[英]AES Encryption Golang and Python
I am working on a fun side project for myself. 我正在为自己开发一个有趣的辅助项目。 A golang server and a python client. Golang服务器和python客户端。 I want data transmitted to be encrypted but cant seem to get the two encryption schemes working together. 我希望对传输的数据进行加密,但似乎无法使这两种加密方案协同工作。 I am a novice when it comes to encryption so please explain like you are talking to a toddler. 我是加密方面的新手,因此请像您在跟幼儿说话一样解释一下。
Here is my golang encryption functions: 这是我的golang加密功能:
import (
"crypto/aes"
"crypto/cipher"
"crypto/rand"
"errors"
"io"
"fmt"
)
func Encrypt(key, text []byte) (ciphertext []byte, err error) {
var block cipher.Block
if block, err = aes.NewCipher(key); err != nil {
return nil, err
}
ciphertext = make([]byte, aes.BlockSize+len(string(text)))
iv := ciphertext[:aes.BlockSize]
fmt.Println(aes.BlockSize)
if _, err = io.ReadFull(rand.Reader, iv); err != nil {
return
}
cfb := cipher.NewCFBEncrypter(block, iv)
cfb.XORKeyStream(ciphertext[aes.BlockSize:], text)
return
}
func Decrypt(key, ciphertext []byte) (plaintext []byte, err error) {
var block cipher.Block
if block, err = aes.NewCipher(key); err != nil {
return
}
if len(ciphertext) < aes.BlockSize {
err = errors.New("ciphertext too short")
return
}
iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:]
cfb := cipher.NewCFBDecrypter(block, iv)
cfb.XORKeyStream(ciphertext, ciphertext)
plaintext = ciphertext
return
}
and here is my Python implementation: 这是我的Python实现:
class AESCipher:
def __init__( self, key ):
self.key = key
print "INIT KEY" + hexlify(self.key)
def encrypt( self, raw ):
print "RAW STRING: " + hexlify(raw)
iv = Random.new().read( AES.block_size )
cipher = AES.new( self.key, AES.MODE_CFB, iv )
r = ( iv + cipher.encrypt( raw ) )
print "ECRYPTED STRING: " + hexlify(r)
return r
def decrypt( self, enc ):
enc = (enc)
iv = enc[:16]
cipher = AES.new(self.key, AES.MODE_CFB, iv)
x=(cipher.decrypt( enc ))
print "DECRYPTED STRING: " + hexlify(x)
return x
i cant quite figure out the output of my python functions either. 我也不太清楚我的python函数的输出。 My Go routines are working perfectly. 我的Go例程运行良好。 But i want to be able to encrypt in Go an decrypt in python and vice versa. 但我希望能够在Go中进行加密,而在python中进行解密,反之亦然。
Sample Output from Python: Python的示例输出:
INIT KEY61736466617364666173646661736466
RAW STRING: 54657374206d657373616765
ECRYPTED STRING: dfee33dd40c32fbaf9aac73ac4e0a5a9fc7bd2947d29005dd8d8e21a
dfee33dd40c32fbaf9aac73ac4e0a5a9fc7bd2947d29005dd8d8e21a
DECRYPTED STRING: 77d899b990d2d3172a3229b1b69c6f2554657374206d657373616765
77d899b990d2d3172a3229b1b69c6f2554657374206d657373616765
wØ™¹�ÒÓ*2)±¶œo%Test message
As you can see the message is decrypted but ends up at the end of the string? 如您所见,消息已解密,但最终出现在字符串末尾?
EDIT: Sample output decrypting from GO. 编辑:从GO解密的示例输出。 If i try and decrypt with GO the below (generated with Python) 如果我尝试使用GO解密以下内容(使用Python生成)
ECRYPTED STRING: (Test Message) 7af474bc4c8ea9579d83a3353f83a0c2844f8efb019c82618ea0b478
I get 我懂了
Decrypted Payload: 54 4E 57 9B 90 F8 D6 CD 12 59 0B B1
Decrypted Payload: TNW�����Y�
The strange part is the first character is always correct 奇怪的是第一个字符总是正确的
here are both full projects: 这两个都是完整的项目:
You forgot to slice off the IV during decryption in Python. 您忘了用Python解密时分割IV。 Change 更改
x=(cipher.decrypt( enc ))
to 至
x = cipher.decrypt( enc[16:] )
or to 或者
x = cipher.decrypt( enc )[16:]
Python uses 8-bit segments while Go uses 128-bit segments so the reason the first character works but the following ones don't is because each segment depends on the previous and thus a different segment size breaks the chain. Python使用8位段,而Go使用128位段,因此第一个字符起作用但后面的字符不起作用的原因是,由于每个段都取决于前一个,因此不同的段大小会打断链。
I made these URL safe (non-padded base64 encoding) encrypt/decrypt functions for Python to optionally encrypt the same way Go does (when you specify block_segments=True
). 我为Python提供了这些URL安全(非填充base64编码)加密/解密函数,以选择以与Go相同的方式加密(当您指定block_segments=True
)。
def decrypt(key, value, block_segments=False):
# The base64 library fails if value is Unicode. Luckily, base64 is ASCII-safe.
value = str(value)
# We add back the padding ("=") here so that the decode won't fail.
value = base64.b64decode(value + '=' * (4 - len(value) % 4), '-_')
iv, value = value[:AES.block_size], value[AES.block_size:]
if block_segments:
# Python uses 8-bit segments by default for legacy reasons. In order to support
# languages that encrypt using 128-bit segments, without having to use data with
# a length divisible by 16, we need to pad and truncate the values.
remainder = len(value) % 16
padded_value = value + '\0' * (16 - remainder) if remainder else value
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
# Return the decrypted string with the padding removed.
return cipher.decrypt(padded_value)[:len(value)]
return AES.new(key, AES.MODE_CFB, iv).decrypt(value)
def encrypt(key, value, block_segments=False):
iv = Random.new().read(AES.block_size)
if block_segments:
# See comment in decrypt for information.
remainder = len(value) % 16
padded_value = value + '\0' * (16 - remainder) if remainder else value
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
value = cipher.encrypt(padded_value)[:len(value)]
else:
value = AES.new(key, AES.MODE_CFB, iv).encrypt(value)
# The returned value has its padding stripped to avoid query string issues.
return base64.b64encode(iv + value, '-_').rstrip('=')
Note that for secure message passing you want additional security features, such as a nonce to prevent against replay attacks. 请注意, 对于安全的消息传递,您需要其他安全功能,例如用于防止重播攻击的随机数。
Here are the Go equivalent functions: 这是Go的等效功能:
func Decrypt(key []byte, encrypted string) ([]byte, error) {
ciphertext, err := base64.RawURLEncoding.DecodeString(encrypted)
if err != nil {
return nil, err
}
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
if len(ciphertext) < aes.BlockSize {
return nil, errors.New("ciphertext too short")
}
iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:]
cfb := cipher.NewCFBDecrypter(block, iv)
cfb.XORKeyStream(ciphertext, ciphertext)
return ciphertext, nil
}
func Encrypt(key, data []byte) (string, error) {
block, err := aes.NewCipher(key)
if err != nil {
return "", err
}
ciphertext := make([]byte, aes.BlockSize+len(data))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
return "", err
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], data)
return base64.RawURLEncoding.EncodeToString(ciphertext), nil
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.