ES加密方式有五种:ECB, CBC, CTR, CFB, OFB
从安全性角度推荐CBC加密方法,本文介绍了CBC,ECB两种加密方法的python实现
python 在 Windows下使用AES时要安装的是pycryptodome 模块 pip install pycryptodome
python 在 Linux下使用AES时要安装的是pycrypto模块 pip install pycrypto
CBC加密需要一个十六位的key(密钥)和一个十六位iv(偏移量)
ECB加密不需要iv
AES CBC 加密的python实现
from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex
# 如果text不足16位的倍数就用空格补足为16位
def add_to_16(text):
if len(text.encode('utf-8')) % 16:
add = 16 - (len(text.encode('utf-8')) % 16)
else:
add = 0
text = text + ('\0' * add)
return text.encode('utf-8')
# 加密函数
def encrypt(text):
key = '9999999999999999'.encode('utf-8')
mode = AES.MODE_CBC
iv = b'qqqqqqqqqqqqqqqq'
text = add_to_16(text)
cryptos = AES.new(key, mode, iv)
cipher_text = cryptos.encrypt(text)
# 因为AES加密后的字符串不一定是ascii字符集的,输出保存可能存在问题,所以这里转为16进制字符串
return b2a_hex(cipher_text)
# 解密后,去掉补足的空格用strip() 去掉
def decrypt(text):
key = '9999999999999999'.encode('utf-8')
iv = b'qqqqqqqqqqqqqqqq'
mode = AES.MODE_CBC
cryptos = AES.new(key, mode, iv)
plain_text = cryptos.decrypt(a2b_hex(text))
return bytes.decode(plain_text).rstrip('\0')
if __name__ == '__main__':
e = encrypt("hello world") # 加密
d = decrypt(e) # 解密
print("加密:", e)
print("解密:", d)
AES ECB加密的python实现
"""
ECB没有偏移量
"""
from Crypto.Cipher import AES
from binascii import b2a_hex, a2b_hex
def add_to_16(text):
if len(text.encode('utf-8')) % 16:
add = 16 - (len(text.encode('utf-8')) % 16)
else:
add = 0
text = text + ('\0' * add)
return text.encode('utf-8')
# 加密函数
def encrypt(text):
key = '9999999999999999'.encode('utf-8')
mode = AES.MODE_ECB
text = add_to_16(text)
cryptos = AES.new(key, mode)
cipher_text = cryptos.encrypt(text)
return b2a_hex(cipher_text)
# 解密后,去掉补足的空格用strip() 去掉
def decrypt(text):
key = '9999999999999999'.encode('utf-8')
mode = AES.MODE_ECB
cryptor = AES.new(key, mode)
plain_text = cryptor.decrypt(a2b_hex(text))
return bytes.decode(plain_text).rstrip('\0')
if __name__ == '__main__':
e = encrypt("hello world") # 加密
d = decrypt(e) # 解密
print("加密:", e)
print("解密:", d)
加密方式特别简单,代码如下:
方式一:补0
#!/usr/bin/python
# -*- coding: utf-8 -*-
"""
补0方式
"""
import base64
from Crypto.Cipher import AES
# 补足字符串长度为16的倍数
def add_to_16(s):
while len(s) % 16 != 0:
s += '\0'
return str.encode(s) # 返回bytes
key = '1234567890123456' # 密钥长度必须为16、24或32位,分别对应AES-128、AES-192和AES-256
text = 'abcdefg' # 待加密文本
aes = AES.new(str.encode(key), AES.MODE_ECB) # 初始化加密器,本例采用ECB加密模式
encrypted_text = str(base64.encodebytes(aes.encrypt(add_to_16(text))), encoding='utf8').replace('\n', '') # 加密
decrypted_text = str(aes.decrypt(base64.decodebytes(bytes(encrypted_text, encoding='utf8'))).rstrip(b'\0').decode("utf8")) # 解密
print('加密值:', encrypted_text)
print('解密值:', decrypted_text)
结果为:
方式二:pkcs5
#!/usr/bin/python
# -*- coding: utf-8 -*-
"""
pkcs5补码方式
"""
import base64
from Crypto.Cipher import AES
# 补足字符串长度为16的倍数
def add_to_16(s):
while len(s) % 16 != 0:
s += (16 - len(s) % 16) * chr(16 - len(s) % 16)
return str.encode(s) # 返回bytes
key = '1234567890123456' # 密钥长度必须为16、24或32位,分别对应AES-128、AES-192和AES-256
text = 'abcdefg' # 待加密文本
aes = AES.new(str.encode(key), AES.MODE_ECB) # 初始化加密器,本例采用ECB加密模式
encrypted_text = str(base64.encodebytes(aes.encrypt(add_to_16(text))), encoding='utf8').replace('\n', '') # 加密
decrypted_text = aes.decrypt(base64.decodebytes(bytes(encrypted_text, encoding='utf8'))).decode("utf8") # 解密
decrypted_text = decrypted_text[:-ord(decrypted_text[-1])] # 去除多余补位
print('pkcs5加密值:', encrypted_text)
print('pkcs5解密值:', decrypted_text)
结果为:
两种方式加密后的值是不一样的,解密方式也是不一样的。