pynacl公私钥加解密

最新推荐文章于 2024-11-22 13:55:07 发布
最新推荐文章于 2024-11-22 13:55:07 发布
阅读量975 收藏 1
点赞数 1
分类专栏: 密码学
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_43522866/article/details/113344548
版权 
# @author: 逸轩
# @file: pynacl_2.py
# @time: 2021/1/28
# @desc: python pynacl 加解密

try:
    from nacl.encoding import HexEncoder, Base64Encoder
    from nacl.public import Box, PrivateKey, PublicKey
except ImportError:
    raise ImportWarning('python环境中未找到nacl,请先执行 pip install pynacl 进行安装')

from cryptography import fernet
from nacl.utils import EncryptedMessage, StringFixer, random
from nacl import exceptions as exc
from nacl import encoding
import nacl.bindings


def encrypt(public_key: str, private_key: str, nonce: str, plain_text: str):
    """
    加密
    :param public_key: 公钥
    :param private_key: 私钥
    :param nonce: 随机码
    :param plain_text: 加密文本
    :return:加密后的密文,str 类型
    """
    if len(public_key) != 64:
        raise ValueError('public_key 长度必须为64')
    if len(private_key) != 64:
        raise ValueError('private_key 长度必须为64')
    if len(nonce) != 32:
        raise ValueError('nonce 长度必须为32')

    # 公钥转 bytes,注意encoder指定HexEncoder
    public = PublicKey(
        public_key.encode(),
        encoder=HexEncoder,
    )

    # 私钥转 bytes,注意encoder指定HexEncoder
    private = PrivateKey(
        private_key.encode(),
        encoder=HexEncoder,
    )

    # 生成 box
    box = Box(private, public)

    # 随机码先转成 bytes,再 base64 decode
    nonce_bytes = Base64Encoder.decode(nonce.encode())
    encrypted = box.encrypt(
        plain_text.encode(),
        nonce_bytes
    )
    ciphertext = Base64Encoder.encode(encrypted.ciphertext)
    return str(ciphertext, encoding="utf8")


def decrypt(public_key: str, private_key: str, nonce: str, ciphertext: str):
    """
    解密
    :param public_key: 公钥
    :param private_key: 私钥
    :param nonce: 随机码
    :param ciphertext: 密文
    :return: 解密后的文本,str 类型
    """
    if len(public_key) != 64:
        raise ValueError('public_key 长度必须为64')
    if len(private_key) != 64:
        raise ValueError('private_key 长度必须为64')
    if len(nonce) != 32:
        raise ValueError('nonce 长度必须为32')
    public = PublicKey(
        public_key.encode(),
        encoder=HexEncoder,
    )
    private = PrivateKey(
        private_key.encode(),
        encoder=HexEncoder,
    )
    box = Box(private, public)
    nonce_bytes = Base64Encoder.decode(nonce.encode())
    ciphertextByte = Base64Encoder.decode(ciphertext.encode())
    decrypted = box.decrypt(ciphertextByte, nonce_bytes)
    return str(decrypted, encoding='utf-8')


class PublicKey(encoding.Encodable, StringFixer, object):
    """
    The public key counterpart to an Curve25519 :class:`nacl.public.PrivateKey`
    for encrypting messages.

    :param public_key: [:class:`bytes`] Encoded Curve25519 public key
    :param encoder: A class that is able to decode the `public_key`

    :cvar SIZE: The size that the public key is required to be
    """

    SIZE = nacl.bindings.crypto_box_PUBLICKEYBYTES

    def __init__(self, public_key, encoder=encoding.RawEncoder):
        self._public_key = encoder.decode(public_key)
        if not isinstance(self._public_key, bytes):
            raise exc.TypeError("PublicKey must be created from 32 bytes")

        if len(self._public_key) != self.SIZE:
            raise exc.ValueError(
                "The public key must be exactly {0} bytes long".format(
                    self.SIZE
                )
            )

    def __bytes__(self):
        return self._public_key

    def __hash__(self):
        return hash(bytes(self))

    def __eq__(self, other):
        if not isinstance(other, self.__class__):
            return False
        return nacl.bindings.sodium_memcmp(bytes(self), bytes(other))

    def __ne__(self, other):
        return not (self == other)


class PrivateKey(encoding.Encodable, StringFixer, object):
    """
    Private key for decrypting messages using the Curve25519 algorithm.

