The most common encryption methods and Python implementation

foreword

The encryption methods we call are all encrypted in the binary encoding format, which corresponds to ours in Python Bytes.

So when we perform encryption operations in Python, we must make sure that we are operating Bytes, otherwise an error will be reported.

The sum method can be used to convert strings to and from Byteseach other . As follows:encode()decode()

# 方法中不传参数则是以默认的utf-8编码进行转换
In [1]: '南北'.encode()
Out[1]: b'\xe5\x8d\x97\xe5\x8c\x97'
​
In [2]: b'\xe5\x8d\x97\xe5\x8c\x97'.decode()
Out[2]: '南北' 

Note: Two-digit hexadecimal is often used to display a binary byte.

Using the binasciimodule, the bytes displayed in hexadecimal can be converted into the more commonly used display methods in encryption and decryption:

In [1]: import binascii
​
In [2]: '南北'.encode()
Out[2]: b'\xe5\x8d\x97\xe5\x8c\x97' ​ In [3]: binascii.b2a_hex('南北'.encode()) Out[3]: b'e58d97e58c97' ​ In [4]: binascii.a2b_hex(b'e58d97e58c97') Out[4]: b'\xe5\x8d\x97\xe5\x8c\x97' ​ In [5]: binascii.a2b_hex(b'e58d97e58c97').decode() Out[5]: '南北' 

URL encoding

Introduction

A normal URL can only contain ASCII characters, that is, characters, numbers and some symbols. URL encoding is an encoding method used by browsers to avoid special characters (such as Chinese characters) in URLs.

In fact, it is to convert characters beyond the ASCII range into %the hexadecimal format with the band.

Python implementation

In [1]: from urllib import parse
​
# quote()方法会自动将str转换成bytes，所以这里传入str和bytes都可以
In [2]: parse.quote('南北') Out[2]: '%E5%8D%97%E5%8C%97' ​ In [3]: parse.unquote('%E5%8D%97%E5%8C%97') Out[3]: '南北' 

Base64 encoding

Briefly

Base64 is a way to represent arbitrary binary data in 64 characters.

Base64 encoding can be the cornerstone of cryptography. Arbitrary binary data can be Base64 encoded. All data can be encoded and represented as text files using only 65 characters. ( 65 characters: A~Z a~z 0~9 + / = ) The encoded data ~= 4/3 of the data before encoding, which will be about 1/3 larger.

The principle of Base64 encoding

 

1. Convert all characters to ASCII.

2. Convert ASCII to 8-bit binary.

3. Group 3 binary bits into a group (if less than 3, add 0 at the back) for a total of 24 bits, and then split them into 4 groups of 6 bits each.

4. Uniformly add two 0s in front of the 6-bit binary to make up 8 bits.

5. Convert the 0-padded binary to decimal.

6. Get the Base64 encoding corresponding to decimal from the Base64 encoding table.

Description of Base64 encoding

1. When converting, put three bytes of data into a 24-bit buffer one after another, and the first byte occupies the high position.

2. If the data is less than 3 bytes, the remaining bits in the buffer are filled with 0. Then, 6 bits are taken out each time, and the corresponding character is selected as the encoded output according to its value selection look-up table.

3. Continue until all input data conversions are complete.

4. If there are two input data left at the end, add 1 "=" after the encoding result.

5. If there is one input data left at the end, add 2 "=" after the encoding result.

6. If there is no data left, do not add anything, so as to ensure the correctness of data restoration.

Python's Base64 usage

Python's built-in base64module can directly encode and decode base64

Note: For base64 encoding, either characters contained in ASCII or binary data

In [1]: import base64
​
In [2]: base64.b64encode(b'hello world')
Out[2]: b'aGVsbG8gd29ybGQ=' ​ In [3]: base64.b64decode(b'aGVsbG8gd29ybGQ=') Out[3]: b'hello world' 

MD5 (Message-Digest Algorithm)

Briefly

message-digest algorithm 5 (message-digest algorithm). The "MD5 encryption" that is often said is it → information-digest algorithm.

md5 is actually an algorithm. A string, or a file, or a compressed package can be executed after md5 to generate a string with a fixed length of 128 bits. This string is basically unique.

irreversibility

Everyone has different fingerprints. When you see this person, you can get his fingerprints and other information, and they uniquely correspond, but if you only look at one fingerprint, it is impossible to see or read the person's appearance or identity information.

Features

1. Compressibility: For data of any length, the length of the calculated MD5 value is fixed.

2. Easy calculation: It is easy to calculate the MD5 value from the original data.

3. Modification resistance: Any modification to the original data, even if only 1 byte is modified, the MD5 value obtained is very different.

4. Strong anti-collision: Knowing the original data and its MD5 value, it is very difficult to find a data with the same MD5 value (that is, fake data).

Take a chestnut: there is only one me in the world, but there are so many girls. With a limited me and almost unlimited girls, it is possible to get a lot (100+) girls. This theory is indeed true. OK, but in reality...

