Python之校验客户端合法性

1.hmac模块用法介绍

# hmac模块用法
import hmac
rsa = "我是密钥".encode('utf-8')
msg = "我是加密信息".encode('utf-8')
h = hmac.new(rsa,msg) # 需要两个参数-加密密钥，加密地信息(两个均需要是byte类型)
secret = h.digest() # 获取加密后地信息
print(rsa,msg) # b'\xe6\x88\x91\xe6\x98\xaf\xe5\xaf\x86\xe9\x92\xa5' b'\xe6\x88\x91\xe6\x98\xaf\xe5\x8a\xa0\xe5\xaf\x86\xe4\xbf\xa1\xe6\x81\xaf'
print(secret) # b'\xcf=\x88H\xed?c&\xc2F*E\xae\xa3 \x9c'
hmac.compare_digest() # 加密信息比对

2.服务端代码

# server端，收到客户端来访后，调用以下方法校验客户端是否合法(是否具有密钥)
import hmac
import os
import socket
# 定义加密密钥
rsa = "密钥".encode('utf-8')

sk = socket.socket()
address = ('127.0.0.1',8089)
sk.bind(address)
sk.listen(5)
def clientCheck(conn):
    # 随机生成32位二进制需要加密地消息
    msg = os.urandom(32)
    print(msg)
    conn.send(msg)
    h = hmac.new(rsa,msg)
    serverKey = h.digest()
    # 显示一下服务端加密后的消息
    print(serverKey)
    clientKey = conn.recv(1024)
    # 显示一下客户端加密后的消息
    print(clientKey)
    return hmac.compare_digest(serverKey,clientKey)
conn,addr = sk.accept()
ret = clientCheck(conn)
if ret:
    print("客户端校验合法...")
conn.close()
sk.close()

3.客户端代码

import socket
import hmac

rsa = "密钥".encode('utf-8')

sk = socket.socket()
address = ('127.0.0.1',8089)
sk.connect(address)

msg = sk.recv(32)
print(msg)

h = hmac.new(rsa,msg)
clientKey = h.digest()
print(clientKey)
sk.send(clientKey)
sk.close()