使用Python 实现加密算法案例

环境准备：

系统： Ubuntu 18.04
Python 版本： 3.6.7

安装依赖：

$ sudo apt install -y pip3
$ pip3 install pycrypt

生成公/私钥：

$ ssh-keygen -t rsa -C your_email

===

结果：

aircrafts-MBP:temp ldl$ ssh-keygen -t rsa -C 72609@qq.com
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/luowensheng/.ssh/id_rsa): n
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in n.
Your public key has been saved in n.pub.
The key fingerprint is:
SHA256:xfOTPe8sj+HLnqVl42p+HqyP+y5oXhuYpYSv/OqUN5M 72609@qq.com
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|         .       |
|          +      |
|         ..o o   |
|        S. .+.o  |
|          + *..o |
|         o E.o.+=|
|        o oo+=B%o|
|        .==ooO^X+|
+----[SHA256]-----+
aircrafts-MBP:temp ldl$ ls
n   n.pub
aircrafts-MBP:temp ldl$ cat n
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAy1MhGNdlS+UggqMvwSAlOJelTiJ5b/VhqKP71Ilo8cjcXGip
TCGs3unLslVNtRk2W2pnURT1lSgkDFNvIU6IvRKRyTG3N4zg9vFcVfwYWMwQrotA
lLCd2FgA9p0ISXXrh1UfWg4Px3NGJFIgTUMNVLf5pMvjMAHD1v6mONGRcl8MzgzF
GMOOo+MuexIZJfUfy8+wSCjGzC7g7UUta8QfiL+5gmMNyNgg3T7au2qkq52paOGK
r6+bIJuv2YdHdymHLm/l3F1VaUwUqr18ForHlcjDTw3ip8A5rlA1qhAyKXxYJ+OR
gtT1tKoo8bmIxR3UmVPrrk5GQ3uRzC5pciBbmQIDAQABAoIBAQDKEkMpeiC9TemC
jAZQ7M6xMN1kCxUftQKq5NbKQwpeid6fpJDlDe7N2BPOl8LUAkuojNZDmg38gFlb
OqyOsItrRYJIL7XEaqnGItg+yH21+pF1twWnAOTO9591eVmcEKrU5D91c9Ywxhrm
zAw4XTRphzJ/mvaeZpKpIIo4m+buf0rIMG3mXQvZB5HIuO9uHZ8kIybR3TuQjC5l
8wcXDsd0JZSPAovTY2wPIILWOscLmRZCQc3jLB9bDoIG4SET+5U05n2DbY+sFz4+
Q1d1flXEl9j6iVDfysCFGx8ny8v9k80s+6zlF7NVljbnlJufgTmiGvUHgiXOt6lk
IKfPo5aBAoGBAPzmPI8i4gCAfH3GiyKyjrgWdhuOHoelTpqbvzzsI0VH/XSvUs/D
hpOaFQk8BIWU3rT1ThHQP9KN+C0RnTyxLyid5c+vdvugeM3mByt5dR6p0J1DPMfG
pvlRP1bdqdjix3gGXLnUZUl+b7hs9Ahz8mA6dDK7VTVf92XqjKcUtyEJAoGBAM3R
S40JKfbqRFTNj6b6PZ9ABpghYeCsXavGGwos9tofoRTf/Xyo/fY52ZY7XGaCze4r
V7KhYhZ8HC6pGmHqC3xR5ccagVGjWV2FBXd+dKYxv2EbaFqRP+zu3sGll02N4SAJ
V+vwjyteHK0sdffpUyGxZAgZGurcyhzgOH22CloRAoGAGV9D7hxSzjgVxUyZAucl
GGTwfn04pOU5yJsdiZArTbUWQZGhXkTAiKhpud5ymbBA06jUp0bcUFR79JGS09b2
4z1MJBT3e/EyjX2pdHwf+u6QhmaLf4N3lwXGtAFTG/ZMiscgoGglrUTpEnij1wFC
7NKQe9J9jvhMysXITK7wXHkCgYEAvmqppGVbDtc0uuSnyAty4ZghwbP40x2FWDvj
nml1RN7IcAC/jArpU1m4RjbLSQgxr+0nqNuIXVcb18uZ3gbj83Pty2RpSnd/YXeF
VEWJdI1IC3aI+Gmzo+hn7O7f6d+e7b3XOzGHs87RZyJgTinvQJfW/WsErU/yKf8E
JMI8F5ECgYEAtNA69+h+1v6VymNyUsa0+iwVotoXHx7Pi7Rw1bgblsdcHfiLr3Vd
6oz78le+D4HJ02sGMcSHXILgowitd12TiXIZt9HpVFfV4xzpQkRDxEwAPawC1ftt
ZRVBV+YEYJX6Hg1Pgp/DJpCfxqG5uQNAH65DAMtnHQHC8XOON6tR3vE=
-----END RSA PRIVATE KEY-----
aircrafts-MBP:temp ldl$ ls
n   n.pub
aircrafts-MBP:temp ldl$ ca n.pub 
-bash: ca: command not found
aircrafts-MBP:temp ldl$ ls
n   n.pub
aircrafts-MBP:temp ldl$ cat n.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLUyEY12VL5SCCoy/BICU4l6VOInlv9WGoo/vUiWjxyNxcaKlMIaze6cuyVU21GTZbamdRFPWVKCQMU28hToi9EpHJMbc3jOD28VxV/BhYzBCui0CUsJ3YWAD2nQhJdeuHVR9aDg/Hc0YkUiBNQw1Ut/mky+MwAcPW/qY40ZFyXwzODMUYw46j4y57Ehkl9R/Lz7BIKMbMLuDtRS1rxB+Iv7mCYw3I2CDdPtq7aqSrnalo4Yqvr5sgm6/Zh0d3KYcub+XcXVVpTBSqvXwWiseVyMNPDeKnwDmuUDWqEDIpfFgn45GC1PW0qijxuYjFHdSZU+uuTkZDe5HMLmlyIFuZ 7269@qq.com

