如何进行加密/解密而不再次生成密钥对? [英] How do I do encryption/decryption without generating keypairs again?

问题描述

我本人一直在从事一个项目，并使用此网站的代码作为指导.有什么办法，我可以将密钥的生成放到一个文件中，并将加密/解密放到另一个文件中.如何定义bob_box而不必生成另一对密钥?

I have been working on a project myself and using this website's codes as a guide. Is there any way, I can put the generation of keys into 1 file and encryption/decryption into another. How do I define bob_box without having to generate another pair of keys?

GEN.PY:

import libnacl.public

def genkeys():

    bob = libnacl.public.SecretKey()
    alice = libnacl.public.SecretKey()

    bob_box = libnacl.public.Box(bob.sk, alice.pk)
    alice_box = libnacl.public.Box(alice.sk, bob.pk)

genkeys()

ENDEcrypt:

ENDEcrypt:

import libnacl.public
from GEN import genkeys

msg = '1234'

# Bob's box encrypts messages for Alice
bob_ctxt = bob_box.encrypt(msg)

# Alice's box decrypts messages from Bob
bclear = alice_box.decrypt(bob_ctxt)

# Alice can send encrypted messages which only Bob can decrypt
alice_ctxt = alice_box.encrypt(msg)
aclear = bob_box.decrypt(alice_ctxt)

我运行ENDEcrypt时的

输出:

output when I run ENDEcrypt:

Traceback (most recent call last):
File "/home/pi/Desktop/BOBALICE/endecrypt.py", line 7, in <module>
bob_ctxt = bob_box.encrypt(msg)
NameError: name 'bob_box' is not defined

推荐答案

libnacl的API的设计方式是，希望安全通信的两个方必须以某种方式交换其公钥.假设爱丽丝想向鲍勃发送消息.

The API of libnacl is designed in such a way that two parties that want to communicate securely must somehow exchange their public keys. Let's say Alice wants to send a message to Bob.

# Alice's computer:                             Bob's computer:
alice_sign = libnacl.public.SecretKey()         bob_enc = libnacl.public.SecretKey()
alice_spk_h = alice_sign.hex_pk()               bob_epk_h = bob_enc.hex_pk()

# magic happens where alice_spk_h goes to Bob and bob_epk_h goes to alice (i.e. by phone)

bob_epk = libnacl.public.PublicKey(bob_epk_h)   alice_spk = libnacl.public.PublicKey(
                                                        alice_spk_h)
alice_box = libnacl.public.Box(                 bob_box = libnacl.public.Box(
        alice_sign.sk, bob_epk)                         bob_enc.sk, alice_spk)

# preparation is done, let's start encrypting...

ct = alice_box.encrypt(msg)

# send ct to Bob (the message is protected)

                                                msg = bob_box.decrypt(ct)

如您所见，您需要分别对待公钥和私钥，以便在通信方的机器之间发送公钥和私钥.您不能将它们组合为一种方法，因为这会与libnacl的公共密钥加密的使用情况相矛盾.

As you can see, you need to treat the public and secret keys separately to send them between machine of the communicating parties. You cannot combine them into one method, because that would contradict the usage scenario of libnacl's public-key encryption.

请记住，每方只有一个密钥对，则只能在一个方向上发送加密的消息.如果您需要发回邮件，则每一方都需要有两个密钥(一个用于签名，一个用于加密；请注意，我以某种方式命名了爱丽丝和鲍勃的密钥，以使其清晰可见.)

Keep in mind that with a single key pair per party, it is only permissible to send the encrypted messages in one direction. If you need to send messages back, then each party needs to have two keys (one for signing and one for encryption; note that I named Alice's and Bob's keys in a certain way to make that clear).

有没有办法在一个文件中生成密钥并将密钥存储到一个盒子中+加密/解密到另一个文件中?

Is there a way to do the generation of keys in one file and the storing of keys into a box + encryption/decryption into another file?

是的，但是在这里您必须考虑这些文件的功能. Python文件是代码.如果您从命令行运行用于生成SecretKey的代码，则需要以某种方式进行存储，因为再次运行该代码会更改密钥.

Yes, but here you have to think about what these files are doing. A Python file is code. If you run the code that generates the SecretKey from a command line, you need to store it in some way, because running the code again would change the key.

gen.py

import libnacl.public

def genkey():
    return libnacl.public.SecretKey()

def gen_keys_and_save():
    # Generate two key pairs and store them for later use
    enc = genkey()
    enc.save('myencsecret.key')
    with open('myencpublic.key', 'w') as pkf:
        pkf.write(enc.hex_pk())

    sign = genkey()
    sign.save('mysignsecret.key')
    with open('mysignpublic.key', 'w') as pkf:
        pkf.write(sign.hex_pk())

if __name__ == "__main__":
    # this code only runs when executed directly (i.e. from command line)
    gen_keys_and_save()

enc.py

import libnacl.public
import libnacl.utils

def encrypt(mysignsecret, theirencpublic, data):
    box = libnacl.public.Box(mysignsecret, theirencpublic)
    return box.encrypt(data)

def parse_and_encrypt(mysignsecretfile, theirencpublicfile, data):
    sk = libnacl.utils.load_key(mysignsecretfile)
    with open(theirencpublicfile, 'r') as pkf:
        pk = libnacl.public.PublicKey(pkf.read())
    return encrypt(sk, pk, data)

if __name__ == "__main__":
    parse_and_encrypt('mysignsecret.key', 'theirencpublic.key', 'some kind of msg')

dec.py

import libnacl.public

def decrypt(myencsecret, theirsignpublic, ciphertext):
    box = libnacl.public.Box(myencsecret, theirsignpublic)
    return box.decrypt(ciphertext)

# similar to enc.py ...

现在您可以像这样运行它:

Now you can run it like this:

$ python gen.py 

现在，您需要接收他们的encpublic.key并发送mysignpublic.key.完成此操作后，您可以执行以下操作:

Now you need to receive theirencpublic.key and send mysignpublic.key. When you've done that, you can do that:

$ python enc.py 

这篇关于如何进行加密/解密而不再次生成密钥对?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！