1 Introduction
The encryption methods we are talking about are all encrypted in the binary encoding format, and corresponding to Python, it is ours Bytes.
So when we perform encryption operations in Python, we must ensure that we are operating Bytes, otherwise an error will be reported.
The sum method Bytescan be used to convert strings and each other . As follows:encode()decode()
# 方法中不传参数则是以默认的utf-8编码进行转换
In [1]: '南北'.encode()
Out[1]: b'\xe5\x8d\x97\xe5\x8c\x97'
In [2]: b'\xe5\x8d\x97\xe5\x8c\x97'.decode()
Out[2]: '南北'
Note: Two-digit hexadecimal is often used to display a binary byte.
Using the binasciimodule, the bytes displayed in hexadecimal can be converted into the more commonly used display methods in encryption and decryption:
In [1]: import binascii
In [2]: '南北'.encode()
Out[2]: b'\xe5\x8d\x97\xe5\x8c\x97'
In [3]: binascii.b2a_hex('南北'.encode())
Out[3]: b'e58d97e58c97'
In [4]: binascii.a2b_hex(b'e58d97e58c97')
Out[4]: b'\xe5\x8d\x97\xe5\x8c\x97'
In [5]: binascii.a2b_hex(b'e58d97e58c97').decode()
Out[5]: '南北'
2. URL encoding
A normal URL can only contain ASCII characters, that is, characters, numbers, and some symbols. URL encoding is an encoding method used by browsers to avoid special characters (such as Chinese characters) in URLs.
In fact, it is to convert characters beyond the ASCII range into a %hexadecimal format with bands .
Example :
In [1]: from urllib import parse
# quote()方法会自动将str转换成bytes,所以这里传入str和bytes都可以
In [2]: parse.quote('南北')
Out[2]: '%E5%8D%97%E5%8C%97'
In [3]: parse.unquote('%E5%8D%97%E5%8C%97')
Out[3]: '南北'
3. Base64 encoding
Base64 is a method that uses 64 characters to represent arbitrary binary data.
Base64 encoding can be called the cornerstone of cryptography. Any binary data can be Base64 encoded. All data can be encoded as a text file that can be represented by only 65 characters. (65 characters: A~Z a~z 0~9 + / =) The encoded data ~= 4/3 of the data before encoding, which will be about 1/3 larger.
3.1. Principle
image.png
- Convert all characters into ASCII code.
- Convert ASCII code into 8-bit binary.
- Group 3 binary numbers into one group (less than 3 bits are added with 0 at the back), a total of 24 bits, and then divide them into 4 groups, each with 6 bits.
- Add two 0s before the 6-bit binary to make up 8 bits.
- Convert the 0-filled binary to decimal.
- Obtain the Base64 code corresponding to the decimal system from the Base64 code table.
3.2. Description
- When converting, put three bytes of data into a 24-bit buffer one after another, and the first byte occupies the high bit.
- If the data is less than 3 bytes, the remaining bits in the buffer are filled with 0. Then, 6 bits are taken out each time, and the corresponding character is selected according to the value of the look-up table and selected as the encoded output.
- Continue until the conversion of all input data is completed.
- If there are two input data left at the end, add an "=" after the encoding result.
- If there is one input data left at the end, add 2 "=" after the encoding result.
- If there is no data left, don't add anything, so as to ensure the correctness of data restoration.
3.3. Python usage
Python's built-in base64module can directly encode and decode base64
Note: For base64 encoding, either the characters contained in ASCII or binary data
In [1]: import base64
In [2]: base64.b64encode(b'hello world')
Out[2]: b'aGVsbG8gd29ybGQ='
In [3]: base64.b64decode(b'aGVsbG8gd29ybGQ=')
Out[3]: b'hello world'
4. MD5 (message-digest algorithm)
message-digest algorithm 5 (message-digest algorithm). The often-mentioned "MD5 encryption" is the information digest algorithm.
md5 is actually an algorithm. You can put a string, or file, or compressed package, after executing md5, you can generate a fixed-length 128-bit string. This string is basically unique.
4.1. Features
- Compressibility: For data of any length, the length of the calculated MD5 value is fixed.
- Easy to calculate: It is easy to calculate the MD5 value from the original data.
- Modification resistance: Any modification to the original data, even if only one byte is modified, the MD5 value obtained is very different.
- Strong anti-collision: Knowing the original data and its MD5 value, it is very difficult to find a data with the same MD5 value (ie, fake data).
- Irreversibility: Everyone has different fingerprints. When you see this person, you can get his fingerprints and other information, and the unique correspondence, but if you only look at one fingerprint, it is impossible to see or read the person’s appearance or identity And other information.
Take a chestnut: There is only one me in the world, but there are very, very many girls. With a limited me, there are almost infinite girls, so you may be able to deal with very many (100+) girls. This is indeed true in theory. It works, but in reality....
