hmac模塊的作用:
用於驗證信息的完整性。
1、hmac消息簽名(默認使用MD5加算法)
#!/usr/bin/env python # -*- coding: utf-8 -*- import hmac #默認使用是md5算法 digest_maker = hmac.new('secret-shared-key'.encode('utf-8')) with open('content.txt', 'rb') as f: while True: block = f.read(1024) if not block: break digest_maker.update(block) digest = digest_maker.hexdigest() print(digest)
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Donec egestas, enim et consectetuer ullamcorper, lectus ligula rutrum leo, a elementum elit tortor eu quam. Duis tincidunt nisi ut ante. Nulla facilisi. Sed tristique eros eu libero. Pellentesque vel arcu. Vivamus purus orci, iaculis ac, suscipit sit amet, pulvinar eu, lacus. Praesent placerat tortor sed nisl. Nunc blandit diam egestas dui. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Aliquam viverra fringilla leo. Nulla feugiat augue eleifend nulla. Vivamus mauris. Vivamus sed mauris in nibh placerat egestas. Suspendisse potenti. Mauris massa. Ut eget velit auctor tortor blandit sollicitudin. Suspendisse imperdiet justo.
運行效果
[root@ mnt]# python3 hmac_md5.py
79cbf5942e8f67be558bc28610c02117
2、hmac消息簽名摘要(使用SHA1加算法)
#!/usr/bin/env python # -*- coding: utf-8 -*- import hmac digest_maker = hmac.new('secret-shared-key'.encode('utf-8'), b'', digestmod='sha1') # hmac.new(key,msg,digestmod) # key:加鹽的key, # msg:加密的內容, # digestmod:加密的方式 with open('hmac_sha1.py', 'rb') as f: while True: block = f.read(1024) if not block: break digest_maker.update(block) digest = digest_maker.hexdigest() print(digest)
運行效果
[root@ mnt]# python3 hmac_sha1.py
e5c012eac5fa76a274f77ee678e6cc98cad8fff9
3、hmac二進制消息簽名摘要(使用SHA1加算法)
#!/usr/bin/env python # -*- coding: utf-8 -*- import hmac import base64 import hashlib with open('test.py', 'rb') as f: body = f.read() # 默認使用是md5算法 digest_maker = hmac.new('secret-shared-key'.encode('utf-8'), body, hashlib.sha1) # hmac.new(key,msg,digestmod) # key:加鹽的key, # msg:加密的內容, # digestmod:加密的方式 digest = digest_maker.digest() # 默認內容是字節類型,所以需要base64 print(base64.encodebytes(digest)) #注意base64結果是以\n結束,所以Http頭部或其它傳輸時,需要去除\n
運行效果
[root@ mnt]# python3 hmac_base64.py b'Y9a4OMRqU4DB6Ks/hGfru+MNXAw=\n'
4、hmac摘要數據比較示例
#!/usr/bin/env python # -*- coding: utf-8 -*- import hashlib import hmac import io import pickle def make_digest(message): "返消息摘要,加密碼后的結果" hash = hmac.new( 'secret-shared-key'.encode('utf-8'), message, hashlib.sha1 ) return hash.hexdigest().encode('utf-8') class SimpleObject(object): def __init__(self, name): self.name = name def __str__(self): return self.name # 輸出緩沖區 out_s = io.BytesIO() o = SimpleObject('digest matches') pickle_data = pickle.dumps(o) # 序列化 digest = make_digest(pickle_data) # 使用sha1加密算法 header = b'%s %d\n' % (digest, len(pickle_data)) print('提示:{}'.format(header)) out_s.write(header) # 將消息頭寫入緩沖區 out_s.write(pickle_data) # 將序列化內容寫入緩沖區 o = SimpleObject('digest does not matches') pickle_data = pickle.dumps(o) digest = make_digest(b'not the pickled data at all') header = b'%s %d\n' % (digest, len(pickle_data)) print('提示:{}'.format(header)) out_s.write(header) # 將消息頭寫入緩沖區 out_s.write(pickle_data) # 將序列化內容寫入緩沖區 out_s.flush() # 刷新緩沖區 # 輸入緩沖區 in_s = io.BytesIO(out_s.getvalue()) while True: first_line = in_s.readline() if not first_line: break incoming_digest, incoming_length = first_line.split(b' ') incoming_length = int(incoming_length.decode('utf-8')) print('讀取到:', incoming_digest, incoming_length) incoming_pickled_data = in_s.read(incoming_length) actual_digest = make_digest(incoming_pickled_data) # 實際的摘要 print('實際值:', actual_digest) if hmac.compare_digest(actual_digest, incoming_digest): # 比較兩個摘要是否相等 obj = pickle.loads(incoming_pickled_data) print('OK:', obj) else: print('數據不完整')
運行效果
[root@ mnt]# python3 hmac_pickle.py 提示:b'00e080735a8de379e19fe2aa731c92fc9253a6e2 69\n' 提示:b'1d147690f94ea374f6f8c3767bd5a5f9a8989a53 78\n' 讀取到: b'00e080735a8de379e19fe2aa731c92fc9253a6e2' 69 實際值: b'00e080735a8de379e19fe2aa731c92fc9253a6e2' OK: digest matches 讀取到: b'1d147690f94ea374f6f8c3767bd5a5f9a8989a53' 78 實際值: b'4dcaad9b05bbb67b571a64defa52e8960a27c45d' 數據不完整