共计 3541 个字符,预计需要花费 9 分钟才能阅读完成。
1 RSA密钥格式
常用的rsa密钥有两种格式,pkcs1和pkcs8
1.1 pkcs1
# 公钥
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
# 私钥
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----1.2 pkcs8
# 公钥
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
# 私钥
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
2 密钥格式转换
2.1 私钥转换
pkcs1 to pkcs8
openssl pkcs8 -topk8 -inform PEM -in private_pkcs1.pem -outform pem -nocrypt -out private_pkcs8.pempkcs8 to pkcs1
openssl pkcs8 -in private_pkcs8.pem -nocrypt -out private_plcs1.pem
2.2 公钥转换
使用pkcs8格式私钥生成pkcs8格式公钥
openssl rsa -in pricate_pkcs8.pem -pubout -out public_pkcs8.pem
3 签名、验证、加密、解密
# -*- coding: utf-8 -*-
# Created: 03/03/2021
# Author: Wangxiao
import base64
import Crypto.Signature.PKCS1_v1_5 as sign_PKCS1_v1_5 #用于签名/验签
from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5 #用于加密
from Crypto import Hash
from Crypto.PublicKey import RSA
class RsaCode(object):
def __init__(self):
self.public_key = "-----BEGIN PUBLIC KEY-----\nMGcw\n-----END PUBLIC KEY-----"
self.private_key = "-----BEGIN PRIVATE KEY-----\nMIIBhQIBADANBgkqhkiG9w0BAQEFAAS\n-----END PRIVATE KEY-----"
def sign(self, text):
"""
私钥签名
:return:
"""
signer_pri_obj = sign_PKCS1_v1_5.new(RSA.importKey(self.private_key))
rand_hash = Hash.MD5.new()
rand_hash.update(text.encode())
signature = signer_pri_obj.sign(rand_hash)
return base64.b64encode(signature).decode(encoding="utf-8")
def verify(self, text, sign_result):
"""
RSA验签
:param signature: 签名
:return:
"""
signature = base64.b64decode(sign_result)
verifier = sign_PKCS1_v1_5.new(RSA.importKey(self.public_key))
_rand_hash = Hash.MD5.new()
_rand_hash.update(text.encode())
verify = verifier.verify(_rand_hash, signature)
return verify
def long_encrypt(self, msg):
msg = msg.encode('utf-8')
length = len(msg)
default_length = 64
pubobj = Cipher_pkcs1_v1_5.new(RSA.importKey(self.public_key))
if length < default_length:
return base64.b64encode(pubobj.encrypt(msg)).decode(encoding="utf-8")
offset = 0
res = []
while length - offset > 0:
if length - offset > default_length:
res.append(pubobj.encrypt(msg[offset:offset + default_length]))
else:
res.append(pubobj.encrypt(msg[offset:]))
offset += default_length
byte_data = b''.join(res)
return base64.b64encode(byte_data).decode(encoding="utf-8")
def long_decrypt(self, msg):
msg = base64.b64decode(msg)
length = len(msg)
default_length = 75
priobj = Cipher_pkcs1_v1_5.new(RSA.importKey(self.private_key))
if length <= default_length:
return priobj.decrypt(msg, b'RSA').decode(encoding="utf-8")
offset = 0
res = []
while length - offset > 0:
if length - offset > default_length:
res.append(priobj.decrypt(msg[offset:offset + default_length], b'RSA'))
else:
res.append(priobj.decrypt(msg[offset:], b'RSA'))
offset += default_length
print()
return b''.join(res).decode('utf-8')
if __name__ == '__main__':
text = "python rsa test"
print("1 开始签名")
sign_result = RsaCode().sign(text)
print("- 签名结果为: {}".format(sign_result))
print("2 验证签名")
verify_result = RsaCode().verify(text, sign_result)
print("- 验证结果为: {}".format(verify_result))
params = '{ "username": "python rsa" }'
print("3 开始RSA加密")
en_result = RsaCode().long_encrypt(params)
print("- 加密结果为: {}".format(en_result))
print("4 开始RSA解密")
de_result = RsaCode().long_decrypt(en_result)
print("- 解密结果为: {}".format(de_result))
4 验证结果
1 开始签名
- 签名结果为: QE+DF/YLbU/F6ARxeLGa3oJyiV2UvSxkxWuJJ8fruoKszc/v1+/Tl/4n5iHTb2q+/ODoqkvJOU2TYwjhp2AI9uOwyEkPUDai5mYc
2 验证签名
- 验证结果为: True
3 开始RSA加密
- 加密结果为: EkaF5LsLEmpgVrfEjSB4XfMf06mE/0XQzWChVD6wrYh6k0axaWejiry6jVX+TT+T7P4Aw4VjJ2i5pnG2Xpga+xodRtFTC+LTnAuU
4 开始RSA解密
- 解密结果为: { "username": "python rsa" }
正文完