    .. warning:: This **must** be protected and remain secret. Anyone who
        knows the value of your :class:`~nacl.public.PrivateKey` can decrypt
        any message encrypted by the corresponding
        :class:`~nacl.public.PublicKey`

    :param private_key: The private key used to decrypt messages
    :param encoder: The encoder class used to decode the given keys

    :cvar SIZE: The size that the private key is required to be
    :cvar SEED_SIZE: The size that the seed used to generate the
                     private key is required to be
    """

    SIZE = nacl.bindings.crypto_box_SECRETKEYBYTES
    SEED_SIZE = nacl.bindings.crypto_box_SEEDBYTES

    def __init__(self, private_key, encoder=encoding.RawEncoder):
        # Decode the secret_key
        private_key = encoder.decode(private_key)
        # verify the given secret key type and size are correct
        if not (
            isinstance(private_key, bytes) and len(private_key) == self.SIZE
        ):
            raise exc.TypeError(
                (
                    "PrivateKey must be created from a {0} "
                    "bytes long raw secret key"
                ).format(self.SIZE)
            )

        raw_public_key = nacl.bindings.crypto_scalarmult_base(private_key)

        self._private_key = private_key
        self.public_key = PublicKey(raw_public_key)

    @classmethod
    def from_seed(cls, seed, encoder=encoding.RawEncoder):
        """
        Generate a PrivateKey using a deterministic construction
        starting from a caller-provided seed

        .. warning:: The seed **must** be high-entropy; therefore,
            its generator **must** be a cryptographic quality
            random function like, for example, :func:`~nacl.utils.random`.

        .. warning:: The seed **must** be protected and remain secret.
            Anyone who knows the seed is really in possession of
            the corresponding PrivateKey.

        :param seed: The seed used to generate the private key
        :rtype: :class:`~nacl.public.PrivateKey`
        """
        # decode the seed
        seed = encoder.decode(seed)
        # Verify the given seed type and size are correct
        if not (isinstance(seed, bytes) and len(seed) == cls.SEED_SIZE):
            raise exc.TypeError(
                (
                    "PrivateKey seed must be a {0} bytes long "
                    "binary sequence"
                ).format(cls.SEED_SIZE)
            )
        # generate a raw keypair from the given seed
        raw_pk, raw_sk = nacl.bindings.crypto_box_seed_keypair(seed)
        # construct a instance from the raw secret key
        return cls(raw_sk)

    def __bytes__(self):
        return self._private_key

    def __hash__(self):
        return hash((type(self), bytes(self.public_key)))

    def __eq__(self, other):
        if not isinstance(other, self.__class__):
            return False
        return self.public_key == other.public_key

    def __ne__(self, other):
        return not (self == other)

    @classmethod
    def generate(cls):
        """
        Generates a random :class:`~nacl.public.PrivateKey` object

        :rtype: :class:`~nacl.public.PrivateKey`
        """
        return cls(random(PrivateKey.SIZE), encoder=encoding.RawEncoder)


class Box(encoding.Encodable, StringFixer, object):
    """
    The Box class boxes and unboxes messages between a pair of keys

    The ciphertexts generated by :class:`~nacl.public.Box` include a 16
    byte authenticator which is checked as part of the decryption. An invalid
    authenticator will cause the decrypt function to raise an exception. The
    authenticator is not a signature. Once you've decrypted the message you've
    demonstrated the ability to create arbitrary valid message, so messages you
    send are repudiable. For non-repudiable messages, sign them after
    encryption.

