Python编程密码学文件加密与解密代码解析
介绍
在网络上传输敏感信息时,我们往往需要对数据进行加密保护。本文将介绍如何使用Python编写密码学文件加密和解密的代码。
密码学基础
在进行加密和解密操作时,我们常常需要使用一些基础的密码学知识。本节将简单介绍一下这些知识。
对称加密
对称加密是指同一个密钥既用于加密明文,又用于解密密文的加密方式。常见的对称加密算法包括AES、DES等。
非对称加密
非对称加密是指使用一对密钥,其中一个用于加密明文,另一个用于解密密文的加密方式。常见的非对称加密算法包括RSA、ElGamal等。
数字签名
数字签名是指使用私钥对数据签名,然后使用公钥进行验证的过程。数字签名可以用来验证消息来源是否合法,以及消息是否被篡改过。
文件加密
我们可以使用Python的cryptography库来进行文件加密和解密操作。该库提供了高级加密标准(AES)等常见的对称加密算法。具体步骤如下:
- 生成密钥
from cryptography.fernet import Fernet
key = Fernet.generate_key()
- 使用密钥加密文件
from cryptography.fernet import Fernet
with open('file.txt', 'rb') as f:
data = f.read()
key = b'...'
f = Fernet(key)
encrypted_data = f.encrypt(data)
with open('file.txt.encrypted', 'wb') as f:
f.write(encrypted_data)
- 使用密钥解密文件
from cryptography.fernet import Fernet
with open('file.txt.encrypted', 'rb') as f:
encrypted_data = f.read()
key = b'...'
f = Fernet(key)
decrypted_data = f.decrypt(encrypted_data)
with open('file.txt', 'wb') as f:
f.write(decrypted_data)
数字签名
我们可以使用Python的cryptography库来进行数字签名和验证操作。该库提供了RSA等常见的非对称加密算法。具体步骤如下:
- 生成公私钥对
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
public_key = private_key.public_key()
private_key_bytes = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
public_key_bytes = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
with open('private_key.pem', 'wb') as f:
f.write(private_key_bytes)
with open('public_key.pem', 'wb') as f:
f.write(public_key_bytes)
- 对数据进行签名
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.serialization import load_pem_private_key
with open('private_key.pem', 'rb') as f:
private_key_bytes = f.read()
private_key = load_pem_private_key(
private_key_bytes,
password=None,
backend=default_backend()
)
data = b'...'
signature = private_key.sign(
data,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
with open('signature', 'wb') as f:
f.write(signature)
- 验证签名
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.serialization import load_pem_public_key
with open('public_key.pem', 'rb') as f:
public_key_bytes = f.read()
public_key = load_pem_public_key(
public_key_bytes,
backend=default_backend()
)
with open('file.txt', 'rb') as f:
data = f.read()
with open('signature', 'rb') as f:
signature = f.read()
try:
public_key.verify(
signature,
data,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
print('Signature is valid')
except:
print('Signature is invalid')
示例
文件加密示例
我们有一个名为file.txt的文件,现在需要对其进行加密。
首先,我们需要生成密钥:
from cryptography.fernet import Fernet
key = Fernet.generate_key()
接着,我们需要使用密钥对文件进行加密:
with open('file.txt', 'rb') as f:
data = f.read()
f = Fernet(key)
encrypted_data = f.encrypt(data)
with open('file.txt.encrypted', 'wb') as f:
f.write(encrypted_data)
最后,如果需要解密文件,可以使用以下代码:
with open('file.txt.encrypted', 'rb') as f:
encrypted_data = f.read()
f = Fernet(key)
decrypted_data = f.decrypt(encrypted_data)
with open('file.txt', 'wb') as f:
f.write(decrypted_data)
数字签名示例
我们有一个文件file.txt,现在需要对其进行签名,并保存签名结果到signature文件中。
首先,我们需要生成公私钥对:
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization
from cryptography.hazmat.backends import default_backend
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=2048,
backend=default_backend()
)
public_key = private_key.public_key()
private_key_bytes = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
public_key_bytes = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
with open('private_key.pem', 'wb') as f:
f.write(private_key_bytes)
with open('public_key.pem', 'wb') as f:
f.write(public_key_bytes)
接着,我们可以对文件进行签名:
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.serialization import load_pem_private_key
with open('private_key.pem', 'rb') as f:
private_key_bytes = f.read()
private_key = load_pem_private_key(
private_key_bytes,
password=None,
backend=default_backend()
)
with open('file.txt', 'rb') as f:
data = f.read()
signature = private_key.sign(
data,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
with open('signature', 'wb') as f:
f.write(signature)
最后,我们可以验证签名:
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives.serialization import load_pem_public_key
with open('public_key.pem', 'rb') as f:
public_key_bytes = f.read()
public_key = load_pem_public_key(
public_key_bytes,
backend=default_backend()
)
with open('file.txt', 'rb') as f:
data = f.read()
with open('signature', 'rb') as f:
signature = f.read()
try:
public_key.verify(
signature,
data,
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
print('Signature is valid')
except:
print('Signature is invalid')
以上就是文件加密和数字签名的完整代码。
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:Python编程密码学文件加密与解密代码解析 - Python技术站