生成秘钥对
@staticmethod
def create_rsa_keys(code='nooneknows'):
key = RSA.generate(2048)
encrypted_key = key.exportKey(passphrase=code, pkcs=8, protection="scryptAndAES128-CBC")
with open('private_rsa_key.bin', 'wb') as f:
f.write(encrypted_key)
with open('rsa_public.pem', 'wb') as f:
f.write(key.publickey().exportKey())
文件加密
@staticmethod
def file_encryption(file_name, public_key):
"""
文件加密
:param file_name: 文件路径名
:param public_key: 公钥
:return:
"""
with open(file_name, 'rb') as f:
data = f.read()
file_name_new = file_name + '.rsa'
with open(file_name_new, 'wb') as out_file:
recipient_key = RSA.import_key(open(public_key).read())
session_key = get_random_bytes(16)
cipher_rsa = PKCS1_OAEP.new(recipient_key)
out_file.write(cipher_rsa.encrypt(session_key))
cipher_aes = AES.new(session_key, AES.MODE_EAX)
cipher_text, tag = cipher_aes.encrypt_and_digest(data)
out_file.write(cipher_aes.nonce)
out_file.write(tag)
out_file.write(cipher_text)
return file_name_new
文件解密
@staticmethod
def file_decryption(file_name, code, private_key):
"""
文件解密
:param file_name: 文件路径名
:param code: 密码
:param private_key: 私钥
:return:
"""
with open(file_name, 'rb') as f_in:
private_key = RSA.import_key(open(private_key).read(), passphrase=code)
enc_session_key, nonce, tag, cipher_text = [f_in.read(x) for x in (private_key.size_in_bytes(), 16, 16, -1)]
cipher_rsa = PKCS1_OAEP.new(private_key)
session_key = cipher_rsa.decrypt(enc_session_key)
cipher_aes = AES.new(session_key, AES.MODE_EAX, nonce)
data = cipher_aes.decrypt_and_verify(cipher_text, tag)
out_file_name = file_name.replace('.rsa', '')
with open(out_file_name, 'wb') as f_out:
f_out.write(data)
return out_file_name