我正在尝试加密和解密python中的文本,我知道如何做到 - 问题是我不想使用一定数量的字母,如16或32.我想成为能够使用尽可能多的字母/数字,然后加密文本而没有任何错误。
python中的base64会很完美,因为我可以做到这一点,但是当我想做的时候:
password = "password"
encode = base64.b64encode(password)
...它返回一个错误,因为它不是以字节为单位;它必须像:
encode = base64.b64encode(b'password')
完全正常,但我不想这样做。
import base64
password = "hello world"
encoded = base64.b64encode(password.encode("utf-8"))
print(encoded)
decoded = base64.b64decode(encoded)
print(decoded)
现在是我的代码,它工作正常,但我现在知道我使用了错误的类型,我需要知道如何使用AES。
答案 0 :(得分:14)
在Python 3中,您需要将字符串转换为字节,因为base64编码取决于字符串的编码,而Python 3不会对字符串编码做出假设。请参阅this question。
import base64
# Assuming UTF-8 encoding, change to something else if you need to
base64.b64encode("password".encode("utf-8"))
This page解释了为什么字符串在Python 3中的作用不同:
与2.x情况的最大区别在于,任何在Python 3.0中混合文本和数据的尝试都会引发TypeError,而如果您要在Python 2.x中混合使用Unicode和8位字符串,那么它将起作用8位字符串碰巧只包含7位(ASCII)字节,但如果它包含非ASCII值,则会得到UnicodeDecodeError。这种特定价值的行为多年来引起了许多悲伤的表情。
而且,就像sberry所说,base64编码不是加密。如果您确实希望这是安全的,您需要使用AES之类的东西,或者如果您只想安全地存储密码,请使用bcrypt或PBKDF2。
以下是使用PyCrypto加密某些内容with AES的示例,使用从密码using PBKDF2派生的密钥。
#!/usr/bin/env python3
from Crypto.Cipher import AES
from Crypto import Random
from Crypto.Protocol.KDF import PBKDF2
def make_key(password, salt = None):
if salt is None:
# Generate a key from the password
salt = Random.new().read(8)
# You probably want to adjust the number of iterations
# based on your target platform and willingness to wait.
# Somewhere around 10,000 will give you reasonable security.
# If you don't mind the wait, 100,000 is better.
# If you have a really fast computer, or are willing to wait a long
# time, feel free to set it even higher.
key = PBKDF2(password, salt, AES.block_size, 100000)
return (key, salt)
def encrypt(message, key):
# The IV should always be random
iv = Random.new().read(AES.block_size)
cipher = AES.new(key, AES.MODE_CFB, iv)
ciphertext = cipher.encrypt(message.encode("utf-8"))
return (ciphertext, iv)
def decrypt(ciphertext, key, iv):
cipher = AES.new(key, AES.MODE_CFB, iv)
msg = cipher.decrypt(ciphertext).decode("utf-8")
return msg
def main():
# Encryption
password = "correct horse battery staple"
message = "Super secret information that shouldn't be seen by attackers"
key, salt = make_key(password)
ciphertext, iv = encrypt(message, key)
print(b"The ciphertext is: " + ciphertext)
# Decryption
# In normal cases, you now need to store the salt and iv somewhere
# Usually you prepend them to the ciphertext
# I don't feel like doing that, so we'll just assume that I got the salt
# and IV somehow.
key, _ = make_key(password, salt)
cleartext = decrypt(ciphertext, key, iv)
print("The cleartext is: " + cleartext)
if __name__ == "__main__":
main()
只使用这样的AES提供confidentiality(攻击者无法在没有密码的情况下阅读邮件),但不是integrity(攻击者可以将数据插入到密文,你能注意到的唯一方法是它可能会解密为垃圾)。为了防止这种情况发生,您还可以使用message authentication code来确保密码没有被没有密码的人更改。
我认为这是一项有趣的练习,所以我在a BitBucket repo中提出了一个更完整的例子。它添加了一个HMAC,并从JSON文件中读取和写入。