This paper describes the implementation method of encryption and decryption of Python with certificates. Share to everyone for your reference. The implementation method is as follows:
Recently in Python to do the encryption and decryption work, at the same time add a secret string can be solved in PHP, online also found some reliable information, just have time I summed up the python in the encryption and decryption of this piece of code, in the future may still be used. Compared to PHP, Python has a large number of encryption and decryption components, namely:
I. Certificate generated by RSA Standard mode
1. Encrypt the decryption, encrypt the signature, verify the encrypted signature
The code is as follows:
#encoding: UTF8
Import OS
Import M2crypto
#随机数生成器 (1024-bit random)
M2Crypto.Rand.rand_seed (Os.urandom (1024))
#生成一个1024位公钥与私密钥证书
Geekso = M2Crypto.RSA.gen_key (1024, 65537)
Geekso.save_key (' Jb51.net-private.pem ', None)
Geekso.save_pub_key (' Jb51.net-public.pem ')
#使用公钥证书加密开始
Writersa = M2Crypto.RSA.load_pub_key (' Jb51.net-public.pem ')
ciphertext = Writersa.public_encrypt ("This is a secret message that can only be decrypted with the private key", M2Crypto.RSA.pkcs1_oaep_padding)
Print "The encrypted string is:"
Print Ciphertext.encode (' base64 ')
#对加密串进行签名
Msgdigest = M2Crypto.EVP.MessageDigest (' SHA1 ')
Msgdigest.update (ciphertext)
#提示, you can also use a private key to sign
#WriteRSA = M2Crypto.RSA.load_key (' Jb51.net-private.pem ')
#Signature = Writersa.sign_rsassa_pss (Msgdigest.digest ())
Signature = Geekso.sign_rsassa_pss (Msgdigest.digest ())
Print "The signed string is:"
Print Signature.encode (' base64 ')
#使用私钥证书解密开始
Readrsa = M2Crypto.RSA.load_key (' Jb51.net-private.pem ')
Try
plaintext = Readrsa.private_decrypt (ciphertext, M2Crypto.RSA.pkcs1_oaep_padding)
Except
Print "Decryption Error"
plaintext = ""
If plaintext:
Print "The decrypted string is:"
Print plaintext
# Verify the signature of the encrypted string
Msgdigest = M2Crypto.EVP.MessageDigest (' SHA1 ')
Msgdigest.update (ciphertext)
#提示, if you signed it with a private key, verify it with the public key.
#VerifyRSA = M2Crypto.RSA.load_pub_key (' Alice-public.pem ')
#VerifyRSA. VERIFY_RSASSA_PSS (Msgdigest.digest (), Signature)
If GEEKSO.VERIFY_RSASSA_PSS (Msgdigest.digest (), Signature) = = 1:
Print "signed correctly"
Else
Print "Signature is incorrect"
2. String to generate signature, verify signature
The code is as follows:
#用私钥签名
SIGNEVP = M2Crypto.EVP.load_key (' Jb51.net-private.pem ')
Signevp.sign_init ()
Signevp.sign_update (' signature string from this guest (http://www.jb51.net) ')
Stringsignature = Signevp.sign_final ()
Print "Signature string is:"
Print Stringsignature.encode (' base64 ')
#用公钥验证签名
PubKey = M2Crypto.RSA.load_pub_key (' Jb51.net-public.pem ')
VERIFYEVP = M2Crypto.EVP.PKey ()
Verifyevp.assign_rsa (PubKey)
Verifyevp.verify_init ()
Verifyevp.verify_update (' signature string from this guest (http://www.jb51.net) ')
If verifyevp.verify_final (stringsignature) = = 1:
Print "string was successfully validated. "
Else
Print "String validation failed!"
3. Add a password to the certificate
The advantage of adding a password to a certificate is that even if the certificate is taken, no password is used.
