我一直在尝试下面的Java代码转换为它的等效蟒:将Java加密代码到Python相当于
Encrypt.java
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
//import org.jose4j.base64url.Base64;
public class Encrypt {
public static void main(String[] args)
throws InvalidKeySpecException, NoSuchAlgorithmException, UnsupportedEncodingException, CertificateException, FileNotFoundException {
PublicKey pubKey;
Object localObject1 = new
String("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmy"
+
"qvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXe"
+
"iqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmE"
+ "MWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB");
//localObject1 = new X509EncodedKeySpec(Base64.decode(((String)localObject1).getBytes("utf-8")));
localObject1 = new X509EncodedKeySpec(Base64.decodeBase64(((String)localObject1).getBytes("utf-8")));
localObject1 = KeyFactory.getInstance("RSA").generatePublic((KeySpec)localObject1);
System.out.println((PublicKey)localObject1);
System.out.println("___________________________________________________________________________________________________________________________________________________");
// String secret_pub_key= //"-----BEGIN RSA PUBLIC KEY-----" +
// "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkvq7mHuTMGeJF/qiAot"+
// "OcLTd6hjDEcMHIk2IY35JInuypD6WieogOxSS6kHYho/U+BW/Cgz0XjziPIQSJZx"+
// "AGOrtdZrTa6n6S6I65YB2wPB93lLi/qnBmUSetEgAgM+MOfiYT8Dift9Mut+BvbE"+
// "iFMH163ovoiTyLDpbTYDB6InzFzu1l7G01pi/ZAc69kWrJ+yNMEUcnAerRPt30et"+
// "XAbKD2lC696VJa/2xtWZ5T7vwMpFLIaGFAg228ZifgwDIRFsBmwPsAsngQSGVVBo"+
// "Ijm3fb0PUDV4MTw+cNT0ldHbYCAWy6zgA0K7eL5LcUN8+ai7u6VMWYUT4FAvYNiP"+
// "IwIDAQAB";
// //"-----END RSA PUBLIC KEY-----";
// X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decode(secret_pub_key));
// KeyFactory keyFactory = KeyFactory.getInstance("RSA");
// PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
Object secret_pub_key= new String(//"-----BEGIN RSA PUBLIC KEY-----" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukY"+
"ycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz"+
"+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hd"+
"lnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNq"+
"XeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638T"+
"i8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl"+
"+wIDAQAB");
//"-----END RSA PUBLIC KEY-----";
secret_pub_key = new X509EncodedKeySpec(Base64.decodeBase64(((String)secret_pub_key).getBytes("utf-8")));
secret_pub_key = KeyFactory.getInstance("RSA").generatePublic((KeySpec)secret_pub_key);
pubKey = (PublicKey)secret_pub_key;
Object localObject;
Lc lc = new Lc();
System.out.println("\n\nlc.pub is" + lc.pub);
System.out.println("\n\n\nokokokokok" + pubKey.getEncoded());
//byte[] arrayOfByte = new String(Base64.encodeBase64(lc.pub.getEncoded())).getBytes();
byte[] arrayOfByte = new String(Base64.encodeBase64(pubKey.getEncoded())).getBytes();
