encryption-method，2019-01-14

1，itsdangerous

from itsdangerous import JSONWebSignatureSerializer

SECRET_KEY = 'abc'

s = JSONWebSignatureSerializer(SECRET_KEY)
encrypt_info = s.dumps({
    'id': 1,
    'name': 'myName',
})
print(encrypt_info)
info = s.loads(encrypt_info)
print(info)

2， sha1 sha224 sha256 sha384 sha512 md5

# 这种加密方式不可逆
#返回info 和 signature,
#本地有key, 使用sha1(info+key) 和signature比较
from hashlib import sha1, sha224, sha256, sha384, sha512
import json
# sha1
info = {
    'id': 1,
    'user': 'Username'
    }
key = 'abc'
signature = sha1((json.dumps(info)+key).encode('utf-8'))
print(signature.hexdigest())
# md5
signature = md5((json.dumps(info)+key).encode('utf-8'))
print(signature.hexdigest())
...

3，AES-128-CBC

#数据采用PKCS#7填充。, 微信小程序开发案例
import base64
import json

from Crypto.Cipher import AES
def _unpad(s):
    return s[:-ord(s[len(s) - 1:])]

appId = 'wx4f4bc4dec97d474b'
sessionKey = 'tiihtNczf5v6AKRyjwEUhQ=='
encryptedData = 'CiyLU1Aw2KjvrjMdj8YKliAjtP4gsMZMQmRzooG2xrDcvSnxIMXFufNstNGTyaGS9uT5geRa0W4oTOb1WT7fJlAC+oNPdbB+3hVbJSRgv+4lGOETKUQz6OYStslQ142dNCuabNPGBzlooOmB231qMM85d2/fV6ChevvXvQP8Hkue1poOFtnEtpyxVLW1zAo6/1Xx1COxFvrc2d7UL/lmHInNlxuacJXwu0fjpXfz/YqYzBIBzD6WUfTIF9GRHpOn/Hz7saL8xz+W//FRAUid1OksQaQx4CMs8LOddcQhULW4ucetDf96JcR3g0gfRK4PC7E/r7Z6xNrXd2UIeorGj5Ef7b1pJAYB6Y5anaHqZ9J6nKEBvB4DnNLIVWSgARns/8wR2SiRS7MNACwTyrGvt9ts8p12PKFdlqYTopNHR1Vf7XjfhQlVsAJdNiKdYmYVoKlaRv85IfVunYzO0IKXsyl7JCUjCpoG20f0a04COwfneQAGGwd5oa+T8yO5hzuyDb/XcxxmK01EpqOyuxINew=='
iv = 'r7BXXKkLb8qrSNn05n0qiA=='
# base64处理
sessionKey = base64.b64decode(sessionKey)
encryptedData = base64.b64decode(encryptedData)
iv = base64.b64decode(iv)
cipher = AES.new(sessionKey, AES.MODE_CBC, iv)

decrypted = json.loads(_unpad(cipher.decrypt(encryptedData).decode()))
assert decrypted['watermark']['appid'] == appId
print(decrypted['watermark']['appid'])
print(appId)

4，JWT 加密

'''
JSON Web Token 
header . payload . signature
header : 类型， 算法
payload: 内容
signature: sha256(base64.b64encode('header') + '.' + base64.b64encode('payload'), 'SECRET_KEY')
signature加密后类此: SwyHTEx_RQppr97g4J5lKXtabJecpejuef8AqKYMAJc
'''
import base64
from hashlib import sha256
import json
header = {
    'type': 'JWT',
    'alg': 'sha256'
}
payload = {
    'id': 1,
    'user': 'UserName',
    'gender': 'boy',
    'birthday': '1997-12-12'
}
SECRET_KEY = 'abc'
header = base64.b64encode(json.dumps(header).encode('utf-8')).decode()
print(header)
payload = base64.b64encode(json.dumps(payload).encode('utf-8')).decode()
print(payload)
# HS256:   signature = HS256(header + '.' + payload,  SECRET_KEY)
signature = sha256((header + '.' + payload + SECRET_KEY).encode('utf-8'))
print(signature.hexdigest())
JWT = header + '.' + payload + '.' + signature.hexdigest()
print(JWT)

'''
验证时， 解密header得到加密算法，使用本地的SECRET_KEY重新加密 header+'.'+payload, 比较signature
'''

5，RSA 加密

'''
类如支付包对接时， 使用openssl 生成rsa密钥
$ openssl
$ genrsa -out app_private_key.pem 2048  或者 genrsa -out app_private_key.pem 1024
$ rsa -in app_private_key.pem -pubout -out app_public_key.pem
$ exit
本地指定目录保存私钥， 开发平台指定位置上传公钥匙
'''
'''一下本地测试'''
import rsa
import json

(pubkey, privkey) = rsa.newkeys(1024)
print(pubkey.save_pkcs1())
print(privkey.save_pkcs1())

pubkey = pubkey.save_pkcs1()
privkey = privkey.save_pkcs1()
pubkey = rsa.PublicKey.load_pkcs1(pubkey)
privkey = rsa.PrivateKey.load_pkcs1(privkey)
data = {
    'id': 1,
    'user': 'UserName',
    'gender': '男',
}
# 公钥加密， 私钥解密
encryption = rsa.encrypt(json.dumps(data).encode('utf-8'), pubkey)
decryption = rsa.decrypt(encryption, privkey).decode()
print(json.loads(decryption))  # {'gender': '男', 'id': 1, 'user': 'UserName'}