前端js,后台python实现RSA非对称加密

  1. 先熟悉使用 在后台使用RSA实现秘钥生产,加密,解密;  
    # -*- encoding:utf-8 -*-
    import base64
    from Crypto import Random
    from Crypto.Cipher import PKCS1_v1_5 as Cipher_pkcs1_v1_5
    from Crypto.PublicKey import RSA
    
    # 伪随机数生成器
    random_generator = Random.new().read
    # rsa算法生成实例
    rsa = RSA.generate(1024, random_generator)
    # master的秘钥对的生成
    private_pem = rsa.exportKey()
    
    #生产私钥私钥并放到文件里
    with open('master-private.pem', 'w') as f:
    f.write(private_pem)
    public_pem = rsa.publickey().exportKey()
    with open('master-public.pem', 'w') as f:
    f.write(public_pem)
    
    #用公钥加密
    #被加密的数据
    message = 'I_LOVE_YAYA'
    #打开公钥文件
    with open('master-public.pem') as f:
    key = f.read()
    rsakey = RSA.importKey(key)
    cipher = Cipher_pkcs1_v1_5.new(rsakey)
    #加密时使用base64加密
    cipher_text = base64.b64encode(cipher.encrypt(message))
    # cipher_text = cipher.encrypt(message)
    print cipher_text
    
    #用私钥解密
    #打开秘钥文件
    with open('master-private.pem') as f:
    key = f.read()
    rsakey = RSA.importKey(key)
    cipher = Cipher_pkcs1_v1_5.new(rsakey)
    # text = cipher.decrypt(cipher_text, random_generator)
    #使用base64解密,(在前端js加密时自动是base64加密)
    text = cipher.decrypt(base64.b64decode(cipher_text), random_generator)
    print text

     

  2. 前后台共同完成RSA非对称加密:大致思路为  first:后台生产公钥私钥,next:后台把公钥给前台,than:前台用公钥加密并传送给后台,finally:后台使用秘钥解密。
  • first:后台生产公钥私钥
    create_password.py文件
    #
    -*- encoding:utf-8 -*- from Crypto.PublicKey import RSA from flask import current_app from Crypto import Random # rsa算法生成实例 RANDOM_GENERATOR=Random.new().read if __name__=='__main__': rsa = RSA.generate(1024, RANDOM_GENERATOR) # master的秘钥对的生成 PRIVATE_PEM = rsa.exportKey() with open('master-private.pem', 'w') as f: f.write(PRIVATE_PEM) print PRIVATE_PEM PUBLIC_PEM = rsa.publickey().exportKey() print PUBLIC_PEM with open('master-public.pem', 'w') as f: f.write(PUBLIC_PEM)

     

  • next:后台把公钥给前台    --打开master-public.pem此文件,复制里面内容到前端(具体粘贴位置在下一步)
  • than:前台用公钥加密并传送给后台
    #导入js,如果需要base64文件,一定要在导入加密js文件之前导入,否则会出现加密结果为 false;
    #如果报 typeerror-base64-not-a-constructor;使用http://blog.csdn.net/ziwoods/article/details/58595840解决方法
    <script src="js/plugin/base64.js"></script> <script src="js/plugin/jsencrypt.min.js" type="text/javascript"></script>

     

  • //获取密码
    var password = $("#pass").val();
    
    //获取公钥
    var PUBLIC_KEY = "-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCogdzMsG4S20msz32M+a1GNg2Tw4UIEGDD/dfKkoZgRtEaJtHzCXgmpP3eECHCJsK0zt0GYYxGQnfbq5mBd37xVnAlKWjVpjGQHZ+fjwn82+mRUzjmFGLs3ax79zaXJZnHTN63/yS2Rua3QY/T5Z5TLpn2YOmOn09U22eA3vdfZwIDAQAB-----END PUBLIC KEY-----";
    //rsa加密
    var encrypt = new JSEncrypt();
    encrypt.setPublicKey(PUBLIC_KEY);
    password = encrypt.encrypt(password);//加密后的字符串

     

  • finally:后台使用秘钥解密
    views.py文件
    #
    获取密码 password = request.values.get('password') with open('carrier/master-private.pem') as f: key = f.read() rsakey = RSA.importKey(key) cipher = Cipher_pkcs1_v1_5.new(rsakey) password = cipher.decrypt(base64.b64decode(password), RANDOM_GENERATOR) #如果返回的password类型不是str,说明秘钥公钥不一致,或者程序错误 if str(type(password))!="<type 'str'>": return 'fail' #结果应该为I_LOVE_YAYA print password

     

    本功能模块中前端RSA加密过程中没有使用OPEN_SSL生成models方式进行加密(运维部署时简洁方便,并且用那种方式,传输的为16进制数据);并且前端加密数据为base64位传输到后台;后台需要导入的包等在最上面1中

 

注意事项:前端通过公钥加密的数据1%的概率会出现 加密后的数据结尾有2个等于号(=)的情况,这时,后端会解密失败,前端在生成加密数据后,自行校验加密后的数据是否包含2个=,如果出现,则从新加密

posted @ 2018-01-01 19:39  RGC  阅读(3366)  评论(0编辑  收藏  举报