是否可以使用Python中的密码安全地加密然后解密数据? [英] Is it possible to encrypt then decrypt data securely against a password in Python?

问题描述

我在python程序中有一些数据，在使用密码写入文件之前，我想先对这些数据进行加密，然后再读取并解密后再使用.我正在寻找一些可以针对密码进行加密和解密的安全对称算法.

I have some data in a python program that I'd like to encrypt before writing to a file with a password, and then read it and decrypt it before using it. I'm looking for some secure symmetric algorithm that can encrypt and decrypt against a password.

此问题显示不安全方式并建议使用libsodium.由于我使用的是Python，因此发现了 pysodium .它似乎具有从libsodium映射的大量功能，但是我不知道如何简单地使用密码对数据进行加密/解密.

This question shows a non-secure way and suggests using libsodium. Since I'm using Python, I found pysodium. It seems to have tons of functions mapped from libsodium, but I don't know how to simply encrypt/decrypt data against password.

我的问题是，看起来所有加密算法都使用密钥.我不想使用钥匙.我只想使用密码.就像我在终端上所做的一样:

My problem is that it looks like all encryption algorithms use keys. I don't want to use keys. I want to only use a password. Just like what I do in the terminal:

要加密:

$ cat data | openssl aes-256-cbc -salt | dd of=output.des3

要解密:

$ dd if=output.des3 | openssl aes-256-cbc -d -salt

是否可以使用pysodium来做到这一点(以跨平台的方式，所以请不要建议使用系统调用)?

Is it possible to do this with pysodium (in a cross-platform way, so please don't suggest using a system call)?

推荐答案

所以我的问题简化为:如何使用Python中的密码对数据进行加密".由于缺乏文件资料，我放弃了pysodium.我使用了 cryptography 和 argon2 包来编写自己的加密算法(这不是我自己的加密算法，我知道加密规则中的第1条规则；这只是利用加密算法的过程已经在那了).所以这是我的功能:

So my question reduced to: "How can I encrypt data against a password in Python". I gave up on pysodium due to the lack of documentation. I used cryptography and argon2 packages to write my own encryption algorithm (it's not my own crypto algorithm, I know Rule No. 1 in crypto; it's just the procedure to utilize what's already there). So here are my functions:

import cryptography.fernet
import argon2
import base64

def encrypt_data(data_bytes, password, salt):
    password_hash = argon2.argon2_hash(password=password, salt=salt)
    encoded_hash = base64.urlsafe_b64encode(password_hash[:32])
    encryptor = cryptography.fernet.Fernet(encoded_hash)
    return encryptor.encrypt(data_bytes)


def decrypt_data(cipher_bytes, password, salt):
    password_hash = argon2.argon2_hash(password=password, salt=salt)
    encoded_hash = base64.urlsafe_b64encode(password_hash[:32])
    decryptor = cryptography.fernet.Fernet(encoded_hash)
    return decryptor.decrypt(cipher_bytes)

这是有关如何使用它们的示例:

And here's an example on how to use them:

cipher = encrypt_data("Hi Dude, Don't tell anyone I said Hi!".encode(), "SecretPassword", "SaltySaltySalt")
decrypted = decrypt_data(cipher, "SecretPassword", "SaltySaltySalt")
print(cipher)
print(decrypted.decode())

请记住，加密仅针对字节；不适用于字符串.这就是为什么我使用 encode / decode .

Remember that encryption is for bytes only; not for strings. This is why I'm using encode/decode.

为什么要使用氩气2?因为它是一种难于记忆的算法，因此很难与GPU和ASIC配合使用(是的，我是加密货币爱好者).

Why argon2? Because it's a memory hard algorithm that's very hard to break with GPUs and ASICs (yes, I'm a cryptocurrency fan).

为什么要使用Fernet?因为它使用的是AES CBC，所以似乎足够安全；此外，它真的很容易使用(这正是我所需要的...我不是密码学家，所以我需要一个黑匣子来使用它.)

Why Fernet? Because it uses AES CBC, which seems to be secure enough; besides, it's really easy to use (which is exactly what I need... I'm not a cryptographer, so I need a black-box to use).

免责声明:请注意，我不是密码学家.我只是一个程序员.请随时批评我的加密和解密方式，并随时添加您的贡献以使之变得更好.

Disclaimer: Please be aware that I'm not a cryptographer. I'm just a programmer. Please feel free to critique my way of encrypting and decrypting, and please feel free to add your contribution to make this better.

这篇关于是否可以使用Python中的密码安全地加密然后解密数据?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！