pycrypto 和 lua-resty-rsa 进行跨语言的RSA加密解密.md
2017-05-15 11:09
585 查看
最近需要在 OpenResty(Nginx lua) 和 Python 中做RSA的加密和解密操作,客户端是Python的使用 pycrypto 库,而服务端使用 OpenResty 来做解密,使用了德江的 lua-resty-rsa。如果不熟悉2个库的同学可能会遇到一些问题,下面说下遇到问题和简单的示例。
主要遇到的问题就是 rsa padding的问题, lua-resty-rsa 默认使用的是
Python部分
Lua 部分的例子
python 和 lua 的加密解密都可以相互进行了,通常我们遇到跨语言的aes rsa des 加密解密不成功,首先应该想到 padding的算法不一致这个问题。
主要遇到的问题就是 rsa padding的问题, lua-resty-rsa 默认使用的是
PKCS1 v1.5模式做的padding,当然也提供了其他的padding方式。
Python部分
#coding:utf-8 """ orangleliu 2017.5.14 rsa_test.py python2.7 pycrypto (2.6.1) """ import base64 from Crypto.PublicKey import RSA as rsa from Crypto.Cipher import PKCS1_v1_5 pub_key_str = """-----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAuw4T755fepEyXTM66pzf6nv8NtnukQTMGnhmBFIFHp/P2vEpxjXU BBDUpzKkVFR3wuK9O1FNmRDAGNGYC0N/9cZNdhykA1NixJfKQzncN31VJTmNqJNZ W0x7H9ZGoh2aE0zCCZpRlC1Rf5rL0SVlBoQkn/n9LnYFwyLLIK5/d/y/NZVL6Z6L cyvga0zRajamLIjY0Dy/8YIwVV6kaSsHeRv2cOB03eam6gbhLGIz/l8wuJhIn1rO yJLQ36IOJymbbNmcC7+2hEQJP40qLvH7hZ1LaAkgQUHjfi8RvH2T1Jmce7XGPxCo Ed0yfeFz+pL1KeSWNey6cL3N5hJZE8EntQIDAQAB -----END RSA PUBLIC KEY-----""" priv_key_str = """-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAuw4T755fepEyXTM66pzf6nv8NtnukQTMGnhmBFIFHp/P2vEp xjXUBBDUpzKkVFR3wuK9O1FNmRDAGNGYC0N/9cZNdhykA1NixJfKQzncN31VJTmN qJNZW0x7H9ZGoh2aE0zCCZpRlC1Rf5rL0SVlBoQkn/n9LnYFwyLLIK5/d/y/NZVL 6Z6Lcyvga0zRajamLIjY0Dy/8YIwVV6kaSsHeRv2cOB03eam6gbhLGIz/l8wuJhI n1rOyJLQ36IOJymbbNmcC7+2hEQJP40qLvH7hZ1LaAkgQUHjfi8RvH2T1Jmce7XG PxCoEd0yfeFz+pL1KeSWNey6cL3N5hJZE8EntQIDAQABAoIBAGim1ayIFK8EMQNH uDyui/Aqcc9WWky0PGTK23irUsXxb1708gQ89WNY70Cj6qBrqZ1VMb3QHPP4FSFN kh0rJJoi2g+ssm5R5r5KlhTKeFRrQInVC1Y3KhUUUwZa4aWtnhgSJ7Urq1yVhjU4 K7PVkhH1OHBwcp/d1Bd6jd65AgPkY63P+WpcARJkClmQ1RhgoRwThyJdpKrV4/gO ha0AUGlJNRNvRwiZxP0zaI5C8RdrG96SnVpeYOcD0z/M1HVlkoYMXsXLKttwLfpK 88Igtm6ZJwRpfuMF5VA+9hHaYGCBdGz0B/rMp2fc+EtrOavYQGrWIWi2RL1Qk6Rt BUyeTgECgYEA9anj4n/cak1MT+hbNFsL31mJXryl1eVNjEZj/iPMztpdS15CmFgj Kjr9UuintjSiK7Is43nZUWWyP1XQjRhVi2uP7PRIv92QNl/YteWD6tYCInJHKe2J QqYyZrElezsdayXb5DK6bi1UIYYji90g79N7x6pOR0UnQNQUXTv+Y8ECgYEAwuzl 6Ez4BSXIIL9NK41jfNMa73Utfl5oO1f6mHM2KbILqaFE76PSgEeXDbOKdcjCbbqC KCGjwyPd+Clehg4vkYXTq1y2SQGHwfz7DilPSOxhPY9ND7lGbeNzDUK4x8xe52hd MWKdgqeqCK83e5D0ihzRiMah8dbxmlfLAOZ3sPUCgYEA0dT9Czg/YqUHq7FCReQG