我知道“永远不会滚动你自己的加密”,但我在教育方面做的比什么都重要。因此,我尝试模仿RSA签名和验证程序,制作一个Python程序,这很麻烦。现在我遇到的问题是我用数字做得很小,可以用手做,< 2 ^ 8 primes - > 2 ^ 16模数等现在我试图将其加到128位RSA。我正在玩,看看它是如何工作的。现在我意识到,只要我使用超过2 ^ 32个素数或2 ^ 64个整数的任何东西,我就会得到与ext_euclid相反的奇怪的逆模。我使用http://www.christelbach.com/RSAtoy.aspx来查看真正的密钥应该是什么,并且出于某种原因,每当我将primesize碰到2 ^ 32以上时,我的数量都非常小。如果它的2 ^ 32或更少的一切都运行得很好,我已经在2 ^ 16/24/32进行了几十次测试,一旦2 ^ 32 +来了它就会变得非常错误。这是我的代码还是与Long to Int等有关,我该如何解决?
#RSA
from random import choice,randint
from math import log
primes = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263, 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331, 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397, 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461, 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541, 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607, 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673, 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751, 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827, 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907, 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983, 991, 997, 1009, 1013, 1019, 1021]
def randomPrime(mi=2**15,ma=2**16,length=0):
if length == 0:
length = min(len(primes),int(ma**.5/log(ma**.5)))
primality = False
while primality == False:
n = randint(mi/2,ma/2)*2 + 1
go = False
prime = 0
while prime <= (length - 1) and n % primes[prime] != 0:
prime += 1
if prime == (length):
primality = True
return n
def ext_euclid(phi,e,verbose=False):
# PLACEHOLDER VALUE
place = 0
# x is the e remainder table
# y is the 1 remainder table
x = phi
nx = e
y = phi
ny = 1
while nx != 0:
if verbose == True: print("%s|%s|%s|%s" % (x,nx,y,ny))
#Y table
place = ny
ny = y - int(x/nx)*ny
y = place
ny %= phi
#X table
place = nx
nx = x % nx
x = place
if verbose == True: print("%s|%s|%s|%s" % (x,nx,y,ny))
return y
def generatee(phi):
e = choice(primes)
while phi % e == 0:
e = choice(primes)
return e
import hashlib
#HASH
def md5(string,bitlength=32):
m = hashlib.md5()
m.update(string.encode("utf-8"))
return m.hexdigest()
class Keys():
def __init__(self,p1=0,p2=0,e=0):
#Constants
self.primesize = 2**36
self.p1 = randomPrime(2**16,self.primesize) if p1 == 0 else p1
self.p2 = randomPrime(2**16,self.primesize) if p2 == 0 else p2
self.phi = (self.p1-1)*(self.p2-1)
self.n = self.p1*self.p2
self.e = generatee(self.phi) if e == 0 else e
self.d = ext_euclid(self.phi,self.e)
self.address = md5(str((self.e << 32) + self.n))
def sign(self, txhash):
return pow(txhash, self.d, self.n)
def verify(self, txhash, signature):
if txhash % self.n == pow(signature, self.e, self.n): return True
return False
编辑: 这是一个64位模数的例子,例如RSA64
>>> a = Keys(209289323,1313573563,17)
>>> a.d
80857917702383813
>>> hx = 0x1234567890abcdef1234567890abcdef
>>> hx
24197857200151252728969465429440056815
>>> a.sign(hx)
246853824751040294
>>> b = a.sign(hx)
>>> a.verify(hx,b)
True
>>> a.verify(hx,b+1)
False
一旦我使用128位模数,就会出现错误的地方,例如RSA128:
>>> a = Keys(5546871069653045437,958651707892273957,17)
>>> hx = 0x1234567890abcdef1234567890abcdef
>>> a.sign(hx)
2245162084047934309650005641010351850
>>> b = a.sign(hx)
>>> a.verify(hx,b)
False
>>> a.d
938385427831965304326654898162630658
>>> a.d = 938385427831965264301982408934258497 #What it should be
>>> a.verify(hx,b)
False
>>> a.sign(hx)
4020359161743820942266145714554570767
>>> b = a.sign(hx)
>>> a.verify(hx,b)
True