StringBuilder localStringBuilder1 = new StringBuilder();
int i = 0;
while (i < arrayOfByte.length) {
if (arrayOfByte.length > i + 200) {
localObject = Arrays.copyOfRange(arrayOfByte, i, i + 200);
} else {
localObject = Arrays.copyOfRange(arrayOfByte, i, arrayOfByte.length + 1);
}
StringBuilder localStringBuilder2 = new StringBuilder();
lc.pub = (PublicKey)localObject1;
localObject = new String((byte[])localObject);
localStringBuilder1.append(lc.upperDot((String)localObject) + ":::");
i += 200;
}
System.out.println("The ducking key is " + localStringBuilder1.toString());
}
}
Lc.java
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public class Lc {
public static PublicKey pub;
public static PrivateKey pri;
public byte[] by;
public String dot;
public Lc() {
Object localObject = "RSA";
try
{
localObject = KeyPairGenerator.getInstance((String)localObject);
KeyPair localKeyPair = ((KeyPairGenerator)localObject).generateKeyPair();
localObject = localKeyPair.getPublic();
pub = (PublicKey)localObject;
localObject = localKeyPair.getPrivate();
pri = (PrivateKey)localObject;
}
catch (NoSuchAlgorithmException localNoSuchAlgorithmException)
{
localNoSuchAlgorithmException.printStackTrace();
}
}
public static String upperDot(String paramString)
{
Object localObject = "RSA/ECB/PKCS1Padding";
try
{
Cipher localCipher = Cipher.getInstance((String)localObject);
localObject = pub;
int i = 1;
localCipher.init(i, (Key)localObject);
localObject = paramString.getBytes();
byte[] arrayOfByte1 = localCipher.doFinal((byte[])localObject);
byte[] arrayOfByte2 = Base64.encodeBase64(arrayOfByte1);
localObject = new String(arrayOfByte2);
return (String)localObject;
}
catch (Exception localException)
{
System.out.print(localException);
}
return null;
}
}
请忽略上述2个java文件的糟糕设计和调试打印s tatements
,上述产生的输出,这是我感兴趣的是最后一个输出语句的内容:
的回避关键是t4z2jf9GKtKvXiXCPYU3u7Y0LwQOOeQBVi + YRATc3GqyTNb085bRLUVqiNT5v/ZcZl2FZPegeN8OTG9vPbwuY1HrQ04xv0vUf3ohJORiUXwEQtoBVMDnKHib50FPZCbAZIp/1u0KgEPBV9rEe7BmHi2UGCNnp0e50G68cBPLknUinBIIYIIrw/o3U4SAT + uBdo6wyi/x0tWR3El8gJpL34JJVWzdzi4y61cPZI31gxyY19t1EzzmtqB0wnjV5RvTsavR5s3RgtBu3EV + b43poam2K0CsRyfB2lFawkZBnvRL6GzvozBpUYe4awdPbU4Pjvuju5B3zWXloQ5kMVZAkg == ::: MpcHcJWhGdYrS1VLza + ereOU1ZRZ9LyVTN0KBBdQLIjYXChX1eKtRdftrF306L5BE8Ni9ibTylbcsc6tocphVpYnCvYN2eKVcEoHLyk9Iz/Cf2ikYJCUFtHh/CP nSILhwI7txdVds0Il58uDMevMnvvRntqVR7nw6UUmUVwmtFvNWVdceP61BHc9YsDMdQs8jPOeGAHWmqA2g4ODYB2W07yQhmwNIQZEmkmrfRHUd1dqM57sIWS9HdgEbrnqhyt1pIWrCxzgYbzZCuaDS/llcFsqgLBbaPpTg2qNUFi2x3r1jJ1UeJeX + Y/mOhrEvBXSLmadsCYmEROIutNgoVWigg == :::
现在我想实现通过蟒蛇完全相同的行为(2.7,如果该事项)。我迄今为止依靠pycrypto和M2Crypto,但都没有帮助。
这是我在制造蟒当量的上述的尝试:
from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
def ecnryptorFun(key, secret):
encrypted = key.encrypt(secret, 1)
final_text = b64encode(encrypted[0])
return final_text
def sayHello(body):
url = 'https://consumer-app-development.appspot.com/api/sayHello'
