generate(modulus_length, Random.new().read)
publickey = privatekey.publickey()
return privatekey, publickey
def encrypt_message_rsa(a_message, publickey):
encryptor = PKCS1_OAEP.new(publickey)
encrypted_msg = encryptor.encrypt(a_message)
encoded_encrypted_msg = base64.b64encode(encrypted_msg)
return encoded_encrypted_msg
def decrypt_message_rsa(encoded_encrypted_msg, privatekey):
decoded_msg = base64.b64decode(encoded_encrypted_msg)
decryptor = PKCS1_OAEP.new(privatekey)
decoded_decrypted_msg = decryptor.decrypt(decoded_msg)
return decoded_decrypted_msg
def generate_key_aes():
aes_key_length = 32
secret_key = os.urandom(aes_key_length)
encoded_secret_key = base64.b64encode(secret_key)
return encoded_secret_key
def encrypt_message_aes(private_msg, encoded_secret_key, padding_character):
secret_key = base64.b64decode(encoded_secret_key)
cipher = AES.new(secret_key, AES.MODE_ECB)
padded_private_msg = private_msg + (padding_character * ((16 - len(private_msg)) % 16))
encrypted_msg = cipher.encrypt(padded_private_msg.encode("utf-8"))
encoded_encrypted_msg = base64.b64encode(encrypted_msg)
return encoded_encrypted_msg
def decrypt_message_aes(encoded_encrypted_msg, encoded_secret_key, padding_character):
secret_key = base64.b64decode(encoded_secret_key)
cipher = AES.new(secret_key, AES.MODE_ECB)
encrypted_msg = base64.b64decode(encoded_encrypted_msg)
decrypted_msg = cipher.decrypt(encrypted_msg)
unpadded_private_msg = decrypted_msg.rstrip(padding_character)
return unpadded_private_msg.decode("ascii")
# PROCESS #
# 'rec' means 'received' #
# 'enc' means 'encrypted' #
# 'dec' means 'decrypted' #
# 'pad' means 'padding' #
# 'div' means 'division' #
# PROCESS #
raw_txt = input("Message to send: ")
txt = str(raw_txt)
pad_char = "{"
div_char = "|"
# ASSEMBLY #
privatekey0_RSA , publickey0_RSA = generate_keys_rsa()
privatekey1_RSA , publickey1_RSA = generate_keys_rsa()
key_AES = generate_key_aes()
enc_txt = encrypt_message_aes(txt, key_AES, pad_char)
enc_key = encrypt_message_rsa(key_AES, privatekey0_RSA)
msg = (
pad_char.encode("utf-8") +
div_char.encode("utf-8") +
enc_txt +
div_char.encode("utf-8") +
enc_key
)
# DISASSEMBLY #
rec_pad = msg[: 1]
rec_div = chr(msg[1])
rec_enc_txt = msg[2: (msg[2:].find(rec_div.encode("utf-8")) + 2)]
rec_enc_key = msg[(msg[2:].find(rec_div.encode("utf-8")) + 3):]
rec_dec_key = decrypt_message_rsa(rec_enc_key, publickey0_RSA)
rec_dec_txt = decrypt_message_aes(rec_enc_txt, rec_dec_key, rec_pad)
# RESULT LOG #
print()
print(colored("Total message: ", "blue", None, ["bold"]), "%s" % msg)
print()
print(colored(" Original key_AES: ", "blue", None, ["bold"]), "%s - (%d)" % (key_AES, len(key_AES)))
print(colored("Encrypted key_AES: ", "blue", None, ["bold"]), "%s - (%d)" % (enc_key, len(enc_key)))
print(colored("Decrypted key_AES: ", "blue", None, ["bold"]), "%s - (%d)" % (rec_dec_key, len(rec_dec_key)))
print(colored("Decrypted key_AES == Original key_AES: ", "blue", None, ["bold"]), colored("%s" % (rec_dec_key == key_AES), "green" if (rec_dec_key == key_AES) else "red", None, ["bold"]))
print()
print(colored(" Original text: ", "blue", None, ["bold"]), "%s - (%d)" % (txt, len(txt)))
print(colored("Encrypted text: ", "blue", None, ["bold"]), "%s - (%d)" % (enc_txt, len(enc_txt)))
print(colored("Decrypted text: ", "blue", None, ["bold"]), "%s - (%d)" % (rec_dec_txt, len(rec_dec_txt)))
print(colored("Decrypted text == Original text: ", "blue", None, ["bold"]), colored("%s" % (rec_dec_txt == txt), "green" if (rec_dec_txt == txt) else "red", None, ["bold"]))
那么,您知道向后使用 ARS 的解决方案,还是验证发件人身份的替代方法吗?
an alternative way of verifying the senders identity
会不会是 digital signature? It is supported by PyCryptodome and uses RSA.