hashlib加密模块
支持的算法
md5, sha1, sha224, sha256, sha384, sha512。适用与python2和python3
###三大特性
1、只要要hash的内容是一样的,那么最终hash加密的值也是一样的
2、目前为止hash加密的值是无法暴力破解的。也就是说你无法通过hash值反推出原始的数据内容
3、不管原文的数据还是内容容量有多大,最终hash后的值的长度始终是固定的。
作用
1、加密用户密码
2、两个文件的一致性进行判定
例子
md5
作用:对明文的密码进行加密。防止密码明文泄露。salt就是熟称的盐,类似又加了一把锁。至于为什么叫做“盐”呢? 我也木鸡啊
import hashlib
import sys
if sys.getdefaultencoding() != "utf-8":
reload(sys)
sys.setdefaultencoding("utf-8")
c = hashlib.md5("天天向上".encode("utf-8"))
c.update("床前明月光") # “床前明月光”就是盐,也就是我们和对方约好的key
print(c.hexdigest())
d = hashlib.md5("天天向上床前明月光".encode("utf-8")) # 最终加密后的a和b的值是相同的
print(d.hexdigest())
cdf2ac9f72ea7c72defeeee0183315fe
cdf2ac9f72ea7c72defeeee0183315fe
sha1
import hashlib
import sys
if sys.getdefaultencoding() != "utf-8":
reload(sys)
sys.setdefaultencoding("utf-8")
a = hashlib.sha1("天天向上".encode("utf-8"))
a.update("床前明月光") # “床前明月光”就是盐,也就是我们和对方约好的key
print(a.hexdigest())
b = hashlib.sha1("天天向上床前明月光".encode("utf-8")) # 最终加密后的a和b的值是相同的
print(b.hexdigest())
e6fd3a3fbc3b6e137cd22b6120750d7ebeb3130c
e6fd3a3fbc3b6e137cd22b6120750d7ebeb3130c
Crypto加密模块
下面介绍在python3.5的使用。安装模块:pip install pycryptodome
常见库
常见对称密码在 Crypto.Cipher 库下,主要有:DES DES3 AES。按照时间发展顺序是:DES->DES3->AES
非对称密码在 Crypto.PublicKey 库下,主要有:RSA ECC DSA
哈希密码(单向加密)在 Crypto.Hash 库下,常用的有:MD5 SHA-1 SHA-128 SHA-256
随机数在 Crypto.Random 库下
实用小工具在 Crypto.Util 库下
数字签名在 Crypto.Signature 库下
AES
对称加密:加密方和解密方都拥有相同的key!
最多可以加密256bytes的原文plain,默认采用“MODE_ECB”模式
from Crypto.Cipher import AES
import base64
key = 'my_key'.ljust(16, " ") # key长度可以是16、24和32字节
print(key, len(key))
key = key.encode("utf-8")
print(key, len(key))
aes = AES.new(key, AES.MODE_ECB) # 创建一个aes实例,不同mode要求key和plain(原文)长度不一样,
# 其中常用的"For ``MODE_CBC``, ``MODE_CFB``, and ``MODE_OFB`` it must be 16 bytes long.
# encrypt
plain_text = 'my_plain'.ljust(16, " ") # 长度最高是256byte
plain_text = plain_text.encode("utf-8")
enc_text = aes.encrypt(plain_text)
print((enc_text, type(enc_text)))
enc_b64_text = base64.b64encode(enc_text)
# decrypt
dec_b64_text = base64.b64decode(enc_b64_text)
dec_text = aes.decrypt(dec_b64_text)
msg = dec_text.decode("utf-8")
print(msg, type(msg))
my_key 16
b'my_key ' 16
(b'Au\xce\xd9\x8f]\xec\x87XgWu\xcbxO\xb8', <class 'bytes'>)
my_plain <class 'str'>
DES
最多可以加密256bytes的原文plain,默认采用“MODE_ECB”模式
from base64 import b64encode
from base64 import b64decode
from Crypto.Cipher import DES
key = "my_key".ljust(8, " ") # key长度必须是8个字节
key = key.encode("utf-8")
des = DES.new(key=key, mode=DES.MODE_ECB)
# encrypt
plain_text = "hello word".ljust(16, " ")
plain_text = plain_text.encode("utf-8")
enc_msg = des.encrypt(plain_text)
enc_msg_b64 = b64encode(enc_msg)
print(enc_msg_b64, type(enc_msg_b64), len(enc_msg_b64))
# decrypt
dec_msg_b64 = b64decode(enc_msg_b64)
dec_msg = des.decrypt(dec_msg_b64)
plain = dec_msg.decode("utf-8")
print(plain, type(plain), len(plain_text))
b'Gf8rWferPslv0ViWflJrlQ==' <class 'bytes'> 24
hello word <class 'str'> 16
DES3
from Crypto.Cipher import DES3
from base64 import b64decode
from base64 import b64encode
key = "my_key".ljust(16, " ") # key长度可以是16或24bytes
key = key.encode("utf-8")
des3 = DES3.new(key=key, mode=DES3.MODE_ECB)
plain_text = "my_plain".ljust(16, " ") # 必须是16bytes
plain_text = plain_text.encode("utf-8")
print(plain_text, type(plain_text), len(plain_text))
enc_msg = des3.encrypt(plain_text)
enc_msg_b64 = b64encode(enc_msg)
print(enc_msg_b64, type(enc_msg_b64), len(enc_msg_b64))
# decrypt
dec_msg_b64 = b64decode(enc_msg_b64)
dec_msg = des3.decrypt(dec_msg_b64)
plain = dec_msg.decode("utf-8")
print(plain, type(plain), len(plain))
b'my_plain ' <class 'bytes'> 16
b'VyRdGZsq/YdwVfMEeZiZvQ==' <class 'bytes'> 24
my_plain <class 'str'> 16
RSA
非对称加密
先生成公钥和私钥
from Crypto.PublicKey import RSA
rsa = RSA.generate(2048) # 返回的是密钥对象
public_pem = rsa.publickey().exportKey('PEM') # 生成公钥字节流
private_pem = rsa.exportKey('PEM') # 生成私钥字节流
f = open('public.pem', 'wb')
f.write(public_pem) # 将字节流写入文件
f.close()
f = open('private.pem', 'wb')
f.write(private_pem) # 将字节流写入文件
f.close()
加解密
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_v1_5
import base64
def encrypt(plain_text):
with open('public.pem', 'rb') as f:
data = f.read()
key = RSA.importKey(data)
rsa = PKCS1_v1_5.new(key) # PKCS1_v1_5是填充方式
cipher = rsa.encrypt(plain_text)
return base64.b64encode(cipher)
def decrypt(cipher):
with open('private.pem', 'rb') as f:
data = f.read()
key = RSA.importKey(data)
rsa = PKCS1_v1_5.new(key)
plain = rsa.decrypt(base64.b64decode(cipher), 'ERROR') # 'ERROR'必需
return plain