    :param private_key: :class:`~nacl.public.PrivateKey` used to encrypt and
        decrypt messages
    :param public_key: :class:`~nacl.public.PublicKey` used to encrypt and
        decrypt messages

    :cvar NONCE_SIZE: The size that the nonce is required to be.
    """

    NONCE_SIZE = nacl.bindings.crypto_box_NONCEBYTES

    def __init__(self, private_key, public_key):
        if private_key and public_key:
            if not isinstance(private_key, PrivateKey) or not isinstance(
                public_key, PublicKey
            ):
                raise exc.TypeError(
                    "Box must be created from " "a PrivateKey and a PublicKey"
                )
            self._shared_key = nacl.bindings.crypto_box_beforenm(
                public_key.encode(encoder=encoding.RawEncoder),
                private_key.encode(encoder=encoding.RawEncoder),
            )
        else:
            self._shared_key = None

    def __bytes__(self):
        return self._shared_key

    @classmethod
    def decode(cls, encoded, encoder=encoding.RawEncoder):
        # Create an empty box
        box = cls(None, None)

        # Assign our decoded value to the shared key of the box
        box._shared_key = encoder.decode(encoded)

        return box

    def encrypt(self, plaintext, nonce=None, encoder=encoding.RawEncoder):
        """
        Encrypts the plaintext message using the given `nonce` (or generates
        one randomly if omitted) and returns the ciphertext encoded with the
        encoder.

        .. warning:: It is **VITALLY** important that the nonce is a nonce,
            i.e. it is a number used only once for any given key. If you fail
            to do this, you compromise the privacy of the messages encrypted.

        :param plaintext: [:class:`bytes`] The plaintext message to encrypt
        :param nonce: [:class:`bytes`] The nonce to use in the encryption
        :param encoder: The encoder to use to encode the ciphertext
        :rtype: [:class:`nacl.utils.EncryptedMessage`]
        """
        if nonce is None:
            nonce = random(self.NONCE_SIZE)

        if len(nonce) != self.NONCE_SIZE:
            raise exc.ValueError(
                "The nonce must be exactly %s bytes long" % self.NONCE_SIZE
            )

        ciphertext = nacl.bindings.crypto_box_afternm(
            plaintext,
            nonce,
            self._shared_key,
        )

        encoded_nonce = encoder.encode(nonce)
        encoded_ciphertext = encoder.encode(ciphertext)

        return EncryptedMessage._from_parts(
            encoded_nonce,
            encoded_ciphertext,
            encoder.encode(nonce + ciphertext),
        )

    def decrypt(self, ciphertext, nonce=None, encoder=encoding.RawEncoder):
        """
        Decrypts the ciphertext using the `nonce` (explicitly, when passed as a
        parameter or implicitly, when omitted, as part of the ciphertext) and
        returns the plaintext message.

        :param ciphertext: [:class:`bytes`] The encrypted message to decrypt
        :param nonce: [:class:`bytes`] The nonce used when encrypting the
            ciphertext
        :param encoder: The encoder used to decode the ciphertext.
        :rtype: [:class:`bytes`]
        """
        # Decode our ciphertext
        ciphertext = encoder.decode(ciphertext)

        if nonce is None:
            # If we were given the nonce and ciphertext combined, split them.
            nonce = ciphertext[: self.NONCE_SIZE]
            ciphertext = ciphertext[self.NONCE_SIZE:]

        if len(nonce) != self.NONCE_SIZE:
            raise exc.ValueError(
                "The nonce must be exactly %s bytes long" % self.NONCE_SIZE
            )

        plaintext = nacl.bindings.crypto_box_open_afternm(
            ciphertext,
            nonce,
            self._shared_key,
        )

        return plaintext

    def shared_key(self):
        """
        Returns the Curve25519 shared secret, that can then be used as a key in
        other symmetric ciphers.

        .. warning:: It is **VITALLY** important that you use a nonce with your
            symmetric cipher. If you fail to do this, you compromise the
            privacy of the messages encrypted. Ensure that the key length of
            your cipher is 32 bytes.
        :rtype: [:class:`bytes`]
        """

        return self._shared_key


class SealedBox(encoding.Encodable, StringFixer, object):
    """
    The SealedBox class boxes and unboxes messages addressed to
    a specified key-pair by using ephemeral sender's keypairs,
    whose private part will be discarded just after encrypting
    a single plaintext message.

    The ciphertexts generated by :class:`~nacl.public.SecretBox` include
    the public part of the ephemeral key before the :class:`~nacl.public.Box`
    ciphertext.