4.2. Python usage
Since the MD5 module was removed in python3, use the hashlibmodule for md5 operations in python3
import hashlib
# 待加密信息
str = '这是一个测试'
# 创建md5对象
hl = hashlib.md5()
# 此处必须声明encode
# 若写法为hl.update(str) 报错为: Unicode-objects must be encoded before hashing
hl.update(str.encode(encoding='utf-8'))
print('MD5加密前为 :' + str)
print('MD5加密后为 :' + hl.hexdigest())
operation result
MD5加密前为 :这是一个测试
MD5加密后为 :cfca700b9e09cf664f3ae80733274d9f
The length of md5, the default is 128bit, which is a binary string of 128 0s and 1s. Such expression is very unfriendly. So the binary is converted to hexadecimal, and every 4 bits represents a hexadecimal, so 128/4 = 32 is converted to hexadecimal, and it becomes 32 bits.
Why is there still a 16-bit md5 on the Internet?
In fact, the 16-bit length is derived from the 32-bit md5 value. It is obtained by removing the first eight bits of the 32-bit md5 and removing the last eight bits.
5. Python encryption library PyCryptodome
PyCrypto is the most famous third-party software package for cryptography in Python, which provides the use of many encryption algorithms. Unfortunately, its development work ceased in 2012.
Fortunately, there is a branch of the project, PyCrytodome, which replaced PyCrypto.
5.1. Installation and Import
You need to install Microsoft Visual c++ 2015 before installation .
To install on Linux, you can use the following pip command:
pip install pycryptodome
Import:
import Crypto
Installation on a Windows system is slightly different:
pip install pycryptodomex
Import:
import Cryptodome
6. DES
The DES algorithm is a symmetric cryptosystem in the cryptosystem, and is also known as the American Data Encryption Standard.
DES is a block encryption algorithm. Typical DES encrypts data in 64-bit blocks. The same algorithm is used for encryption and decryption.
There are three entry parameters for the DES algorithm: Key, Data, and Mode. Key is 7 bytes and 56 bits in total, which is the working key of the DES algorithm; Data is 8 bytes and 64 bits, which is the data to be encrypted or decrypted; Mode is the working mode of DES, and there are two types: encryption Or decrypt.
The key length is 64 bits, and the key is actually 56 bits participating in the DES operation (the 8, 16, 24, 32, 40, 48, 56, and 64 bits are the check digits, so that each key has an odd number of 1s) , The grouped plaintext group and the 56-bit key are replaced or exchanged bit by bit to form a ciphertext group.
6.1. Python usage
# 导入DES模块
from Cryptodome.Cipher import DES
import binascii
# 这是密钥
key = b'abcdefgh'
# 需要去生成一个DES对象
des = DES.new(key, DES.MODE_ECB)
# 需要加密的数据
text = 'python spider!'
text = text + (8 - (len(text) % 8)) * '='
# 加密的过程
encrypto_text = des.encrypt(text.encode())
encrypto_text = binascii.b2a_hex(encrypto_text)
print(encrypto_text)
7. 3DES
3DES (or Triple DES) is a general term for triple data encryption algorithm (TDEA, Triple Data Encryption Algorithm) block cipher. It is equivalent to applying the DES encryption algorithm three times to each data block.
Due to the enhancement of computer computing power, the key length of the original DES cipher becomes easy to be cracked by brute force. 3DES is designed to provide a relatively simple method, that is, to avoid similar attacks by increasing the key length of DES, rather than designing a new block cipher algorithm.
3DES (ie Triple DES) is the encryption algorithm for the transition from DES to AES (NIST designated 3-DES as the transitional encryption standard in 1999). The encryption algorithm is implemented as follows: Let Ek() and Dk() represent the DES algorithm In the encryption and decryption process, K represents the key used by the DES algorithm, M represents the plaintext, and C represents the ciphertext, so:
The 3DES encryption process is: C=Ek3(Dk2(Ek1(M)))
The 3DES decryption process is: M=Dk1(EK2(Dk3(C)))
8. AES
Advanced Encryption Standard (English: Advanced Encryption Standard , abbreviation: AES ), also known as Rijndael encryption in cryptography , is a block encryption standard adopted by the US federal government. This standard is used to replace the original DES, which has been analyzed by many parties and is widely used all over the world. After a five-year selection process, the Advanced Encryption Standard was published by the National Institute of Standards and Technology (NIST) in FIPS PUB 197 on November 26, 2001, and became an effective standard on May 26, 2002. In 2006, the Advanced Encryption Standard has become one of the most popular algorithms in symmetric key encryption.
AES can quickly encrypt and decrypt in software and hardware, relatively easy to implement, and requires very little memory. As a new encryption standard, it is currently being deployed and applied to a wider range.
8.1. Features
- Resist all known attacks.
- Fast speed and compact coding on multiple platforms.
- The design is simple.
image.png
AES is a block cipher. The block cipher is to divide the plaintext into a group. Each group has the same length. Each time a group of data is encrypted until the entire plaintext is encrypted. In the AES standard specification, the packet length can only be 128 bits, that is, each packet is 16 bytes (8 bits per byte). The length of the key can be 128 bits, 192 bits, or 256 bits. The length of the key is different, and the number of recommended encryption rounds is also different.
