将java加密代码转换为python等效

时间:2017-06-25 13:36:51

标签: java python-2.7 rsa public-key-encryption pycrypto

我一直在尝试将以下java代码转换为其等效的python:

Encrypt.java

import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
//import org.jose4j.base64url.Base64;

public class Encrypt {

    public static void main(String[] args)
            throws InvalidKeySpecException, NoSuchAlgorithmException, UnsupportedEncodingException, CertificateException, FileNotFoundException {
        PublicKey pubKey; 
        Object localObject1 = new
         String("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmy"
         +
         "qvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXe"
         +
         "iqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmE"
         + "MWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB");

         //localObject1 = new X509EncodedKeySpec(Base64.decode(((String)localObject1).getBytes("utf-8")));
         localObject1 = new X509EncodedKeySpec(Base64.decodeBase64(((String)localObject1).getBytes("utf-8")));
         localObject1 = KeyFactory.getInstance("RSA").generatePublic((KeySpec)localObject1);
         System.out.println((PublicKey)localObject1);
         System.out.println("___________________________________________________________________________________________________________________________________________________");

//       String secret_pub_key= //"-----BEGIN RSA PUBLIC KEY-----" +
//               "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkvq7mHuTMGeJF/qiAot"+
//               "OcLTd6hjDEcMHIk2IY35JInuypD6WieogOxSS6kHYho/U+BW/Cgz0XjziPIQSJZx"+
//               "AGOrtdZrTa6n6S6I65YB2wPB93lLi/qnBmUSetEgAgM+MOfiYT8Dift9Mut+BvbE"+
//               "iFMH163ovoiTyLDpbTYDB6InzFzu1l7G01pi/ZAc69kWrJ+yNMEUcnAerRPt30et"+
//               "XAbKD2lC696VJa/2xtWZ5T7vwMpFLIaGFAg228ZifgwDIRFsBmwPsAsngQSGVVBo"+
//               "Ijm3fb0PUDV4MTw+cNT0ldHbYCAWy6zgA0K7eL5LcUN8+ai7u6VMWYUT4FAvYNiP"+
//               "IwIDAQAB";
//               //"-----END RSA PUBLIC KEY-----";
//          X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decode(secret_pub_key));
//          KeyFactory keyFactory = KeyFactory.getInstance("RSA");
//          PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);

         Object secret_pub_key= new String(//"-----BEGIN RSA PUBLIC KEY-----" +
                 "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukY"+
                 "ycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz"+
                 "+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hd"+
                 "lnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNq"+
                 "XeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638T"+
                 "i8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl"+
                 "+wIDAQAB");
                 //"-----END RSA PUBLIC KEY-----";


         secret_pub_key = new X509EncodedKeySpec(Base64.decodeBase64(((String)secret_pub_key).getBytes("utf-8")));
         secret_pub_key =  KeyFactory.getInstance("RSA").generatePublic((KeySpec)secret_pub_key);
         pubKey = (PublicKey)secret_pub_key;

        Object localObject;
        Lc lc = new Lc();
        System.out.println("\n\nlc.pub is" + lc.pub);
        System.out.println("\n\n\nokokokokok" + pubKey.getEncoded());
        //byte[] arrayOfByte = new String(Base64.encodeBase64(lc.pub.getEncoded())).getBytes();
        byte[] arrayOfByte = new String(Base64.encodeBase64(pubKey.getEncoded())).getBytes();
        StringBuilder localStringBuilder1 = new StringBuilder();
        int i = 0;
        while (i < arrayOfByte.length) {
            if (arrayOfByte.length > i + 200) {
                localObject = Arrays.copyOfRange(arrayOfByte, i, i + 200);
            } else {
                localObject = Arrays.copyOfRange(arrayOfByte, i, arrayOfByte.length + 1);
            }
            StringBuilder localStringBuilder2 = new StringBuilder();
            lc.pub = (PublicKey)localObject1;
            localObject = new String((byte[])localObject);
            localStringBuilder1.append(lc.upperDot((String)localObject) + ":::");
            i += 200;
        }
        System.out.println("The ducking key is " + localStringBuilder1.toString());
    }
}