rg3iYgMsexjTNh/hxO97PqwRyBCJPWr7DlU4j5qdteobIsubv+kSEI6Ww7Ze3kWM u/tyAeleQlPTnD4d8rBKD0ogpJ+L3WpBNaaToldpNmr149GAktgpmXYqSEA1GIAW ZAL11UPIfOO6dYswobpevYECgYEApSosSODnCx2PbMgL8IpWMU+DNEF6sef2s8oB aam9zCi0HyCqE9AhLlb61D48ZT8eF/IAFVcjttauX3dWQ4rDna/iwgHF5yhnyuS8 KayxJJ4+avYAmwEnfzdJpoPRpGI0TCovRQhFZI8C0Wb+QTJ7Mofmt9lvIUc64sff GD0wT/0CgYASMf708dmc5Bpzcis++EgMJVb0q+ORmWzSai1NB4bf3LsNS6suWNNU zj/JGtMaGvQo5vzGU4exNkhpQo8yUU5YbHlA8RCj7SYkmP78kCewEqxlx7dbcuj2 LAPWpiDca8StTfEphoKEVfCPHaUk0MlBHR4lCrnAkEtz23vhZKWhFw== -----END RSA PRIVATE KEY-----""" def encrypt(pub_key_str, msg): pubobj = rsa.importKey(pub_key_str) pubobj = PKCS1_v1_5.new(pubobj) return base64.b64encode(pubobj.encrypt(msg)) def decrypt(priv_key_str, msg): privobj = rsa.importKey(priv_key_str) privobj = PKCS1_v1_5.new(privobj) # 关于 privobj.decrypt 第二个参数请见 # https://github.com/dlitz/pycrypto/blob/master/lib/Crypto/Cipher/PKCS1_v1_5.py#L154 return privobj.decrypt(base64.b64decode(msg), 'xyz') if __name__ == "__main__": msg = "1234567890654xxx" mmsg = encrypt(pub_key_str, msg) print mmsg dmsg = decrypt(priv_key_str, mmsg) print dmsg
Lua 部分的例子
-- orangleliu 2017.5.14 -- resty -I ./ rsa_test.lua local rsa = require "util.rsa" -- lua-resty-rsa local aes = require "resty.aes" local PUBLIC_KEY = [[ -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAuw4T755fepEyXTM66pzf6nv8NtnukQTMGnhmBFIFHp/P2vEpxjXU BBDUpzKkVFR3wuK9O1FNmRDAGNGYC0N/9cZNdhykA1NixJfKQzncN31VJTmNqJNZ W0x7H9ZGoh2aE0zCCZpRlC1Rf5rL0SVlBoQkn/n9LnYFwyLLIK5/d/y/NZVL6Z6L cyvga0zRajamLIjY0Dy/8YIwVV6kaSsHeRv2cOB03eam6gbhLGIz/l8wuJhIn1rO yJLQ36IOJymbbNmcC7+2hEQJP40qLvH7hZ1LaAkgQUHjfi8RvH2T1Jmce7XGPxCo Ed0yfeFz+pL1KeSWNey6cL3N5hJZE8EntQIDAQAB -----END RSA PUBLIC KEY----- ]] local PRIV_LEY = [[-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAuw4T755fepEyXTM66pzf6nv8NtnukQTMGnhmBFIFHp/P2vEp xjXUBBDUpzKkVFR3wuK9O1FNmRDAGNGYC0N/9cZNdhykA1NixJfKQzncN31VJTmN qJNZW0x7H9ZGoh2aE0zCCZpRlC1Rf5rL0SVlBoQkn/n9LnYFwyLLIK5/d/y/NZVL 6Z6Lcyvga0zRajamLIjY0Dy/8YIwVV6kaSsHeRv2cOB03eam6gbhLGIz/l8wuJhI n1rOyJLQ36IOJymbbNmcC7+2hEQJP40qLvH7hZ1LaAkgQUHjfi8RvH2T1Jmce7XG PxCoEd0yfeFz+pL1KeSWNey6cL3N5hJZE8EntQIDAQABAoIBAGim1ayIFK8EMQNH uDyui/Aqcc9WWky0PGTK23irUsXxb1708gQ89WNY70Cj6qBrqZ1VMb3QHPP4FSFN kh0rJJoi2g+ssm5R5r5KlhTKeFRrQInVC1Y3KhUUUwZa4aWtnhgSJ7Urq1yVhjU4 