Python RSA签名验证加密解密 | Python 主题月

本文正在参加「Python主题月」，详情查看活动连接

1 RSA密钥格式

经常使用的rsa密钥有两种格式，pkcs1和pkcs8

1.1 pkcs1

# 公钥
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
# 私钥
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
复制代码

1.2 pkcs8

# 公钥
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
# 私钥
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
复制代码

2 密钥格式转换

2.1 私钥转换

pkcs1 to pkcs8

openssl pkcs8 -topk8 -inform PEM -in private_pkcs1.pem -outform pem -nocrypt -out private_pkcs8.pem
复制代码

pkcs8 to pkcs1

openssl pkcs8 -in private_pkcs8.pem -nocrypt -out private_plcs1.pem
复制代码

2.2 公钥转换

使用pkcs8格式私钥生成pkcs8格式公钥

openssl rsa -in pricate_pkcs8.pem -pubout -out public_pkcs8.pem
复制代码

3 签名、验证、加密、解密

# -*- coding: utf-8 -*-
# Created: 03/03/2021
# Author: Honest1y

import base64
import Crypto.Signature.PKCS1_v1_5 as sign_PKCS1_v1_5 #用于签名/验签
from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5 #用于加密
from Crypto import Hash
from Crypto.PublicKey import RSA


class RsaCode(object):
    def __init__(self):
        self.public_key = "-----BEGIN PUBLIC KEY-----\nMGcw\n-----END PUBLIC KEY-----"
        self.private_key = "-----BEGIN PRIVATE KEY-----\nMIIBhQIBADANBgkqhkiG9w0BAQEFAAS\n-----END PRIVATE KEY-----"

    def sign(self, text):
        """ 私钥签名 :return: """
        signer_pri_obj = sign_PKCS1_v1_5.new(RSA.importKey(self.private_key))
        rand_hash = Hash.MD5.new()
        rand_hash.update(text.encode())
        signature = signer_pri_obj.sign(rand_hash)
        return base64.b64encode(signature).decode(encoding="utf-8")

    def verify(self, text, sign_result):
        """ RSA验签 :param signature: 签名 :return: """
        signature = base64.b64decode(sign_result)
        verifier = sign_PKCS1_v1_5.new(RSA.importKey(self.public_key))
        _rand_hash = Hash.MD5.new()
        _rand_hash.update(text.encode())
        verify = verifier.verify(_rand_hash, signature)
        return verify


    def long_encrypt(self, msg):
        msg = msg.encode('utf-8')
        length = len(msg)
        default_length = 64
        pubobj = Cipher_pkcs1_v1_5.new(RSA.importKey(self.public_key))
        if length < default_length:
            return base64.b64encode(pubobj.encrypt(msg)).decode(encoding="utf-8")
        offset = 0
        res = []
        while length - offset > 0:
            if length - offset > default_length:
                res.append(pubobj.encrypt(msg[offset:offset + default_length]))
            else:
                res.append(pubobj.encrypt(msg[offset:]))
            offset += default_length
        byte_data = b''.join(res)
        return base64.b64encode(byte_data).decode(encoding="utf-8")

    def long_decrypt(self, msg):
        msg = base64.b64decode(msg)
        length = len(msg)
        default_length = 75
        priobj = Cipher_pkcs1_v1_5.new(RSA.importKey(self.private_key))
        if length <= default_length:
            return priobj.decrypt(msg, b'RSA').decode(encoding="utf-8")
        offset = 0
        res = []
        while length - offset > 0:
            if length - offset > default_length:
                res.append(priobj.decrypt(msg[offset:offset + default_length], b'RSA'))
            else:
                res.append(priobj.decrypt(msg[offset:], b'RSA'))
            offset += default_length
        print()
        return b''.join(res).decode('utf-8')


if __name__ == '__main__':
    text = "python rsa test"
    print("1 开始签名")
    sign_result = RsaCode().sign(text)
    print("- 签名结果为: {}".format(sign_result))
    print("2 验证签名")
    verify_result = RsaCode().verify(text, sign_result)
    print("- 验证结果为: {}".format(verify_result))

    params = '{ "username": "python rsa" }'
    print("3 开始RSA加密")
    en_result = RsaCode().long_encrypt(params)
    print("- 加密结果为: {}".format(en_result))
    print("4 开始RSA解密")
    de_result = RsaCode().long_decrypt(en_result)
    print("- 解密结果为: {}".format(de_result))
复制代码

4 验证结果

1 开始签名
- 签名结果为: QE+DF/YLbU/F6ARxeLGa3oJyiV2UvSxkxWuJJ8fruoKszc/v1+/Tl/4n5iHTb2q+/ODoqkvJOU2TYwjhp2AI9uOwyEkPUDai5mYc
2 验证签名
- 验证结果为: True
3 开始RSA加密
- 加密结果为: EkaF5LsLEmpgVrfEjSB4XfMf06mE/0XQzWChVD6wrYh6k0axaWejiry6jVX+TT+T7P4Aw4VjJ2i5pnG2Xpga+xodRtFTC+LTnAuU
4 开始RSA解密
- 解密结果为: { "username": "python rsa" }
复制代码