AES加密在Golang和Python中的应用

Question

AES加密在Golang和Python中的应用

4

我可以帮助您翻译这段内容，它是关于编程的。您需要将数据传输加密，但似乎无法让两种加密方案同时工作。以下是我的golang加密函数：

import (
    "crypto/aes"
    "crypto/cipher"
    "crypto/rand"
    "errors"
    "io"
    "fmt"
)
func Encrypt(key, text []byte) (ciphertext []byte, err error) {
    var block cipher.Block
    if block, err = aes.NewCipher(key); err != nil {
        return nil, err
    }
    ciphertext = make([]byte, aes.BlockSize+len(string(text)))
    iv := ciphertext[:aes.BlockSize]
    fmt.Println(aes.BlockSize)
    if _, err = io.ReadFull(rand.Reader, iv); err != nil {
        return
    }
    cfb := cipher.NewCFBEncrypter(block, iv)
    cfb.XORKeyStream(ciphertext[aes.BlockSize:], text)
    return
}

func Decrypt(key, ciphertext []byte) (plaintext []byte, err error) {
    var block cipher.Block
    if block, err = aes.NewCipher(key); err != nil {
        return
    }
    if len(ciphertext) < aes.BlockSize {
        err = errors.New("ciphertext too short")
        return
    }
    iv := ciphertext[:aes.BlockSize]
    ciphertext = ciphertext[aes.BlockSize:]
    cfb := cipher.NewCFBDecrypter(block, iv)
    cfb.XORKeyStream(ciphertext, ciphertext)
    plaintext = ciphertext
    return
}

这是我的Python实现：

 class AESCipher:
    def __init__( self, key ):
        self.key = key
        print "INIT KEY" + hexlify(self.key)
    def encrypt( self, raw ):
        print "RAW STRING: " + hexlify(raw)
        iv = Random.new().read( AES.block_size )
        cipher = AES.new( self.key, AES.MODE_CFB, iv )
        r = ( iv + cipher.encrypt( raw ) )
        print "ECRYPTED STRING: " + hexlify(r)
        return r

    def decrypt( self, enc ):
        enc = (enc)
        iv = enc[:16]
        cipher = AES.new(self.key, AES.MODE_CFB, iv)
        x=(cipher.decrypt( enc ))
        print "DECRYPTED STRING: " + hexlify(x)
        return x

我无法完全理解我的Python函数的输出。我的Go例程运行得很完美。但是我希望能够在Go中加密并在Python中解密，反之亦然。

Python的示例输出：

INIT KEY61736466617364666173646661736466
RAW STRING: 54657374206d657373616765
ECRYPTED STRING: dfee33dd40c32fbaf9aac73ac4e0a5a9fc7bd2947d29005dd8d8e21a
dfee33dd40c32fbaf9aac73ac4e0a5a9fc7bd2947d29005dd8d8e21a
DECRYPTED STRING: 77d899b990d2d3172a3229b1b69c6f2554657374206d657373616765
77d899b990d2d3172a3229b1b69c6f2554657374206d657373616765
wØ™¹�ÒÓ*2)±¶œo%Test message

正如您所看到的，消息已被解密，但最终出现在字符串末尾？

编辑： 使用GO解密的示例输出。如果我尝试使用GO解密以下内容（由Python生成），则会出现上述情况。

ECRYPTED STRING: (Test Message) 7af474bc4c8ea9579d83a3353f83a0c2844f8efb019c82618ea0b478

我得到了。

Decrypted Payload: 54 4E 57 9B 90 F8 D6 CD 12 59 0B B1
Decrypted Payload: TNW�����Y�

奇怪的是第一个字符总是正确的。

这里有两个完整的项目：

Github

- stihl

1

我强烈建议您使用https://godoc.org/golang.org/x/crypto/nacl/secretbox和https://pynacl.readthedocs.org/en/latest/（适用于Python），如果您需要加密消息。 - elithrar

2个回答

3

在Python解密过程中，您忘记切片IV。请更改为：

x=(cipher.decrypt( enc ))

to

x = cipher.decrypt( enc[16:] )

或者至

x = cipher.decrypt( enc )[16:]

- Artjom B.

这两个建议对于像CFB（使用完整的块移位寄存器）和CBC这样的模式来说是等效的，但对于像CTR这样的模式不适用。在这种情况下，选择第一个建议。 - Artjom B.

谢谢，这对 Python 部分有所帮助。我已经在上面做了一个编辑，用 Go 解密。谢谢！ - stihl

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Blixt · Accepted Answer

Python使用8位段，而Go使用128位段，因此第一个字符有效，但后续字符无效是因为每个段都依赖于前一个段，因此不同的段大小会打破这个链条。

我为Python编写了这些URL安全（非填充的base64编码）加密/解密函数，可选择以与Go相同的方式进行加密（当您指定block_segments=True时）。

def decrypt(key, value, block_segments=False):
    # The base64 library fails if value is Unicode. Luckily, base64 is ASCII-safe.
    value = str(value)
    # We add back the padding ("=") here so that the decode won't fail.
    value = base64.b64decode(value + '=' * (4 - len(value) % 4), '-_')
    iv, value = value[:AES.block_size], value[AES.block_size:]
    if block_segments:
        # Python uses 8-bit segments by default for legacy reasons. In order to support
        # languages that encrypt using 128-bit segments, without having to use data with
        # a length divisible by 16, we need to pad and truncate the values.
        remainder = len(value) % 16
        padded_value = value + '\0' * (16 - remainder) if remainder else value
        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        # Return the decrypted string with the padding removed.
        return cipher.decrypt(padded_value)[:len(value)]
    return AES.new(key, AES.MODE_CFB, iv).decrypt(value)


def encrypt(key, value, block_segments=False):
    iv = Random.new().read(AES.block_size)
    if block_segments:
        # See comment in decrypt for information.
        remainder = len(value) % 16
        padded_value = value + '\0' * (16 - remainder) if remainder else value
        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        value = cipher.encrypt(padded_value)[:len(value)]
    else:
        value = AES.new(key, AES.MODE_CFB, iv).encrypt(value)
    # The returned value has its padding stripped to avoid query string issues.
    return base64.b64encode(iv + value, '-_').rstrip('=')

请注意，对于安全的消息传递，您需要额外的安全功能，例如nonce以防止重放攻击。

以下是Go语言等效的函数：

func Decrypt(key []byte, encrypted string) ([]byte, error) {
    ciphertext, err := base64.RawURLEncoding.DecodeString(encrypted)
    if err != nil {
        return nil, err
    }
    block, err := aes.NewCipher(key)
    if err != nil {
        return nil, err
    }
    if len(ciphertext) < aes.BlockSize {
        return nil, errors.New("ciphertext too short")
    }
    iv := ciphertext[:aes.BlockSize]
    ciphertext = ciphertext[aes.BlockSize:]
    cfb := cipher.NewCFBDecrypter(block, iv)
    cfb.XORKeyStream(ciphertext, ciphertext)
    return ciphertext, nil
}

func Encrypt(key, data []byte) (string, error) {
    block, err := aes.NewCipher(key)
    if err != nil {
        return "", err
    }
    ciphertext := make([]byte, aes.BlockSize+len(data))
    iv := ciphertext[:aes.BlockSize]
    if _, err := io.ReadFull(rand.Reader, iv); err != nil {
        return "", err
    }
    stream := cipher.NewCFBEncrypter(block, iv)
    stream.XORKeyStream(ciphertext[aes.BlockSize:], data)
    return base64.RawURLEncoding.EncodeToString(ciphertext), nil
}