Python's MD5 usage

Since the MD5 module was removed in python3, use the hashlibmodule for md5 operations in python3

import hashlib
​
# 待加密信息
str = '这是一个测试'
​
# 创建md5对象
hl = hashlib.md5()
​
# 此处必须声明encode # 若写法为hl.update(str) 报错为： Unicode-objects must be encoded before hashing hl.update(str.encode(encoding='utf-8')) ​ print('MD5加密前为 ：' + str) print('MD5加密后为 ：' + hl.hexdigest()) 

operation result

MD5加密前为 ：这是一个测试
MD5加密后为 ：cfca700b9e09cf664f3ae80733274d9f

MD5 length

The length of md5, the default is 128bit, that is, 128 binary strings of 0 and 1. This expression is very unfriendly. So the binary is converted to hexadecimal, and every 4 bits represents a hexadecimal, so 128/4 = 32 is converted into hexadecimal, and it is 32 bits.

Why is there md5 on the Internet that is 16-bit?

In fact, the 16-bit length is derived from the 32-bit md5 value. It is obtained by removing the first eight bits and the last eight bits of the 32-bit md5.

Python encryption library PyCryptodome

PyCrypto is the most well-known third-party package for cryptography in Python. Sadly, its development stopped in 2012.

Fortunately, there is a fork of the project, PyCrytodome, that replaces PyCrypto.

install and import

Microsoft Visual C++ 2015 needs to be installed before installation .

To install on Linux, you can use the following pip command:

pip install pycryptodome

import:

import Crypto

Installation on Windows systems is slightly different:

pip install pycryptodomex

import:

import Cryptodome

FROM

Introduction

The DES algorithm is a symmetric cryptosystem in the cryptosystem, also known as the American Data Encryption Standard.

DES is a block encryption algorithm. Typical DES encrypts data in 64-bit blocks, and the same algorithm is used for encryption and decryption.

There are three entry parameters of the DES algorithm: Key, Data, and Mode. Among them, Key is 7 bytes with a total of 56 bits, which is the working key of DES algorithm; Data is 8 bytes and 64 bits, which is the data to be encrypted or decrypted; Mode is the working mode of DES, there are two kinds: encryption or decrypt.

The key is 64 bits long, and the key is actually 56 bits involved in the DES operation (the 8th, 16th, 24th, 32nd, 40th, 48th, 56th, and 64th bits are check digits, so that each key has an odd number of 1s) , the grouped plaintext group and the 56-bit key form a ciphertext group by bitwise substitution or exchange.

3DES

Introduction

3DES (or Triple DES) is the general term for the Triple Data Encryption Algorithm (TDEA, Triple Data Encryption Algorithm) block cipher. It is equivalent to applying the DES encryption algorithm three times to each data block.

Due to the enhancement of computer computing power, the key length of the original DES cipher has become easily cracked by brute force. 3DES was designed to provide a relatively simple way to avoid similar attacks by increasing the key length of DES, rather than designing an entirely new block cipher algorithm.

3DES (ie Triple DES) is an encryption algorithm transitioning from DES to AES (in 1999, NIST designated 3-DES as a transitional encryption standard). The encryption algorithm is implemented as follows: Let Ek() and Dk() represent the DES algorithm The encryption and decryption process of , K represents the key used by the DES algorithm, M represents the plaintext, and C represents the ciphertext, as follows:

The 3DES encryption process is: C=Ek3(Dk2(Ek1(M)))

The 3DES decryption process is: M=Dk1(EK2(Dk3(C)))

AES

Introduction

Advanced Encryption Standard (English: Advanced Encryption Standard , abbreviation: AES ), also known as Rijndael encryption in cryptography , is a block encryption standard adopted by the United States federal government. This standard is used to replace the original DES, which has been analyzed by many parties and is widely used all over the world. After a five-year selection process, the Advanced Encryption Standard was published by the National Institute of Standards and Technology (NIST) in FIPS PUB 197 on November 26, 2001, and became a valid standard on May 26, 2002. In 2006, the Advanced Encryption Standard had become one of the most popular algorithms in symmetric key encryption.

AES can encrypt and decrypt quickly in software and hardware, is relatively easy to implement, and requires only a small amount of memory. As a new encryption standard, it is currently being deployed to a wider range.

Features and Ideas

1. Resist all known attacks.

2. Fast on multiple platforms and compact coding.

3. Simple design.

Detailed explanation

 

AES is a block cipher. The block cipher divides the plaintext into groups of equal lengths, and encrypts a group of data at a time until the entire plaintext is encrypted. In the AES standard specification, the block length can only be 128 bits, that is, each block is 16 bytes (8 bits per byte). The length of the key can be 128 bits, 192 bits or 256 bits. The length of the key is different, and the recommended number of encryption rounds is also different.