res = requests.post(url=url, data=body)
return res.text
key64 = b'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmyqvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXeiqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmEMWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB'
keyDER = b64decode(key64)
keyPub = RSA.importKey(keyDER)
secret = b"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukYycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hdlnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNqXeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638Ti8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl+wIDAQAB"
#secret1 = b64encode(secret)
arrayOfByte = bytearray(secret)
i = 0
localStringBuilder1 = ""
while i < len(arrayOfByte):
if len(arrayOfByte) > (i+200):
localObject = arrayOfByte[i:i+200]
else:
localObject = arrayOfByte[i:len(arrayOfByte)+1]
localObj_byte_array = bytearray(localObject)
localStringBuilder1 = localStringBuilder1 + ecnryptorFun(keyPub, str(localObject)) + ':::'
#localStringBuilder1 = localStringBuilder1 + ecnryptorFun(encryption_key, localObj_byte_array) + ':::'
i += 200;
print localStringBuilder1
上述Python代码的输出
vkqbraD/5HMvs9LG59VXCGCLUoJ0msU6fVvLMDCc8fQ41S3R3IC0EfxLCk9FoHUIGK5h90Rd0at2ROvcOVCtESAYZlYYCB1U99NqWCFLvyDBxS4uEAVHD5yv4U82Dmn/P/ASI + d/GxnvP/xvyiI + tp39lWx77DuV4hlnRbltHu9f4o4cvqZ + Nn7wCzY1TBzIClT8f4lx2g9E/5 + mhfkQIHejGIAMyJXl3xy + qhQSoy8DvudGQU95eGfDRdci4yqOwDeG2 + QlUip627tMbttAroWQjM8jC419kFPetTlmV/RczE/vcwnyM3iEnrhB9KnjRLYEecJ8 mEYU7L/TxBe +的Tg == ::: V1oZBPETF9ryap59T4zOwfW0/pASSCULWL8ZlvUrSlRLeaZmIxplNmewqyUnrhwIbnpDvwhmz7 + 2/Dd2EN4hJndRnGl7aoEX8/GJP0Kz9vL2qEDbIGQC/Dv6O75KPFZ/E06DYLcycLhNZYxudwVP9rJAhFEEMgefpY40v1 + B6sqqogrGnZhfwITaqpU0FKTbHSlHUymlD6Cn4lb0yLMISG6MZRQrP5B67UkGexlpxPQTHsXcLy0vTEzMZkvdxbv4YtawNvmgeQEgD1jqIB45pOngrwp3jcs9D9Ib2hCwpOoqkwOV/YAA + XO + dkPo8BxOw5DH/jWRcksb3N65YEmlvQ == :::
现在虽然上述产生非常相似的输出,但它不是正确的。为什么?因为当上面的java代码的输出被发送到后端时,我收到一个HTTP 200 OK和期望的响应。
但是,当上面的python代码的输出与后端类似地发送时,我收到500内部服务器错误,意思是(根据我的假设,考虑到所有其他参数,头文件等)在java和python HTTP请求之间保持完全一致)后端输入不正确,因此破坏(再次请忽略500,我同意它应该是更有意义的东西,绝对不是500)
我无权访问后端。它更像是一个红色的团队 - 我们正在做的蓝色团队练习
此外,我可能会调用上面的python代码,仍然设法达到最终结果并完成工作,但那会是更多的是黑客攻击,尽管这已经足够了,但我更感兴趣的是知道如何才能够独自完成Python。
按下面我的意见提出了一些建议尝试这样做,以及: 所以,我想这个问题,以及:
from Crypto.Cipher import PKCS1_v1_5
def encryptMsg(secret):
message = secret
key = RSA.importKey(open('myPubkey.pem').read())
cipher = PKCS1_v1_5.new(key)
ciphertext = b64encode(cipher.encrypt(message))
return ciphertext
,然后在while循环,这样的:
localStringBuilder1 = localStringBuilder1 + encryptMsg(str(localObject)) + ':::'
仍似乎没有工作。与以前相同的结果。
响应不看进过多的代码:在Java中你使用PKCS#1 V1。 5填充,但在Python中,您没有使用任何填充。您需要使用'PKCS1_5'类 –
谢谢。说得通。我看到有[https://www.dlitz.net/software/pycrypto/api/2.6/Crypto.Signature.PKCS1_v1_5-module.html] 让我探索它。 – qre0ct
不..看上去不像上面的链接可以提供帮助。有没有其他的Python库可以提供这个功能? – qre0ct