0. 简介
1. 安装
为了不与旧的版本发生冲突,可以使用以下命令进行安装:
pip install pycryptodomex
安装完成后,可以进行测试:
python -m Cryptodome.SelfTest
测试结果如下:
2. 哈希
使用Python标准库hashlib也可以完成相应的哈希算法。
2.1 MD5
import hashlib
from Cryptodome.Hash import MD5
data = "这是一串用于测试的数据!!!".encode()
# hashlib
hash_obj = hashlib.md5(data)
digest = hash_obj.hexdigest()
print(digest)
''' 0e9ee5c8ee9e85292103cf8d558eeb7a '''
# Cryptodome
hash_obj = MD5.new(data)
digest = hash_obj.hexdigest()
print(digest)
''' 0e9ee5c8ee9e85292103cf8d558eeb7a '''
2.2 SHA256
安全性比MD5更高,相应地,耗时也更长。
import hashlib
from Cryptodome.Hash import SHA256
data = "这是一串用于测试的数据!!!".encode()
# hashlib
hash_obj = hashlib.sha256(data)
digest = hash_obj.hexdigest()
print(digest)
''' ba67ca5c6959ea1702d01f3bb22456359e8a6c1a222b07ee73d7500bac76d9af '''
# Cryptodome
hash_obj = SHA256.new(data)
digest = hash_obj.hexdigest()
print(digest)
''' ba67ca5c6959ea1702d01f3bb22456359e8a6c1a222b07ee73d7500bac76d9af '''
3. RSA算法
3.1 生成公钥和私钥
from Cryptodome.PublicKey import RSA
key = RSA.generate(2048)
private_key = key.export_key()
with open("private.pem", "wb") as fp:
fp.write(private_key)
public_key = key.publickey().export_key()
with open("public.pem", "wb") as fp:
fp.write(public_key)
一些注意事项:
- 密钥的位数至少要是1024位才能保证安全性,推荐使用2048。
- 公钥负责加密,私钥负责解密;私钥负责签名,公钥负责验证。
3.2 数字签名
签名
from Cryptodome.Signature import pkcs1_15
from Cryptodome.PublicKey import RSA
from Cryptodome.Hash import SHA256
# 载入私钥
with open("private.pem") as fp:
private_key = RSA.import_key(fp.read())
# 待签名的数据
data = "这是我耿某人写的东西".encode()
# 对该数据生成数字签名
signer = pkcs1_15.new(private_key)
hash_obj = SHA256.new(data)
signature = signer.sign(hash_obj)
# 保存数字签名
with open("signature", "wb") as fp:
fp.write(signature)
验证
from Cryptodome.Signature import pkcs1_15
from Cryptodome.PublicKey import RSA
from Cryptodome.Hash import SHA256
# 载入公钥
with open("private.pem") as fp:
private_key = RSA.import_key(fp.read())
# 待验证的数据
data = "这是我耿某人写的东西".encode()
# 载入数字签名
with open("signature", "rb") as fp:
signature = fp.read()
# 验证数字签名的合法性
verifier = pkcs1_15.new(private_key)
hash_obj = SHA256.new(data)
verifier.verify(hash_obj, signature) # 如果签名不合法,抛出ValueError