128-bit is commonly used
8.2. Python implementation
from Cryptodome.Cipher import AES
from Cryptodome import Random
from binascii import b2a_hex
# 要加密的明文
data = '南来北往'
# 密钥key 长度必须为16(AES-128)、24(AES-192)、或32(AES-256)Bytes 长度.
# 目前AES-128足够用
key = b'this is a 16 key'
# 生成长度等于AES块大小的不可重复的密钥向量
iv = Random.new().read(AES.block_size)
# 使用key和iv初始化AES对象, 使用MODE_CFB模式
mycipher = AES.new(key, AES.MODE_CFB, iv)
# 加密的明文长度必须为16的倍数,如果长度不为16的倍数,则需要补足为16的倍数
# 将iv(密钥向量)加到加密的密文开头,一起传输
ciphertext = iv + mycipher.encrypt(data.encode())
# 解密的话要用key和iv生成新的AES对象
mydecrypt = AES.new(key, AES.MODE_CFB, ciphertext[:16])
# 使用新生成的AES对象,将加密的密文解密
decrypttext = mydecrypt.decrypt(ciphertext[16:])
print('密钥k为:', key)
print('iv为:', b2a_hex(ciphertext)[:16])
print('加密后数据为:', b2a_hex(ciphertext)[16:])
print('解密后数据为:', decrypttext.decode())
operation result:
密钥k为: b'this is a 16 key'
iv为: b'a78a177cffd50878'
加密后数据为: b'33f61e7678c25d795d565d40f2f68371da051202'
解密后数据为: 南来北往
9.RSA
RSA encryption algorithm is one kind 非对称加密算法. RSA is widely used in public key encryption and electronic commerce.
This algorithm is based on a very simple fact of number theory: it is easy to multiply two large prime numbers, but it is extremely difficult to factorize the product at that time, so the product can be disclosed as an encryption key, that is, a public key. And two large prime arrays synthesize the private key. The public key is releasable for anyone to use, and the private key is owned by oneself for decryption.
9.1. Asymmetric encryption
Typically, such as RSA, the common method is to use openssl, keytools and other tools to generate a pair of public and private keys. The data encrypted by the public key can be decrypted with the private key, and vice versa (data encrypted by the private key can also be public Key decryption).
In actual use, the private key is generally stored in the hands of the issuer and is private and not disclosed to the outside world. Only the public key is released to the outside world, and only the holder of the private key can decrypt the data. This encryption method has a high safety factor, because it does not need to transmit the decrypted key, so there is no risk of the key being intercepted during the transmission process, and it is almost impossible to crack the ciphertext.
But the efficiency of the algorithm is low, so it is often used for the encryption of very important data. It is often used in conjunction with symmetric, and the key of asymmetric encryption is used to encrypt the key of symmetric encryption.
9.2. Python implementation
First we need to install a rsamodule:
pip install rsa
Moreover, because of the characteristics of the RSA encryption algorithm, RSA public keys and private keys are all in decimal, but the value of the public key is often stored in hexadecimal format, so it is necessary to convert it to int()decimal format.
import rsa
import binascii
# 使用网页中获得的n和e值,将明文加密
def rsa_encrypt(rsa_n, rsa_e, message):
# 用n值和e值生成公钥
key = rsa.PublicKey(rsa_n, rsa_e)
# 用公钥把明文加密
message = rsa.encrypt(message.encode(), key)
# 转化成常用的可读性高的十六进制
message = binascii.b2a_hex(message)
# 将加密结果转化回字符串并返回
return message.decode()
# RSA的公钥有两个值n和e,我们在网站中获得的公钥一般就是这样的两个值。
# n常常为长度为256的十六进制字符串
# e常常为十六进制‘10001’
pubkey_n = '8d7e6949d411ce14d7d233d7160f5b2cc753930caba4d5ad24f923a505253b9c39b09a059732250e56c594d735077cfcb0c3508e9f544f101bdf7e97fe1b0d97f273468264b8b24caaa2a90cd9708a417c51cf8ba35444d37c514a0490441a773ccb121034f29748763c6c4f76eb0303559c57071fd89234d140c8bb965f9725'
pubkey_e = '10001'
# 需要将十六进制转换成十进制
rsa_n = int(pubkey_n, 16)
rsa_e = int(pubkey_e, 16)
# 要加密的明文
message = '南北今天很忙'
print("公钥n值长度:", len(pubkey_n))
print(rsa_encrypt(rsa_n, rsa_e, message))
operation result:
公钥n值长度: 256
480f302eed822c8250256511ddeb017fcb28949cc05739ae66440eecc4ab76e7a7b2f1df398aefdfef2b9bfce6d6152bf6cc1552a0ed8bebee9e094a7ce9a52622487a6412632144787aa81f6ec9b96be95890c4c28a31b3e8d9ea430080d79297c5d75cd11df04df6e71b237511164399d72ccb2f4c34022b1ea7b76189a56e