    :param public_key: :class:`~nacl.public.PublicKey` used to encrypt
            messages and derive nonces
    :param private_key: :class:`~nacl.public.PrivateKey` used to decrypt
            messages

    .. versionadded:: 1.2
    """

    def __init__(self, recipient_key):

        if isinstance(recipient_key, PublicKey):
            self._public_key = recipient_key.encode(
                encoder=encoding.RawEncoder
            )
            self._private_key = None
        elif isinstance(recipient_key, PrivateKey):
            self._private_key = recipient_key.encode(
                encoder=encoding.RawEncoder
            )
            self._public_key = recipient_key.public_key.encode(
                encoder=encoding.RawEncoder
            )
        else:
            raise exc.TypeError(
                "SealedBox must be created from " "a PublicKey or a PrivateKey"
            )

    def __bytes__(self):
        return self._public_key

    def encrypt(self, plaintext, encoder=encoding.RawEncoder):
        """
        Encrypts the plaintext message using a random-generated ephemeral
        keypair and returns a "composed ciphertext", containing both
        the public part of the keypair and the ciphertext proper,
        encoded with the encoder.

        The private part of the ephemeral key-pair will be scrubbed before
        returning the ciphertext, therefore, the sender will not be able to
        decrypt the generated ciphertext.

        :param plaintext: [:class:`bytes`] The plaintext message to encrypt
        :param encoder: The encoder to use to encode the ciphertext
        :return bytes: encoded ciphertext
        """

        ciphertext = nacl.bindings.crypto_box_seal(
            plaintext, self._public_key)

        encoded_ciphertext = encoder.encode(ciphertext)

        return encoded_ciphertext

    def decrypt(self, ciphertext, encoder=encoding.RawEncoder):
        """
        Decrypts the ciphertext using the ephemeral public key enclosed
        in the ciphertext and the SealedBox private key, returning
        the plaintext message.

        :param ciphertext: [:class:`bytes`] The encrypted message to decrypt
        :param encoder: The encoder used to decode the ciphertext.
        :return bytes: The original plaintext
        """
        # Decode our ciphertext
        ciphertext = encoder.decode(ciphertext)

        plaintext = nacl.bindings.crypto_box_seal_open(
            ciphertext,
            self._public_key,
            self._private_key,
        )

        return plaintext


if __name__ == '__main__':
    import json
    public = '5116b4433193568bf77c0a03697cbe2476bd4701d7c2083bb89999c56ee83255'
    private = '749ac37351cf4c0232958227018658f1f67490337f4b498990c622b65345c099'
    nonce = 'luN2OEQoVCXQUPwCa9Fu7n22mmnewqe1'

    with open("C:\\Users\\Stushame\\Desktop\\curdata\\密码学\\test_file.txt", encoding="utf-8") as text:
        # text = json.dumps({"password": "123456", "vercode": {
        # 				"offset": "", "token": ""}, "account": "yixuan"})
        # text = 'fvgsedbnrt就哦豁mnty grtehre'
        text = text.read()
        print('text', type(text))
        ciphertext = encrypt(public, private, nonce, text)
        print('加密后', ciphertext)
        text_1 = decrypt(public, private, nonce, ciphertext)
        print('解密后', text_1)

        print('----------------------------------------------------------------------------------------------------')
        pk = PublicKey(b'780y+_+!yyyyy  yyy)*%yyyyyyyyyyy')
        sk = PrivateKey(b'780y+_+!yyyyy  yy)*%y*&^%yy*@&^(')
        a = Box(sk, pk).encrypt(b'ni yixuan     ce')
        b = Box(sk, pk).decrypt(a)

