Python中的openssl_seal()

时间:2010-05-04 15:38:25

标签: python openssl

要连接服务器,我发现使用PHP,我需要使用openssl_seal()。没关系,但我想使用Python。我无法在等效函数中转换openssl_seal()

你能帮助我吗?

这是openssl_seal()的作用:

  

描述       int openssl_seal(string $ data,string& $ sealed_data,array& $ env_keys,                          array $ pub_key_ids)

openssl_seal() seals (encrypts) data by using RC4 with a randomly generated
secret key. The key is encrypted with each of the public keys associated
with the identifiers in pub_key_ids and each encrypted key is returned in
env_keys. This means that one can send sealed data to multiple recipients
(provided one has obtained their public keys). Each recipient must receive
both the sealed data and the envelope key that was encrypted with the
recipient's public key.

2 个答案:

答案 0 :(得分:2)

this blogpost详细描述了openssl_seal()内发生的事情。它还有一个java实现。

从这一点来看,我认为它应该相对简单(“作为练习给读者留下的证据”直截了当)使用pyopenssl在python中进行等效实现,其中包括RC4 }或更新的,但为了这些目的更集中tlslite

答案 1 :(得分:1)

openssl_seal的作用是:

  1. 从证书中提取public_key
  2. 生成一个128位(16字节)长的random_key(这将用于使用对称算法加密消息,因为它更快)
  3. 使用PKCS#1加密random_key
  4. 使用ARC4和random_key
  5. 加密邮件
  6. 输出encrypted_random_key和encrypted_message
  7. 接收方可以使用他们的private_key解密encrypted_random_key,然后使用random_key解密encrypted_message。

    由于没有办法通过标准库在Python中执行此操作,我只是想要#39;抛弃我尝试过的3种方法:

    # pyca/cryptography (cryptography.io) version
    # pip install cryptography
    
    import os
    
    import cryptography
    from cryptography import x509
    
    
    message = 'Super secret secret message'
    message = message.encode('utf-8')
    certificate_data = open('/path/to/certificate.cer', 'r').read()
    certificate_data = certificate_data.encode('utf-8')
    certificate = cryptography.x509.load_pem_x509_certificate(data=certificate_data, backend=cryptography.hazmat.backends.default_backend())
    public_key = certificate.public_key()
    random_key = os.urandom(16)
    encrypted_random_key = public_key.encrypt(plaintext=random_key, padding=cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15())
    print(encrypted_random_key)
    algorithm = cryptography.hazmat.primitives.ciphers.algorithms.ARC4(random_key)
    cipher = cryptography.hazmat.primitives.ciphers.Cipher(algorithm=algorithm, mode=None, backend=cryptography.hazmat.backends.default_backend())
    encryptor = cipher.encryptor()
    encrypted_message = encryptor.update(message)
    print(encrypted_message)
    

    # M2Crypto version
    # pip install pip install git+https://gitlab.com/m2crypto/m2crypto@python3
    
    import M2Crypto
    
    
    message = 'Super secret secret message'
    message = message.encode('utf-8')
    certificate = M2Crypto.X509.load_cert('/path/to/certificate.cer')
    public_key = certificate.get_pubkey()
    rsa_pub = public_key.get_rsa()
    random_key = M2Crypto.Rand.rand_bytes(16)
    encrypted_random_key = rsa_pub.public_encrypt(random_key, M2Crypto.RSA.pkcs1_padding)
    print(encrypted_random_key)
    cipher = M2Crypto.EVP.Cipher(alg='rc4', key=random_key, iv=b'', op=M2Crypto.encrypt)
    encrypted_message = cipher.update(message)
    encrypted_message += cipher.final()
    print(encrypted_message)
    

    # PyCrypto version
    # pip install pycrypto
    
    # Please bear in mind that PyCrypto cannot handle x509 certificates.
    # You will have to extract the public_key to a pem file:
    # openssl x509 -inform pem -in certificate.cer -pubkey -noout > public_key.pem
    
    from Crypto import Random
    from Crypto.Cipher import ARC4
    from Crypto.Cipher import PKCS1_OAEP
    from Crypto.Cipher import PKCS1_v1_5
    from Crypto.PublicKey import RSA
    
    
    message = 'Super secret secret message'
    message = message.encode('utf-8')
    public_key_data = open('/path/to/public_key.pem', 'r').read()
    public_key = RSA.importKey(public_key_data)
    random_key = Random.new().read(16)
    cipher = PKCS1_v1_5.new(public_key)
    encrypted_random_key = cipher.encrypt(random_key)
    print(encrypted_random_key)
    cipher = ARC4.new(random_key)
    encrypted_message = cipher.encrypt(message)
    print(encrypted_message)
    

    您可以在=>查看我的帖子http://helpfulsheep.com/2017-09-01-openssl-seal-in-python/