如何将公共密钥打印为字符串并进行加密? [英] How to print a public key as string and encrypt with it?

问题描述

所以我已经用OpenSSL生成了一个自签名证书和一个私钥.

So I have generated a self signed certificate and a private key with OpenSSL.

现在我正在尝试:

a)将公共密钥打印为字符串.这个:

a) print the public key as a string. This:

f = open(CERT_FILE)
cert_buffer = f.read()
f.close()
cert = crypto.load_certificate(crypto.FILETYPE_PEM, cert_buffer)
pub_key = cert.get_pubkey()
print pub_key

打印如下内容:

<OpenSSL.crypto.PKey object at 0x7f059864d058>

b)使用此公钥加密字符串

b) encrypt a string with this public key

c)用私钥解密加密的字符串

c) decrypt the encrypted string with a private key

我想看一些代码示例.请仅使用OpenSSL，而不使用包装器.

I would like to see some code examples. Please use only OpenSSL, no wrappers.

推荐答案

这是您想要的吗?它使用 PyCrypto ，而不是

Is this what you want? It uses PyCrypto, not PyOpenSSL (I'm not sure if this is what you wanted to avoid when you mention no wrappers)

#!/usr/bin/env python

from Crypto.Cipher import AES
from Crypto.Cipher import PKCS1_OAEP
from Crypto.PublicKey import RSA

def step1():
    rsaKey = RSA.importKey(open("./myKey.der", 'r'))
    print "Step 1: This is my rsa-key:\n%s" % rsaKey.exportKey()

def step2_encrypt(string):
    rsaKey = RSA.importKey(open("./myKey.der", 'r'))
    pkcs1CipherTmp = PKCS1_OAEP.new(rsaKey)
    encryptedString = pkcs1CipherTmp.encrypt(string)
    print "Step 2: encrypted %s is %s" % (string, encryptedString)
    return encryptedString

def step3_decrypt(encryptedString):
    rsaKey = RSA.importKey(open("./myKey.der", 'r'))
    pkcs1CipherTmp = PKCS1_OAEP.new(rsaKey)
    decryptedString = pkcs1CipherTmp.decrypt(encryptedString)
    print "Step 3: decryptedString %s is %s" % (encryptedString, decryptedString)
    return decryptedString


if __name__ == "__main__":
    step1()
    encryptedString = step2_encrypt("hello, duuude")
    decryptedString = step3_decrypt(encryptedString)
    print "Tadaaaa: %s" % decryptedString

密钥文件包含公共/私有部分，因此加密/解密模块将知道该怎么做.

The key files contain the public/private parts, so the encryption/decryption modules will know what to do.

您是否需要在两个单独的文件中使用公钥/私钥(应该是直截了当的，对吧)?

Do you need the public/private key in two separate files (should be kind of straight forward, right)?

请注意，使用非对称加密时，可以加密的最大字符数取决于您使用的模数钥匙.在上面的示例中，如果您使用常规的RSA密钥(SHA-1，模数为20字节)，则对于大于214字节的字符串会出现错误.正如 cyroxx 在评论中指出的那样，该算法没有理论限制(您可以使用非常长的字符串来加密长字符串长键)，但是计算所需的时间使它在实际应用中非常不可行.

Be aware that when using asymmetric encryption, the maximum number of characters you can encrypt depends on the modulus used in your key. In the example above, if you use a regular RSA key (SHA-1, with 20 bytes modulus), you'll get errors for strings bigger than 214 bytes. As cyroxx pointed out in the comments, there's not theoretical limitation to the algorithm (you can encrypt long strings with very long keys) but the computational time it would take makes it pretty inviable for practical purposes.

如果需要对大数据进行加密，则可能需要使用对称算法(例如AES)对数据进行加密，并在传输的数据中发送使用RSA(非对称)密钥加密的密码...但这是另一回事，还有许多其他问题:-)

If you need to cypher big chunks of data, you'll probably want to encrypt that data with a symmetric algorithm (like AES) and send the password encrypted with the RSA (asymmetric) keys along in the transferred data... but that's a different matter with a number of other issues :-)

这篇关于如何将公共密钥打印为字符串并进行加密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！