Lc.java

import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;

public class Lc {
    public static PublicKey pub;
      public static PrivateKey pri;
      public byte[] by;
      public String dot;
      public Lc() {
          Object localObject = "RSA";
          try
          {
            localObject = KeyPairGenerator.getInstance((String)localObject);
            KeyPair localKeyPair = ((KeyPairGenerator)localObject).generateKeyPair();
            localObject = localKeyPair.getPublic();
            pub = (PublicKey)localObject;
            localObject = localKeyPair.getPrivate();
            pri = (PrivateKey)localObject;
          }
          catch (NoSuchAlgorithmException localNoSuchAlgorithmException)
          {
            localNoSuchAlgorithmException.printStackTrace();
          }
    }
      public static String upperDot(String paramString)
      {
        Object localObject = "RSA/ECB/PKCS1Padding";
        try
        {
          Cipher localCipher = Cipher.getInstance((String)localObject);
          localObject = pub;
          int i = 1;
          localCipher.init(i, (Key)localObject);
          localObject = paramString.getBytes();
          byte[] arrayOfByte1 = localCipher.doFinal((byte[])localObject);
          byte[] arrayOfByte2 = Base64.encodeBase64(arrayOfByte1);
          localObject = new String(arrayOfByte2);
          return (String)localObject;
        }
        catch (Exception localException)
        {
          System.out.print(localException);
        }
        return null;
      }
}

请忽略上述2个java文件和调试打印语句的错误设计

上面产生的输出,我感兴趣的是最后一个输出语句的内容:

  

在回避关键是t4z2jf9GKtKvXiXCPYU3u7Y0LwQOOeQBVi + YRATc3GqyTNb085bRLUVqiNT5v / ZcZl2FZPegeN8OTG9vPbwuY1HrQ04xv0vUf3ohJORiUXwEQtoBVMDnKHib50FPZCbAZIp / 1u0KgEPBV9rEe7BmHi2UGCNnp0e50G68cBPLknUinBIIYIIrw / o3U4SAT + uBdo6wyi / x0tWR3El8gJpL34JJVWzdzi4y61cPZI31gxyY19t1EzzmtqB0wnjV5RvTsavR5s3RgtBu3EV + b43poam2K0CsRyfB2lFawkZBnvRL6GzvozBpUYe4awdPbU4Pjvuju5B3zWXloQ5kMVZAkg == ::: MpcHcJWhGdYrS1VLza + ereOU1ZRZ9LyVTN0KBBdQLIjYXChX1eKtRdftrF306L5BE8Ni9ibTylbcsc6tocphVpYnCvYN2eKVcEoHLyk9Iz / Cf2ikYJCUFtHh / cPnSILhwI7txdVds0Il58uDMevMnvvRntqVR7nw6UUmUVwmtFvNWVdceP61BHc9YsDMdQs8jPOeGAHWmqA2g4ODYB2W07yQhmwNIQZEmkmrfRHUd1dqM57sIWS9HdgEbrnqhyt1pIWrCxzgYbzZCuaDS / llcFsqgLBbaPpTg2qNUFi2x3r1jJ1UeJeX + Y / mOhrEvBXSLmadsCYmEROIutNgoVWigg == :::

现在我希望通过python实现完全相同的行为(2.7如果重要的话)。到目前为止,我依赖于 pycrypto M2Crypto ,但两者都没有帮助。

这是我尝试制作与上述相同的python:

from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode

def ecnryptorFun(key, secret):
  encrypted = key.encrypt(secret, 1)
  final_text = b64encode(encrypted[0])
  return final_text

def sayHello(body):
    url = 'https://consumer-app-development.appspot.com/api/sayHello'
    res = requests.post(url=url, data=body)
    return res.text

key64 = b'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmyqvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXeiqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmEMWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB'

keyDER = b64decode(key64)
keyPub = RSA.importKey(keyDER)

secret = b"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukYycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hdlnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNqXeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638Ti8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl+wIDAQAB"

#secret1 = b64encode(secret)
arrayOfByte = bytearray(secret)

i = 0 
localStringBuilder1 = ""
while i < len(arrayOfByte):  
  if len(arrayOfByte) > (i+200):
    localObject = arrayOfByte[i:i+200]
  else:
    localObject = arrayOfByte[i:len(arrayOfByte)+1]
  localObj_byte_array = bytearray(localObject)
  localStringBuilder1 = localStringBuilder1 + ecnryptorFun(keyPub, str(localObject)) + ':::'
  #localStringBuilder1 = localStringBuilder1 + ecnryptorFun(encryption_key, localObj_byte_array) + ':::'
  i += 200;

print localStringBuilder1

输出上述python代码

  