The code is as follows:
def passphrase (v):
Return ' 4567890 '
When generating the certificate, use the
The code is as follows:
Geekso.save_key (' Jb51.net-private.pem ', callback=passphrase)
When using certificates
The code is as follows:
Readrsa = Rsa.load_key (' Jb51.net-private.pem ', passphrase)
II. certificate generated by X509 standard 1. Generate certificate, public key file, private key file
The code is as follows:
Import time
From M2crypto import X509, EVP, RSA, ASN1
Def issuer_name ():
"""
The name of the certificate issuer (the distinguished name).
Parameters:
None
Return:
The issuer of the X509 standard, obj.
"""
Issuer = X509. X509_name ()
Issuer. C = "CN" # Country name
Issuer. CN = "*.jb51.net" # Common name
Issuer. ST = "Hunan Changsha"
Issuer. L = "Hunan Changsha"
Issuer. O = "GEEKSO Company Ltd."
Issuer. OU = "GEEKSO Company Ltd."
Issuer. email = "[Email protected]"
return issuer
def make_request (Bits, CN):
"""
Creates a request for a X509 standard.
Parameters:
BITS = number of certificate bits
CN = Certificate Name
Return:
Returns X509 request with private key (EVP).
"""
RSA = Rsa.gen_key (Bits, 65537, None)
PK = EVP. PKey ()
Pk.assign_rsa (RSA)
req = X509. Request ()
Req.set_pubkey (PK)
Name = Req.get_subject ()
Name. C = "US"
Name. CN = CN
Req.sign (PK, ' sha256 ')
return req, PK
def make_certificate_valid_time (cert, days):
"""
The certificate is valid for a few days from the current time.
Parameters:
Cert = Certificate obj
Day = number of days the certificate expires
Return:
None
"""
t = Long (Time.time ()) # Gets the current time
Time_now = ASN1. Asn1_utctime ()
Time_now.set_time (t)
Time_exp = ASN1. Asn1_utctime ()
Time_exp.set_time (t + days * 24 * 60 * 60)
Cert.set_not_before (Time_now)
Cert.set_not_after (TIME_EXP)
def make_certificate (bits):
"""
Create a certificate
Parameters:
bits = number of digits with a fast pass
Return:
Certificate, private key (EVP) and public key key (EVP).
"""
Req, pk = make_request (bits, "localhost")
PUK = Req.get_pubkey ()
Cert = X509. X509 ()
Cert.set_serial_number (1) # Certificate Order example number
Cert.set_version (1) # Version of the certificate
Cert.set_issuer (Issuer_name ()) # Issuer Information
Cert.set_subject (Issuer_name ()) # Topic information
Cert.set_pubkey (PUK)
Make_certificate_valid_time (cert, 365) # Expiration time of the certificate
Cert.sign (PK, ' sha256 ')
Return cert, PK, PUK
# Start creating
Cert, PK, puk= make_certificate (1024)
Cert.save_pem (' Jb51.net-cret.pem ')
Pk.save_key (' Jb51.net-private.pem ', cipher = None, callback = Lambda:none)
Puk.get_rsa (). Save_pub_key (' Jb51.net-public.pem ')
2. Use certificate encryption, private key file decryption
The code is as follows:
def geekso_encrypt_with_certificate (Message, Cert_loc):
"""
The CERT certificate is encrypted and can be decrypted with the private key file.