K7PVkhH1OHBwcp/d1Bd6jd65AgPkY63P+WpcARJkClmQ1RhgoRwThyJdpKrV4/gO ha0AUGlJNRNvRwiZxP0zaI5C8RdrG96SnVpeYOcD0z/M1HVlkoYMXsXLKttwLfpK 88Igtm6ZJwRpfuMF5VA+9hHaYGCBdGz0B/rMp2fc+EtrOavYQGrWIWi2RL1Qk6Rt BUyeTgECgYEA9anj4n/cak1MT+hbNFsL31mJXryl1eVNjEZj/iPMztpdS15CmFgj Kjr9UuintjSiK7Is43nZUWWyP1XQjRhVi2uP7PRIv92QNl/YteWD6tYCInJHKe2J QqYyZrElezsdayXb5DK6bi1UIYYji90g79N7x6pOR0UnQNQUXTv+Y8ECgYEAwuzl 6Ez4BSXIIL9NK41jfNMa73Utfl5oO1f6mHM2KbILqaFE76PSgEeXDbOKdcjCbbqC KCGjwyPd+Clehg4vkYXTq1y2SQGHwfz7DilPSOxhPY9ND7lGbeNzDUK4x8xe52hd MWKdgqeqCK83e5D0ihzRiMah8dbxmlfLAOZ3sPUCgYEA0dT9Czg/YqUHq7FCReQG rg3iYgMsexjTNh/hxO97PqwRyBCJPWr7DlU4j5qdteobIsubv+kSEI6Ww7Ze3kWM u/tyAeleQlPTnD4d8rBKD0ogpJ+L3WpBNaaToldpNmr149GAktgpmXYqSEA1GIAW ZAL11UPIfOO6dYswobpevYECgYEApSosSODnCx2PbMgL8IpWMU+DNEF6sef2s8oB aam9zCi0HyCqE9AhLlb61D48ZT8eF/IAFVcjttauX3dWQ4rDna/iwgHF5yhnyuS8 KayxJJ4+avYAmwEnfzdJpoPRpGI0TCovRQhFZI8C0Wb+QTJ7Mofmt9lvIUc64sff GD0wT/0CgYASMf708dmc5Bpzcis++EgMJVb0q+ORmWzSai1NB4bf3LsNS6suWNNU zj/JGtMaGvQo5vzGU4exNkhpQo8yUU5YbHlA8RCj7SYkmP78kCewEqxlx7dbcuj2 LAPWpiDca8StTfEphoKEVfCPHaUk0MlBHR4lCrnAkEtz23vhZKWhFw== -----END RSA PRIVATE KEY-----]] local function encrypt(msg) local pub, err = rsa:new({ public_key = PUBLIC_KEY }) if not pub then ngx.say("new rsa err: ", err) return end return ngx.encode_base64(pub:encrypt(msg)) end local function decrypt(msg) local priv, err = rsa:new({ private_key = PRIV_LEY }) if not priv then ngx.say("new rsa err: ", err) return end return priv:decrypt(ngx.decode_base64(msg)) end local msg = "1234567890654xxx" local mmsg = encrypt(msg) ngx.say(mmsg) local dmsg = decrypt(mmsg) ngx.say(dmsg)
python 和 lua 的加密解密都可以相互进行了,通常我们遇到跨语言的aes rsa des 加密解密不成功,首先应该想到 padding的算法不一致这个问题。
相关文章推荐
- lua-string-resty的aes加密解密,无法和python的aes进行对接
- 利用openssl进行RSA加密解密
- 用javascript与java进行RSA加密与解密
- 利用openssl进行RSA加密解密
- C# Java间进行RSA加密解密交互(二)
- C# Java间进行RSA加密解密交互 .
- 利用openssl进行RSA加密解密
- C# Java间进行RSA加密解密交互
- C# Java间进行RSA加密解密交互 .
- 对输入的字符串进行RSA加密和解密处理
- 用javascript与java进行RSA加密与解密
- 用javascript与java进行RSA加密与解密
- openssl命令行进行RSA加密解密
- 通过 Perf 对 OpenSSL 中 RSA 加密解密进行性能分析
- 在winform中进行RSA加密,在asp.net site中解密 "不正确的数据”
- 通过RSA进行私钥加密公钥解密算法的进一步改进
- Java-web下使用RSA进行加密解密操作
- 在WebService中使用RSA进行加密和解密操作时,出现的一种异常的解决。(转帖自微软社区)
- 使用RSA进行信息加密解密的WebService示例
- C# Java间进行RSA加密解密交互(二) .