- 先熟悉使用 在后台使用RSA實現秘鑰生產,加密,解密;
# -*- encoding:utf-8 -*- import base64 from Crypto import Random from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5 from Crypto.PublicKey import RSA # 偽隨機數生成器 random_generator = Random.new().read # rsa算法生成實例 rsa = RSA.generate(1024, random_generator) # master的秘鑰對的生成 private_pem = rsa.exportKey() #生產私鑰私鑰並放到文件里 with open('master-private.pem', 'w') as f: f.write(private_pem) public_pem = rsa.publickey().exportKey() with open('master-public.pem', 'w') as f: f.write(public_pem) #用公鑰加密 #被加密的數據 message = 'I_LOVE_YAYA' #打開公鑰文件 with open('master-public.pem') as f: key = f.read() rsakey = RSA.importKey(key) cipher = Cipher_pkcs1_v1_5.new(rsakey) #加密時使用base64加密 cipher_text = base64.b64encode(cipher.encrypt(message)) # cipher_text = cipher.encrypt(message) print cipher_text #用私鑰解密 #打開秘鑰文件 with open('master-private.pem') as f: key = f.read() rsakey = RSA.importKey(key) cipher = Cipher_pkcs1_v1_5.new(rsakey) # text = cipher.decrypt(cipher_text, random_generator) #使用base64解密,(在前端js加密時自動是base64加密) text = cipher.decrypt(base64.b64decode(cipher_text), random_generator) print text
- 前后台共同完成RSA非對稱加密:大致思路為 first:后台生產公鑰私鑰,next:后台把公鑰給前台,than:前台用公鑰加密並傳送給后台,finally:后台使用秘鑰解密。
- first:后台生產公鑰私鑰
create_password.py文件
# -*- encoding:utf-8 -*- from Crypto.PublicKey import RSA from flask import current_app from Crypto import Random # rsa算法生成實例 RANDOM_GENERATOR=Random.new().read if __name__=='__main__': rsa = RSA.generate(1024, RANDOM_GENERATOR) # master的秘鑰對的生成 PRIVATE_PEM = rsa.exportKey() with open('master-private.pem', 'w') as f: f.write(PRIVATE_PEM) print PRIVATE_PEM PUBLIC_PEM = rsa.publickey().exportKey() print PUBLIC_PEM with open('master-public.pem', 'w') as f: f.write(PUBLIC_PEM) - next:后台把公鑰給前台 --打開master-public.pem此文件,復制里面內容到前端(具體粘貼位置在下一步)
- than:前台用公鑰加密並傳送給后台
#導入js,如果需要base64文件,一定要在導入加密js文件之前導入,否則會出現加密結果為 false;
#如果報 typeerror-base64-not-a-constructor;使用http://blog.csdn.net/ziwoods/article/details/58595840解決方法
<script src="js/plugin/base64.js"></script> <script src="js/plugin/jsencrypt.min.js" type="text/javascript"></script> -
//獲取密碼 var password = $("#pass").val(); //獲取公鑰 var PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCogdzMsG4S20msz32M+a1GNg2Tw4UIEGDD/dfKkoZgRtEaJtHzCXgmpP3eECHCJsK0zt0GYYxGQnfbq5mBd37xVnAlKWjVpjGQHZ+fjwn82+mRUzjmFGLs3ax79zaXJZnHTN63/yS2Rua3QY/T5Z5TLpn2YOmOn09U22eA3vdfZwIDAQAB-----END PUBLIC KEY-----"; //rsa加密 var encrypt = new JSEncrypt(); encrypt.setPublicKey(PUBLIC_KEY); password = encrypt.encrypt(password);//加密后的字符串
- finally:后台使用秘鑰解密
views.py文件
#獲取密碼 password = request.values.get('password') with open('carrier/master-private.pem') as f: key = f.read() rsakey = RSA.importKey(key) cipher = Cipher_pkcs1_v1_5.new(rsakey) password = cipher.decrypt(base64.b64decode(password), RANDOM_GENERATOR) #如果返回的password類型不是str,說明秘鑰公鑰不一致,或者程序錯誤 if str(type(password))!="<type 'str'>": return 'fail' #結果應該為I_LOVE_YAYA print password本功能模塊中前端RSA加密過程中沒有使用OPEN_SSL生成models方式進行加密(運維部署時簡潔方便,並且用那種方式,傳輸的為16進制數據);並且前端加密數據為base64位傳輸到后台;后台需要導入的包等在最上面1中
注意事項:前端通過公鑰加密的數據1%的概率會出現 加密后的數據結尾有2個等於號(=)的情況,這時,后端會解密失敗,前端在生成加密數據后,自行校驗加密后的數據是否包含2個=,如果出現,則從新加密