Parameters:
Message = string to encrypt
Cert_loc = cert Certificate path
Return:
Encrypt string or exception string
"""
Cert = X509.load_cert (Cert_loc)
PUK = Cert.get_pubkey (). Get_rsa () # Get RSA for encryption
Message = Base64.b64encode (message)
Try
encrypted = Puk.public_encrypt (message, rsa.pkcs1_padding)
Except RSA. Rsaerror as E:
Return "ERROR encrypting" + e.message
return encrypted
encrypted = Geekso_encrypt_with_certificate (' www.jb51.net ', ' Jb51.net-cret.pem ')
print ' Encrypt string ', encrypted
def geekso_decrypt_with_private_key (Message, Pk_loc):
"""
Cryptographic string generated by the private key decryption certificate
Parameters:
Message = encrypted string
Pk_loc = Private Key Path
Return:
Decrypting a string or exception string
"""
PK = Rsa.load_key (pk_loc) # load RSA for decryption
Try
decrypted = pk.private_decrypt (message, rsa.pkcs1_padding)
decrypted = Base64.b64decode (decrypted)
Except RSA. Rsaerror as E:
Return "ERROR decrypting" + e.message
Return decrypted
print ' decryption string ', Geekso_decrypt_with_private_key (encrypted, ' JB51.NET-PRIVATE.PEM ')
3. Encryption with private key, certificate decryption
The code is as follows:
def geekso_encrypt_with_private_key (Message,pk_loc):
"""
Private key encryption
Parameters:
Message = encrypted string
Pk_loc = Private Key Path
Return:
Encrypt string or exception string
"""
Readrsa = Rsa.load_key (Pk_loc);
Message = Base64.b64encode (message)
Try
encrypted = Readrsa.private_encrypt (message,rsa.pkcs1_padding)
Except RSA. Rsaerror as E:
Return "ERROR encrypting" + e.message
return encrypted
encrypted = Geekso_encrypt_with_private_key (' www.jb51.net ', ' Jb51.net-private.pem ')
Print encrypted
def geekso_decrypt_with_certificate (Message, Cert_loc):
"""
Cert Certificate decryption.
Parameters:
message = the string to decrypt
Cert_loc = cert Certificate path
Return:
The decrypted string or exception string
"""
Cert = X509.load_cert (Cert_loc)
PUK = Cert.get_pubkey (). Get_rsa ()
Try
Decrypting = puk.public_decrypt (message, rsa.pkcs1_padding)
Decrypting = Base64.b64decode (decrypting)
Except RSA. Rsaerror as E:
Return "ERROR decrypting" + e.message
Return decrypting
Decrypting = geekso_decrypt_with_certificate (encrypted, ' JB51.NET-CRET.PEM ')
Print decrypting
4. Signing with a private key, certificate authentication
The code is as follows:
def geekso_sign_with_private_key (message, pk_loc, base64 = True):
"""
Private key Signature
Parameters:
Message = string to be signed
Pk_loc = Private Key Path
Base64 = True (bease64 processing) False (16 binary processing)
Return:
String or exception string after signature
"""
PK = Evp.load_key (Pk_loc)
Pk.sign_init ()
Try
Pk.sign_update (Message)
Signature = Pk.sign_final ()
Except EVP. Evperror as E:
Return "ERROR signature" + E.message
Return Signature.encode (' base64 ') if Base64 is True else Signature.encode (' hex ')
Signature = Geekso_sign_with_private_key (' www.jb51.net ', ' Jb51.net-private.pem ')
Print signature
def geekso_verifysign_with_certificate (message, signature, cert_loc, base64 = True):
"""
Certificate validation Signature
Parameters:
Message = The string that was originally signed
Signature = string after signature
Cert_loc = Certificate Path file
Base64 = True (bease64 processing) False (16 binary processing)
Return:
Success or failure string or exception string
"""
Signature = Signature.decode (' base64 ') if Base64 is True else Signature.decode (' hex ')
Cert = X509.load_cert (Cert_loc)
PUK = Cert.get_pubkey (). Get_rsa ()
Try
VERIFYEVP = EVP. PKey ()
Verifyevp.assign_rsa (PUK)
Verifyevp.verify_init ()
Verifyevp.verify_update (Message)
Verifysign = verifyevp.verify_final (signature)
if verifysign = = 1:
Return ' success '
else:
Return ' failed '
Except EVP. Evperror as E:
Return "ERROR Verify sign" + e.message
Print geekso_verifysign_with_certificate (' www.jb51.net ', signature, ' Jb51.net-cret.pem ')
Hopefully this article will help you with Python programming.
Welcome to join my thousand People Exchange learning questions: 125240963
God-level programmers bring: the implementation method of encryption and decryption with the Python certificate!