介绍
Python中实现RSA方式的加解密以及加签
依赖包
pycryptodome
加密加签
import base64
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA256, MD5
from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5
from Crypto.Signature import PKCS1_v1_5 as Signature_pkcs1_v1_5
import json
from copy import deepcopy
from collections import OrderedDict
from Crypto import Random
def rsa_pkcs1_encryptAndSign(thirdPublicKey, privateKey, requestJson):
# 本例中,要加密的内容为 requestJson["bizContent"]
# 加签后放在 requestJson["signContent"]
# 用己方私钥加签(privateKey),第三方公钥加密(thirdPublicKey)
bizContent = json.dumps(requestJson["bizContent"])
if "signContent" in requestJson.keys():
del requestJson["signContent"]
# 加密
rsakey = RSA.importKey(base64.b64decode(thirdPublicKey))
bizContent = bytes(bizContent, encoding="utf-8")
cipher = Cipher_pkcs1_v1_5.new(rsakey)
length = len(bizContent)
default_length = 117
offset = 0
res = bytes()
while length - offset > 0:
if length - offset > default_length:
_res = cipher.encrypt(bizContent[offset:offset + default_length])
else:
_res = cipher.encrypt(bizContent[offset:])
offset += default_length
res += _res
requestJson["bizContent"] = base64.b64encode(res).decode('utf-8')
# 加签
# 这一部分参考双方约定,下方模仿Java中的map方法
order_request = deepcopy(requestJson)
linkedmap = OrderedDict()
linkedkeys = sorted(order_request.keys())
for _key in linkedkeys:
linkedmap[_key] = str(order_request[_key])
sign_request = "{"
for key, value in linkedmap.items():
_k_v = "{}={}, ".format(key, value)
sign_request += _k_v
sign_request = sign_request[:-2] + "}"
rsaprivatekey = RSA.importKey(base64.b64decode(bytes(privateKey, encoding='utf-8')))
signer = Signature_pkcs1_v1_5.new(rsaprivatekey)
digest = MD5.new(bytes(sign_request, encoding='utf-8'))
sign = base64.b64encode(signer.sign(digest))
requestJson["signContent"] = sign.decode('utf-8')
return requestJson
解密
def decryptByPrivateKey(bizcontent, privateKey):
# 用己方私钥解密 privateKey
# bizcontent 对应上方加密过程
MAX_DECRYPT_BLOCK = 128
bizcontent = base64.b64decode(bytes(bizcontent, encoding='utf-8'))
privateKey = base64.b64decode(bytes(privateKey, encoding='utf-8'))
privateKey = RSA.import_key(privateKey)
dsize = SHA256.digest_size
sentinel = Random.new().read(15 + dsize)
cipher = Cipher_pkcs1_v1_5.new(privateKey)
input_len = len(bizcontent)
off_set = 0
_bizcontent = bytes()
while input_len - off_set > 0:
if input_len - off_set > MAX_DECRYPT_BLOCK:
_cache = cipher.decrypt(bizcontent[off_set:MAX_DECRYPT_BLOCK + off_set], sentinel)
else:
_cache = cipher.decrypt(bizcontent[off_set:], sentinel)
off_set += MAX_DECRYPT_BLOCK
_bizcontent += _cache
return json.loads(_bizcontent.decode('utf-8'))