        print('公钥:', pk)
        print('私钥:', sk)
        print('使用公私钥加密后获得的密文:', a)
        print('使用公私钥解密获得原始信息:', b)
大数据领域分布式存储的分布式安全防护
大数据洞察的博客
05-08 935
本文旨在全面分析大数据分布式存储环境下的安全挑战和解决方案,涵盖从底层存储安全到上层应用安全的完整防护体系。讨论范围包括但不限于HDFS、Ceph、GlusterFS等主流分布式存储系统的安全机制。文章首先介绍分布式存储安全的基本概念和挑战,然后深入分析各项安全技术原理,接着通过实际案例展示安全防护实践,最后讨论未来发展趋势。分布式存储系统:将数据分散存储在多个独立节点上的存储架构数据分片(Sharding):将大数据集分割成较小、更易管理的部分擦除编码(Erasure Coding)
pynacl1.2.1
12-05
rpm -ivh python2-pynacl-1.2.1-3.fc29.i686.rpm --force
PyNaClPython绑定至libsodium库的强大加密工具
gitblog_00998的博客
11-06 943
PyNaClPython绑定至libsodium库的强大加密工具 pynacl Python binding to the Networking and Cryptography (NaCl) library 项目地址: htt...
PyNaCl,加密通信的Python库!
一行玩python
11-22 332
嗨,Python小伙伴们!今天咱们来学PyNaCl,这可是加密通信的超棒Python库哦,就像一个超级安全卫士,能给我们的信息穿上坚固的铠甲,让数据在传输过程中不被坏人窥探,快来一起探索它的厉害之处吧!啥是PyNaClPyNaCl是一个超厉害的Python库,专门用于加密、解密以及安全通信哦。你可以把它想象成一个神秘的密码箱,能把我们要发送的消息加密后放进去,只有拥有正确密码(密钥)的人才能打开...
pynacl:Python绑定到网络和密码学(NaCl)库
04-30
PyNaClPython绑定到libsodium库 PyNaClPython与绑定, 是的分支。 这些库的既定目标是提高可用性,安全性和速度。 它支持Python 2.7和3.5+以及PyPy 2.6+。 特征 数字签名 密钥加密 公钥加密 散列和消息认证 基于密码的密钥派生和密码哈希
python库-密码学库pynacl
西京刀客
05-03 4509
libsodium 是c写的,现代,便携式,易于使用的加密库。Sodium是一个新的,易于使用的软件库,用于加密,解密,签名,密码哈希等。 PyNaCl 是 libsodium C库绑定封装。
【pycrypto模块深度剖析】:解密加密和解密过程中的参数选择
!...# 1. PyCrypto模块概述与安装 ## 1.1 PyCrypto模块简介 PyCrypto是一个提供加密算法实现的Python库,广泛用于数据保护、身份验证等领域。该模块封装了多种加密算法,如对称加密、非对称加密、消息摘要等,让用户...
python 密码学库_PyNacl:网络和密码学(NaCl) 库的 Python 绑定
weixin_39652810的博客
12-05 1780
PyNaCl PyNaCl is a Python binding to the Networking and Cryptography library, a crypto library with the stated goal of improving usability, security and speed.InstallationLinuxPyNaCl relies on libso...
PyNacl:网络和密码学(NaCl) 库的 Python 绑定 -python
06-18
PyNacl:网络和密码学(NaCl) 库的 Python 绑定 PyNaCl PyNaCl 是一个 Python 绑定到网络和加密库,一个加密库,其既定目标是提高可用性、安全性和速度。 安装 Linux PyNaCl 依赖于 libsodium,一个可移植的 C 库。 一个副本与 PyNaCl 捆绑在一起,所以你可以运行: $ pip install pynacl 如果你更喜欢使用你的发行版提供的一个副本,你可以在安装过程中通过运行来禁用捆绑副本: $ SODIUM_INSTALL=system pip install pynacl Mac OS X & Windows PyNaCl 在 OS X 和 Windows 上作为二进制轮提供,因此包括所有依赖项。 确保你有一个最新的 pip 并运行: $ pip install pynacl 特性 数字签名 密钥加密 公钥加密 更改 1.0.1:修复阻止创建轮子的绝对路径问题。 1.0:已移植 PyNaCl 以使用 cffi 1.0+ 中可用的新 API。 由于此更改,我们不再支持早于 2.6 的 PyPy 版本。
PyNaCl 项目教程
gitblog_00713的博客
09-28 916
