- pycryptodome 模块
使用pip进行安装第三方模块
pip3 install pycryptodome
2.生成RSA密匙对(公钥用于加密,私钥用于解密)
from Cryptodome import Random
from Cryptodome.PublicKey import RSA
class RSACrypt(object):
# 生成密钥
@staticmethod
def create_key():
# 使用默认随机数生成函数
random_generator = Random.new().read
# 生成长度为1024 或2048位的密匙对
rsa = RSA.generate(2048, random_generator)
private_key = rsa.exportKey() # 私钥实例
public_key = rsa.publickey().exportKey() # 公钥
print(private_key)
print(public_key)
# 写入文件中,方便后续取用
with open('private_key.bin', 'w') as f:
f.write(private_key)
with open('public_key.pem', 'w')as f:
f.write(public_key)
3.rsa加密解密,padding模式是RSA_PKCS1_PADDING,加密比较短的字符串没问题,加密长的字符串就报错.所以使用分区进行加密解密
加密的plaintext最大长度是证书key位数/8 - 11,例如1024 bit的证书,被加密的串最长1024/8 - 11 = 117
加密时 1024bit的证书用100,2048bit的证书用 200
解密时 1024bit的证书用128,2048bit的证书用256
4. 分区加密
from Cryptodome import Random
from Cryptodome.PublicKey import RSA
from Cryptodome.Cipher import PKCS1_v1_5
import os
# 当前路径钥匙地址
curr_dir = os.path.dirname(os.path.realpath(__file__))
private_key_file = os.path.join(curr_dir, "private_key.bin") # 密钥
public_key_file = os.path.join(curr_dir, "public_key.pem") # 公钥
def encrpt_data(self, msg, pub_key_str=None, length=200):
if not pub_key_str:
with open(public_key_file, 'r') as f:
pub_key_str = f.read()
# 分组加密默认长度 1024bit 100 2048 200
pubobj = RSA.importKey(pub_key_str)
pubobj = PKCS1_v1_5.new(pubobj)
res = []
for i in range(0, len(msg), length):
res.append(pubobj.encrypt(msg[i:i + length].encode()))
return b"".join(res)
5.分区解密
def decrpt_data(self, msg, priv_key_str=None, length=256):
# 分组解密默认长度 1024 128 2048 256
if not priv_key_str:
with open(private_key_file, 'r')as f:
priv_key_str = f.read()
privobj = RSA.importKey(priv_key_str)
privobj = PKCS1_v1_5.new(privobj)
# 解码为二进制数据
msg = base64.b64decode(msg)
res = []
for i in range(0, len(msg), length):
ms = msg[i:i + length]
res.append(privobj.decrypt(ms, sentinel='error'))
return b"".join(res).decode()
注意:以接口的形式传输时需要注意编码