带hashlib sha1的python加密基础 [英] basics of python encryption w/ hashlib sha1

问题描述

我正在努力完全理解加密的工作原理和编码方式，尤其是使用python时.我只是在尝试基础知识，并以最简单的形式创建代码.

I'm struggling to fully understand how encryption works and is coded, particularly with python. I'm just trying to get the basics down and create code in the simplest form.

我将在两个不同的站点之间传递一个userID，但是显然我需要使用私钥对它进行加密，以便Website2知道它来自Website1.这似乎是我的代码: http://docs.python.org/library/hashlib.html#module-hashlib ，但是它没有很好的示例(或者我选错了位置).

I'm going to be passing a userID between two different sites, but obviously I need this to be encrypted with a private key so Website2 knows it came from Website1. This seems to be the code for me: http://docs.python.org/library/hashlib.html#module-hashlib, but it doesn't have very good examples (or maybe I'm in the wrong spot).

我遇到的问题是完全了解如何编码和解码.

The problem I'm having is fully understanding how to encode and decode.

因此，假设每个网站将知道的共享私钥是:

So lets say the shared private key which each website will know is:

shared_private_key = "ABCDEF"

我希望Website1将以下用户ID传递给Website2:

And I want Website1 to pass to Website2 the userID of:

userID = "123456"

Website1如何通过私钥对我的userID进行加密，使加密可以通过HTTP标头发送，然后让Website2解密并能够使用共享私钥读取userID?

How would Website1 encrypt my userID with the private key in a fashion that the encryption can be sent via HTTP headers, and then have Website2 decrypt and be able to read the userID using the shared private key?

我很抱歉提出这样一个基本问题，但是我没有把握应该如何做.谢谢.

I apologize for asking such a basic question, but I'm failing to grasp how this should be done. Thanks.

推荐答案

hashlib模块提供了哈希功能.尽管与加密有一定关系，但是一旦对某些数据进行哈希处理，就无法再从哈希结果中获取原始数据.

The hashlib module provides hashing functions. While there is some relation to encryption, once you hash some data you can not go back to get the original data from the hash result.

您可以采用另一种方法来代替加密数据:使用数据的哈希值和一些秘密来创建唯一的签名.

Instead of encripting the data you can take a different approach: creating a unique signature using a hash of the data and some secret.

shared_private_key = "ABCDEF"

def create_signature(data):
    return hashlib.sha1(repr(data) + "," + shared_private_key).hexdigest()

def verify_signature(data, signature):
    return signature == create_signature(data)

最后，您将数据和签名发送到网站2.这样，您可以(大部分)确定没有未经授权的人篡改数据.

Finally, you send to the Website 2 the data plus the signature. That way you can be (mostly) sure that no unauthorized person tampered the data.

这篇关于带hashlib sha1的python加密基础的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！