PyNaCl 项目教程 pynacl Python binding to the Networking and Cryptography (NaCl) library 项目地址: https://gitcode.com/gh_mi...
pure_pynacl:TweetNaCl的纯python实现
04-29
pure_pynacl 该库旨在作为的完整的纯python实现。 最初,仅实现了浓缩到的方法和功能,因为TweetNaCl是最小但仍可用且相当完整的椭圆曲线密码库。 可用的文档应足以用于pure_pynacl,因为它也正确地描述了TweetNaCl,因为已花费大量精力来建立并确保TweetNaCl和pure_pynacl之间的穷举性。 使用pure_pynacl import pure_pynacl as pynacl ... result = pynacl . crypto_sign_ed25519_tweet ( sm , smlen , m , n , sk ) 比较测试 验证TweetNaCl和pure_pynacl的奇偶性的单元测试位于一个名为tests/compare.py的文件中。 该文件还包含测试,这些测试比较C的按位运算的奇偶校验和NaCl.py定义的Int类型的按
PyNacl网络和密码学NaCl库的Python绑定
08-10
PyNacl:网络和密码学(NaCl) 库的 Python 绑定
Python绑定到网络和密码学(NaCl)库-Python开发
05-25
PyNaCl PyNaClPython与网络和密码学库的绑定,该库是一个加密的库,其目标是提高可用性,安全性和速度。 安装Linux PyNaCl依赖于PyNaClPython与libsodium库的绑定PyNaClPython与libsodium的绑定,libsodium是Networking and Cryptography库的分支。 这些库的既定目标是提高可用性,安全性和速度。 它支持Python 2.7和3.5+以及PyPy 2.6+。 功能数字签名秘密密钥加密公共密钥加密哈希和消息身份验证基于密码的密钥派生和密码哈希Changelog
pynacl 安装时出现sodium_utils3 段错误,导致pynacl安装失败
n1wer的专栏
11-12 1210
在使用pip3 install pynacl时, 20201111_12:06:22 /tmp/pip-build-r8t4lce4/pynacl/src/libsodium/build-aux/test-driver: line 107: 84377 Segmentation fault "$@" > $log_file 2>&1 20201111_12:06:22 FAIL: sodium_utils3 导致pynacl安装不成功,网上查不到相关信息. 下载pyn...
Pynacl安装报错:command ‘gcc‘ failed with exit status 1】
weixin_45072910的博客
08-22 1339
Pynacl安装报错:Running setup.py install for pynacl … error & error: command ‘gcc’ failed with exit status 1 解决记录
paramiko的依赖关系
gongenhong的博客
04-19 1348
最近一个项目有一个自动备份数据库,并将备份文件传输到另外一台服务器的需求。项目是部署在windows上的,公司的运维对window的相关脚本不熟悉,就帮着用python的paramiko模块写了一个。 完成过程还算比较顺利。拿到服务器上调试的时候就出各种问题: 1.首先是SSH的问题 本机使用的是window10的系统,win10的系统已经集成了openssh的功能,在功能里面直接安装就可以了。但是服务没有,我们首先是安装了feeSSHDserivece这个程序,失败。最终还是找到openssh第三方程序来
python区块链_Python区块链教程(一)
weixin_39633113的博客
12-04 570
简介此区块链教程将详细介绍区块链背后的理论。区块链是数字货币比特币的基本构建块,此教程将讨论比特币的复杂性,全面解释区块链架构,并建立我们自己的区块链。Satoshi Nakamoto创建了世界上第一个虚拟货币,称为比特币。你可能想启用自己的货币,我们称为TPCion(TutorialsPoint Coin)。你将编写区块链程序记录所有与TPCoin的交易,TPCoin可以用于购买披萨、汉堡等物品...
Ubuntu Linux 安裝、使用 Crypto++ 加密函式庫教學與範例
newton_liu的专栏
11-20 1408
介紹如何在 Ubuntu Linux 系統中安裝 Crypto++ 加密函式庫,並編譯使用 Crypto++ 的 C++ 程式碼。(亦稱 CryptoPP、libcrypto++ 或 libcryptopp)是一套開放原始碼的 C++ 密碼學函式庫,除了完整支援常見的演算法之外,Crypto++ 也包含了較冷門、較少被使用的演算法,目前已廣泛被學術界與業界使用。
SecureCRT.rar
最新发布
06-07
SecureCRT.rar
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值