vkqbraD / 5HMvs9LG59VXCGCLUoJ0msU6fVvLMDCc8fQ41S3R3IC0EfxLCk9FoHUIGK5h90Rd0at2ROvcOVCtESAYZlYYCB1U99NqWCFLvyDBxS4uEAVHD5yv4U82Dmn / P / ASI + d / GxnvP / xvyiI + tp39lWx77DuV4hlnRbltHu9f4o4cvqZ + Nn7wCzY1TBzIClT8f4lx2g9E / 5 + mhfkQIHejGIAMyJXl3xy + qhQSoy8DvudGQU95eGfDRdci4yqOwDeG2 + QlUip627tMbttAroWQjM8jC419kFPetTlmV / RczE / vcwnyM3iEnrhB9KnjRLYEecJ8mEYU7L / TxBe +的Tg == ::: V1oZBPETF9ryap59T4zOwfW0 / pASSCULWL8ZlvUrSlRLeaZmIxplNmewqyUnrhwIbnpDvwhmz7 + 2 / Dd2EN4hJndRnGl7aoEX8 / GJP0Kz9vL2qEDbIGQC / Dv6O75KPFZ / E06DYLcycLhNZYxudwVP9rJAhFEEMgefpY40v1 + B6sqqogrGnZhfwITaqpU0FKTbHSlHUymlD6Cn4lb0yLMISG6MZRQrP5B67UkGexlpxPQTHsXcLy0vTEzMZkvdxbv4YtawNvmgeQEgD1jqIB45pOngrwp3jcs9D9Ib2hCwpOoqkwOV / YAA + XO + dkPo8BxOw5DH / jWRcksb3N65YEmlvQ == :::

现在虽然上面产生了非常相似的输出,但它不是正确的。为什么?因为当上面的java代码的输出发送到后端时,我收到HTTP 200 OK和预期的响应。

然而,当上面的python代码的输出类似于后端发送时,我收到500内部服务器错误,这意味着(根据我的假设,假设所有其他参数,标题等之间保持完全相同) java和python HTTP请求)后端的输入不正确,因此它破了(再次请忽略500,我同意它应该是更有意义的东西,绝对不是500)

我无法访问后端。这更像是一支红队 - 我们正在做的蓝队练习

另外,我可以从python中调用上面的java代码并仍然设法实现最终结果并完成工作,但这更像是一个黑客,虽然这已经足够了,但我是我更感兴趣的是如何通过Python单独实现相同的目标。

根据以下评论中的一些建议,我也试过了: 所以我也尝试了这个:

from Crypto.Cipher import PKCS1_v1_5

def encryptMsg(secret):
    message = secret
    key = RSA.importKey(open('myPubkey.pem').read())
    cipher = PKCS1_v1_5.new(key)
    ciphertext = b64encode(cipher.encrypt(message))
    return ciphertext

然后在while循环中,这个:

localStringBuilder1 = localStringBuilder1 + encryptMsg(str(localObject)) + ':::'

似乎仍然无法运作。结果与以前相同。

1 个答案:

答案 0 :(得分:0)

感谢https://stackoverflow.com/users/1816580/artjom-b在上面的评论中指出了我正确的方向。 好。有效的是:

from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
from Crypto.Cipher import PKCS1_v1_5

def encryptMsg(key, secret):
    message = secret
    cipher = PKCS1_v1_5.new(key)
    ciphertext = b64encode(cipher.encrypt(message))
    return ciphertext

from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
from Crypto.Cipher import PKCS1_v1_5
import requests


# def ecnryptorFun(key, secret):
#   encrypted = key.encrypt(secret, 1)
#   final_text = b64encode(encrypted[0])
#   return final_text

def encryptMsg(key, secret):
    message = secret
    cipher = PKCS1_v1_5.new(key)
    ciphertext = b64encode(cipher.encrypt(message))
    return ciphertext

def sayHello(body):
    url = 'https://consumer-app-development.appspot.com/api/sayHello'
    res = requests.post(url=url, data=body)
    return res.text

# this is basically the keyString value itself
key64 = b'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmyqvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXeiqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmEMWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB'

keyDER = b64decode(key64)
keyPub = RSA.importKey(keyDER)

secret = b"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukYycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hdlnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNqXeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638Ti8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl+wIDAQAB"    
arrayOfByte = bytearray(secret)

i = 0 
localStringBuilder1 = ""
while i < len(arrayOfByte):  
  if len(arrayOfByte) > (i+200):
    localObject = arrayOfByte[i:i+200]
  else:
    localObject = arrayOfByte[i:len(arrayOfByte)+1]
  localObj_byte_array = bytearray(localObject)
  localStringBuilder1 = localStringBuilder1 + encryptMsg(keyPub, str(localObject)) + ':::'
  i += 200;

print localStringBuilder1

现在我得到后端的字符串响应200 OK