是否可以使用Python中的密码安全地加密然后解密数据? [英] Is it possible to encrypt then decrypt data securely against a password in Python?
问题描述
我在python程序中有一些数据,在使用密码写入文件之前,我想先对这些数据进行加密,然后再读取并解密后再使用.我正在寻找一些可以针对密码进行加密和解密的安全对称算法.
I have some data in a python program that I'd like to encrypt before writing to a file with a password, and then read it and decrypt it before using it. I'm looking for some secure symmetric algorithm that can encrypt and decrypt against a password.
此问题显示不安全方式并建议使用libsodium.由于我使用的是Python,因此发现了 pysodium .它似乎具有从libsodium映射的大量功能,但是我不知道如何简单地使用密码对数据进行加密/解密.
This question shows a non-secure way and suggests using libsodium. Since I'm using Python, I found pysodium. It seems to have tons of functions mapped from libsodium, but I don't know how to simply encrypt/decrypt data against password.
我的问题是,看起来所有加密算法都使用密钥.我不想使用钥匙.我只想使用密码.就像我在终端上所做的一样:
My problem is that it looks like all encryption algorithms use keys. I don't want to use keys. I want to only use a password. Just like what I do in the terminal:
要加密:
$ cat data | openssl aes-256-cbc -salt | dd of=output.des3
要解密:
$ dd if=output.des3 | openssl aes-256-cbc -d -salt
是否可以使用pysodium来做到这一点(以跨平台的方式,所以请不要建议使用系统调用)?
Is it possible to do this with pysodium (in a cross-platform way, so please don't suggest using a system call)?
推荐答案
所以我的问题简化为:如何使用Python中的密码对数据进行加密".由于缺乏文件资料,我放弃了pysodium.我使用了 cryptography
和 argon2
包来编写自己的加密算法(这不是我自己的加密算法,我知道加密规则中的第1条规则;这只是利用加密算法的过程已经在那了).所以这是我的功能:
So my question reduced to: "How can I encrypt data against a password in Python". I gave up on pysodium due to the lack of documentation. I used cryptography
and argon2
packages to write my own encryption algorithm (it's not my own crypto algorithm, I know Rule No. 1 in crypto; it's just the procedure to utilize what's already there). So here are my functions:
import cryptography.fernet
import argon2
import base64
def encrypt_data(data_bytes, password, salt):
password_hash = argon2.argon2_hash(password=password, salt=salt)
encoded_hash = base64.urlsafe_b64encode(password_hash[:32])
encryptor = cryptography.fernet.Fernet(encoded_hash)
return encryptor.encrypt(data_bytes)
def decrypt_data(cipher_bytes, password, salt):
password_hash = argon2.argon2_hash(password=password, salt=salt)
encoded_hash = base64.urlsafe_b64encode(password_hash[:32])
decryptor = cryptography.fernet.Fernet(encoded_hash)
return decryptor.decrypt(cipher_bytes)
这是有关如何使用它们的示例:
And here's an example on how to use them:
cipher = encrypt_data("Hi Dude, Don't tell anyone I said Hi!".encode(), "SecretPassword", "SaltySaltySalt")
decrypted = decrypt_data(cipher, "SecretPassword", "SaltySaltySalt")
print(cipher)
print(decrypted.decode())
请记住,加密仅针对字节;不适用于字符串.这就是为什么我使用 encode
/ decode
.
Remember that encryption is for bytes only; not for strings. This is why I'm using encode
/decode
.
为什么要使用氩气2?因为它是一种难于记忆的算法,因此很难与GPU和ASIC配合使用(是的,我是加密货币爱好者).
Why argon2? Because it's a memory hard algorithm that's very hard to break with GPUs and ASICs (yes, I'm a cryptocurrency fan).
为什么要使用Fernet?因为它使用的是AES CBC,所以似乎足够安全;此外,它真的很容易使用(这正是我所需要的...我不是密码学家,所以我需要一个黑匣子来使用它.)
Why Fernet? Because it uses AES CBC, which seems to be secure enough; besides, it's really easy to use (which is exactly what I need... I'm not a cryptographer, so I need a black-box to use).
免责声明:请注意,我不是密码学家.我只是一个程序员.请随时批评我的加密和解密方式,并随时添加您的贡献以使之变得更好.
Disclaimer: Please be aware that I'm not a cryptographer. I'm just a programmer. Please feel free to critique my way of encrypting and decrypting, and please feel free to add your contribution to make this better.
这篇关于是否可以使用Python中的密码安全地加密然后解密数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!