我们看到n 和 n.pub，一个是私钥，一个是公钥。

===

加密/解密：

#!/usr/bin/env python
# -*- coding:utf-8 -*-
# Author: wxnacy(wxnacy@gmail.com)
# Description:

from Crypto import Random
from Crypto.Cipher import PKCS1_v1_5
from Crypto.PublicKey import RSA
import base64

#  伪随机数生成器
random_generator = Random.new().read

def encrypt(message, pub_rsa_path):
    '''使用公钥加密'''
    with open(pub_rsa_path) as f:
        key = f.read()
        rsakey = RSA.importKey(key)
        cipher = PKCS1_v1_5.new(rsakey)
        cipher_text = base64.b64encode(cipher.encrypt(message.encode()))
        return cipher_text

def decrypt(secret_message, rsa_path):
    '''使用私钥解密'''
    with open(rsa_path) as f:
        key = f.read()
        rsakey = RSA.importKey(key)
        cipher = PKCS1_v1_5.new(rsakey)
        text = cipher.decrypt(base64.b64decode(secret_message), random_generator)
        return text


if __name__ == "__main__":
    plain = 'message'
    pub_rsa_path = '/Users/wxnacy/.ssh/id_rsa.pub'
    rsa_path = '/Users/wxnacy/.ssh/id_rsa'


    print('明文：', plain)
    secret = encrypt(plain, pub_rsa_path)
    print('加密文：', secret)
    text = decrypt(secret, rsa_path)
    print('解密文：', text)

签名验证

#!/usr/bin/env python
# -*- coding:utf-8 -*-
# Author: wxnacy(wxnacy@gmail.com)
# Description:

from Crypto import Random
from Crypto.Hash import SHA
from Crypto.Signature import PKCS1_v1_5
from Crypto.PublicKey import RSA
import base64


def signature(message, rsa_path):
    '''使用私钥签名'''
    with open(rsa_path) as f:
        key = f.read()
        rsakey = RSA.importKey(key)
        signer = PKCS1_v1_5.new(rsakey)
        digest = SHA.new()
        digest.update(message.encode())
        sign = signer.sign(digest)
        signature = base64.b64encode(sign)

        return signature

def verify_signature(message, signature, pub_rsa_path):
    '''验证签名'''
    with open(pub_rsa_path) as f:
        key = f.read()
        rsakey = RSA.importKey(key)
        verifier = PKCS1_v1_5.new(rsakey)
        digest = SHA.new()
        # Assumes the data is base64 encoded to begin with
        digest.update(message.encode())
        is_verify = verifier.verify(digest, base64.b64decode(signature))
        return is_verify


if __name__ == "__main__":
    plain = 'message'
    pub_rsa_path = '/Users/wxnacy/.ssh/id_rsa.pub'
    rsa_path = '/Users/wxnacy/.ssh/id_rsa'

    sign = signature(plain, rsa_path)
    print('签名：', sign)
    flag = verify_signature(plain, sign, pub_rsa_path)
    print('验证结果：', flag)