前端js，后台python实现RSA非对称加密

1. 先熟悉使用 在后台使用RSA实现秘钥生产，加密，解密;  

   # -*- encoding:utf-8 -*-
   import base64
   from Crypto import Random
   from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5
   from Crypto.PublicKey import RSA
   
   # 伪随机数生成器
   random_generator = Random.new().read
   # rsa算法生成实例
   rsa = RSA.generate(1024, random_generator)
   # master的秘钥对的生成
   private_pem = rsa.exportKey()
   
   #生产私钥私钥并放到文件里
   with open('master-private.pem', 'w') as f:
   f.write(private_pem)
   public_pem = rsa.publickey().exportKey()
   with open('master-public.pem', 'w') as f:
   f.write(public_pem)
   
   #用公钥加密
   #被加密的数据
   message = 'I_LOVE_YAYA'
   #打开公钥文件
   with open('master-public.pem') as f:
   key = f.read()
   rsakey = RSA.importKey(key)
   cipher = Cipher_pkcs1_v1_5.new(rsakey)
   #加密时使用base64加密
   cipher_text = base64.b64encode(cipher.encrypt(message))
   # cipher_text = cipher.encrypt(message)
   print cipher_text
   
   #用私钥解密
   #打开秘钥文件
   with open('master-private.pem') as f:
   key = f.read()
   rsakey = RSA.importKey(key)
   cipher = Cipher_pkcs1_v1_5.new(rsakey)
   # text = cipher.decrypt(cipher_text, random_generator)
   #使用base64解密，(在前端js加密时自动是base64加密)
   text = cipher.decrypt(base64.b64decode(cipher_text), random_generator)
   print text

    

2. 前后台共同完成RSA非对称加密：大致思路为  first:后台生产公钥私钥,next:后台把公钥给前台,than:前台用公钥加密并传送给后台，finally:后台使用秘钥解密。

• first:后台生产公钥私钥

  create_password.py文件
  # -*- encoding:utf-8 -*-
  from Crypto.PublicKey import RSA
  from flask import current_app
  from Crypto import Random
  # rsa算法生成实例
  RANDOM_GENERATOR=Random.new().read
  if __name__=='__main__':
      rsa = RSA.generate(1024, RANDOM_GENERATOR)
      # master的秘钥对的生成
      PRIVATE_PEM = rsa.exportKey()
      with open('master-private.pem', 'w') as f:
          f.write(PRIVATE_PEM)
      print PRIVATE_PEM
      PUBLIC_PEM = rsa.publickey().exportKey()
      print PUBLIC_PEM
      with open('master-public.pem', 'w') as f:
          f.write(PUBLIC_PEM)

   
• next:后台把公钥给前台    --打开master-public.pem此文件，复制里面内容到前端（具体粘贴位置在下一步）
• than:前台用公钥加密并传送给后台

  #导入js,如果需要base64文件，一定要在导入加密js文件之前导入，否则会出现加密结果为 false;
  #如果报 typeerror-base64-not-a-constructor;使用http://blog.csdn.net/ziwoods/article/details/58595840解决方法
  <script src="js/plugin/base64.js"></script>
  <script src="js/plugin/jsencrypt.min.js" type="text/javascript"></script>

   

• //获取密码
  var password = $("#pass").val();
  
  //获取公钥
  var PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCogdzMsG4S20msz32M+a1GNg2Tw4UIEGDD/dfKkoZgRtEaJtHzCXgmpP3eECHCJsK0zt0GYYxGQnfbq5mBd37xVnAlKWjVpjGQHZ+fjwn82+mRUzjmFGLs3ax79zaXJZnHTN63/yS2Rua3QY/T5Z5TLpn2YOmOn09U22eA3vdfZwIDAQAB-----END PUBLIC KEY-----";
  //rsa加密
  var encrypt = new JSEncrypt();
  encrypt.setPublicKey(PUBLIC_KEY);
  password = encrypt.encrypt(password);//加密后的字符串

   

• finally:后台使用秘钥解密

  views.py文件
  #获取密码
  password = request.values.get('password')
  with open('carrier/master-private.pem') as f:
      key = f.read()
  rsakey = RSA.importKey(key)
  cipher = Cipher_pkcs1_v1_5.new(rsakey)
  password = cipher.decrypt(base64.b64decode(password), RANDOM_GENERATOR)
  #如果返回的password类型不是str，说明秘钥公钥不一致，或者程序错误
  if str(type(password))!="<type 'str'>":
      return 'fail'
  #结果应该为I_LOVE_YAYA
  print password

   

  本功能模块中前端RSA加密过程中没有使用OPEN_SSL生成models方式进行加密（运维部署时简洁方便，并且用那种方式，传输的为16进制数据）；并且前端加密数据为base64位传输到后台；后台需要导入的包等在最上面1中