#coding:utf-8
import sys
import binascii
reload(sys)
sys.setdefaultencoding('utf8')
from Crypto.PublicKey import RSA as rsa
from Crypto.Cipher import PKCS1_v1_5 #RSA加密协议
from Crypto.Hash import SHA
from Crypto.Signature import PKCS1_v1_5 as Signature_pkcs1_v1_5
with open("pkcs8pub.pem","r")as f:
pub_key_str = f.read()
with open("pkcs8pri.pem","r")as f:
priv_key_str = f.read()
#单次加密串的长度最大为 (key_size/8)-11
'''
加密的 plaintext 最大长度是 证书key位数/8 - 11, 例如1024 bit的证书,被加密的串最长 1024/8 - 11=117,
解决办法是 分块 加密,然后分块解密就行了,
因为 证书key固定的情况下,加密出来的串长度是固定的。
'''
def rsa_long_encrypt(pub_key_str, msg):
#msg = msg.encode('utf-8')
length = len(msg)
default_length = 117
#公钥加密
pubobj = PKCS1_v1_5.new(rsa.importKey(pub_key_str))
#长度不用分段
if length < default_length:
return "".join(pubobj.encrypt(msg))
#需要分段
offset = 0
res = []
while length - offset > 0:
if length - offset > default_length:
res.append(pubobj.encrypt(msg[offset:offset+default_length]))
else:
res.append(pubobj.encrypt(msg[offset:]))
offset += default_length
return "".join(res)
def rsa_long_decrypt(priv_key_str, msg):
#msg = msg.encode('utf-8')
length = len(msg)
default_length = 128
#私钥解密
priobj = PKCS1_v1_5.new(rsa.importKey(priv_key_str))
#长度不用分段
if length < default_length:
return "".join(priobj.decrypt(msg,'xyz'))
#需要分段
offset = 0
res = []
while length - offset > 0:
if length - offset > default_length:
res.append(priobj.decrypt(msg[offset:offset+default_length],'xyz'))
else:
res.append(priobj.decrypt(msg[offset:],'xyz'))
offset += default_length
return "".join(res)
#明文
msg = "dsadsaldsalsaldjsaldkjsadljsadlk"
with open('pkcs8pri.pem',"r") as f:
key = f.read()
rsakey = rsa.importKey(key)
signer = Signature_pkcs1_v1_5.new(rsakey)
digest = SHA.new()
digest.update(msg)
sign = signer.sign(digest)
#signature = base64.b64encode(sign)
print("加签后是:%s"%sign)
e = rsa_long_encrypt(pub_key_str, sign)
print("加密后是:%s"%e)
#加密后的字符串转16进制
sixteen_hex = binascii.b2a_hex(e)
print(sixteen_hex)
#16进制转回字符串
sixteen_hex_str = binascii.a2b_hex(sixteen_hex)
print(sixteen_hex_str)
d = rsa_long_decrypt(priv_key_str, sixteen_hex_str)
print("解密后是:%s"%d)
with open('pkcs8pub.pem') as f:
key = f.read()
rsakey = rsa.importKey(key)
verifier = Signature_pkcs1_v1_5.new(rsakey)
digest = SHA.new()
# Assumes the data is base64 encoded to begin with
digest.update(msg)
is_verify = signer.verify(digest, d)
print("解签后是:%s"%is_verify)
#上面的公钥私钥全都是采用pkcs#8的格式,如果你需要这个格式就上网转换,不需要的就直接用你本身的公钥私钥替换掉上面的文件名就行,效果是一样的
关于python使用sha1rsa加密全过程
最新推荐文章于 2024-08-08 08:57:17 发布