Python的cryptography库介绍

本文主要是介绍Python的cryptography库介绍，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

Python的cryptography是密码库，源码地址为：https://github.com/pyca/cryptography，最新发布版本为41.0.7,license为Apache 2.0/BSD 3，它支持在Windows、Linux、macOS上使用。如果通过源码编译，需要依赖OpenSSL。Python版本需要为3.7+.

通过pip安装,执行：

pip install cryptography

以下是对称加密AES测试code:

关于OpenSSL AES GCM的介绍可以参考：https://blog.csdn.net/fengbingchun/article/details/106113185

import os
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modesdef aes_gcm_encrypt(plain_text, key, iv, aad):# Construct an AES-GCM Cipher object with the given key and ivencryptor = Cipher(algorithms.AES(key), modes.GCM(iv),).encryptor()# associated_data will be authenticated but not encrypted, it must also be passed in on decryptionencryptor.authenticate_additional_data(aad)# Encrypt the plaintext and get the associated ciphertext. GCM does not require paddingcipher_text = encryptor.update(plain_text) + encryptor.finalize()return (cipher_text, encryptor.tag)def aes_gcm_decrypt(cipher_test, key, iv, aad, tag):# Construct a Cipher object, with the key, iv, and additionally the GCM tag used for authenticating the messagedecryptor = Cipher(algorithms.AES(key), modes.GCM(iv, tag),).decryptor()# We put associated_data back in or the tag will fail to verify when we finalize the decryptordecryptor.authenticate_additional_data(aad)# Decryption gets us the authenticated plaintext. If the tag does not match an InvalidTag exception will be raisedreturn decryptor.update(cipher_test) + decryptor.finalize()if __name__ == "__main__":# reference: https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/plain_test = b"https://github.com/fengbingchun"key = os.urandom(32) # bytes, secret key: either 128, 192, or 256 bits longiv = os.urandom(12) # bytes, initialisation vectoraad = os.urandom(16) # authenticated encryption with additional dataprint("key: {}\niv: {}\naad: {}\n".format(key, iv, aad))cipher_text, tag = aes_gcm_encrypt(plain_test, key, iv, aad)print("cipher text: {}\ntag: {}\n".format(cipher_text, tag))plain_test2 = aes_gcm_decrypt(cipher_text, key, iv, aad, tag)print("before encryption, plaintext:{}\nafter  decryption, plaintext:{}".format(plain_test, plain_test2))if plain_test != plain_test2:print("Error: the decrypted content does not match the original plaintext")raiseprint("test finish")

执行结果如下图所示：

以下是非对称加密RSA测试code:
关于OpenSSL RSA的介绍可以参考：https://blog.csdn.net/fengbingchun/article/details/43638013

通过openssl执行文件生成rsa公钥-私钥对文件rsa_private.pem，密钥对长度为3072，执行如下命令：

openssl.exe genrsa -out rsa_private.pem 3072

from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import serialization, hashesdef rsa_public_key_encrypt(plain_text, public_key):return public_key.encrypt(plain_text,padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),algorithm=hashes.SHA256(),label=None))def rsa_private_key_decrypt(cipher_test, private_key):return private_key.decrypt(cipher_test,padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),algorithm=hashes.SHA256(),label=None))if __name__ == "__main__":# reference: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/plain_test = b"https://blog.csdn.net/fengbingchun/"with open("test_data/rsa_private.pem", "rb") as key_file:private_key = serialization.load_pem_private_key(key_file.read(), password=None,)pem = private_key.private_bytes(encoding=serialization.Encoding.PEM,format=serialization.PrivateFormat.TraditionalOpenSSL,encryption_algorithm=serialization.NoEncryption())#print("private key: {}\n".format(pem.splitlines()))public_key = private_key.public_key()pem = public_key.public_bytes(encoding=serialization.Encoding.PEM,format=serialization.PublicFormat.SubjectPublicKeyInfo)#print("public key: {}\n".format(pem.splitlines()))cipher_text = rsa_public_key_encrypt(plain_test, public_key)print("cipher text:{}\n".format(cipher_text))plain_test2 = rsa_private_key_decrypt(cipher_text, private_key)print("before encryption, plaintext:{}\nafter  decryption, plaintext:{}".format(plain_test, plain_test2))if plain_test != plain_test2:print("Error: the decrypted content does not match the original plaintext")raiseprint("test finish")

执行结果如下图所示：