128-bit is commonly used

Python implementation

from Cryptodome.Cipher import AES
from Cryptodome import Random
from binascii import b2a_hex ​ # 要加密的明文 data = '南来北往' # 密钥key 长度必须为16（AES-128）、24（AES-192）、或32（AES-256）Bytes 长度. # 目前AES-128足够用 key = b'this is a 16 key' # 生成长度等于AES块大小的不可重复的密钥向量 iv = Random.new().read(AES.block_size) ​ # 使用key和iv初始化AES对象, 使用MODE_CFB模式 mycipher = AES.new(key, AES.MODE_CFB, iv) # 加密的明文长度必须为16的倍数，如果长度不为16的倍数，则需要补足为16的倍数 # 将iv（密钥向量）加到加密的密文开头，一起传输 ciphertext = iv + mycipher.encrypt(data.encode()) ​ # 解密的话要用key和iv生成新的AES对象 mydecrypt = AES.new(key, AES.MODE_CFB, ciphertext[:16]) # 使用新生成的AES对象，将加密的密文解密 decrypttext = mydecrypt.decrypt(ciphertext[16:]) ​ ​ print('密钥k为：', key) print('iv为：', b2a_hex(ciphertext)[:16]) print('加密后数据为：', b2a_hex(ciphertext)[16:]) print('解密后数据为：', decrypttext.decode()) 

operation result:

密钥k为： b'this is a 16 key'
iv为： b'a78a177cffd50878'
加密后数据为： b'33f61e7678c25d795d565d40f2f68371da051202'
解密后数据为： 南来北往

RSA

Asymmetric encryption

Typical methods such as RSA, etc., use tools such as openssl and keytools to generate a pair of public and private key pairs. Data encrypted by the public key can be decrypted by the private key, and vice versa (data encrypted by the private key can also be decrypted by the public key). key decryption).

In actual use, the private key is generally stored in the hands of the publisher, which is private and not open to the public. Only by publishing the public key to the public can realize the method that only the holder of the private key can decrypt the data. This encryption method has a high security factor, because it does not need to transmit the decrypted key, so there is no risk of the key being intercepted during the transmission process, and it is almost impossible to crack the ciphertext.

However, the efficiency of the algorithm is low, so it is often used for the encryption of very important data. It is often used in conjunction with symmetry, and the asymmetric encryption key is used to encrypt the symmetric encryption key.

Introduction

RSA encryption algorithm is one 非对称加密算法. RSA is widely used in public key encryption and electronic commerce.

The algorithm is based on a very simple fact of number theory: multiplying two large prime numbers is easy, but then factoring the product is extremely difficult, so the product can be made public as the encryption key, the public key, And two large prime numbers form the private key. The public key is releasable for anyone to use, and the private key is owned by oneself for decryption.

Python implementation

First we need to install a rsamodule:

pip install rsa

Moreover, because of the characteristics of the RSA encryption algorithm, the public and private keys of RSA are all in decimal, but the value of the public key is often stored in the hexadecimal format, so it needs to be int()converted to the decimal format by method.

Encrypt data with the public key in the web page

import rsa
import binascii
​
# 使用网页中获得的n和e值，将明文加密
def rsa_encrypt(rsa_n, rsa_e, message): # 用n值和e值生成公钥 key = rsa.PublicKey(rsa_n, rsa_e) # 用公钥把明文加密 message = rsa.encrypt(message.encode(), key) # 转化成常用的可读性高的十六进制 message = binascii.b2a_hex(message) # 将加密结果转化回字符串并返回 return message.decode() ​ # RSA的公钥有两个值n和e，我们在网站中获得的公钥一般就是这样的两个值。 # n常常为长度为256的十六进制字符串 # e常常为十六进制‘10001’ pubkey_n = '8d7e6949d411ce14d7d233d7160f5b2cc753930caba4d5ad24f923a505253b9c39b09a059732250e56c594d735077cfcb0c3508e9f544f101bdf7e97fe1b0d97f273468264b8b24caaa2a90cd9708a417c51cf8ba35444d37c514a0490441a773ccb121034f29748763c6c4f76eb0303559c57071fd89234d140c8bb965f9725' pubkey_e = '10001' # 需要将十六进制转换成十进制 rsa_n = int(pubkey_n, 16) rsa_e = int(pubkey_e, 16) # 要加密的明文 message = '南北今天很忙' ​ print("公钥n值长度：", len(pubkey_n)) print(rsa_encrypt(rsa_n, rsa_e, message)) 

operation result:

公钥n值长度： 256
480f302eed822c8250256511ddeb017fcb28949cc05739ae66440eecc4ab76e7a7b2f1df398aefdfef2b9bfce6d6152bf6cc1552a0ed8bebee9e094a7ce9a52622487a6412632144787aa81f6ec9b96be95890c4c28a31b3e8d9ea430080d79297c5d75cd11df04df6e71b237511164399d72ccb2f4c34022b1ea7b76189a56e