Python中的openssl_seal（）

Question

要连接服务器，我发现使用PHP，我需要使用openssl_seal()。没关系，但我想用Python。我无法在同等功能下转换openssl_seal()。

你能帮我吗？

这是openssl_seal()做：

说明 INT openssl_seal（字符串$数据，串& $ sealed_data，阵列& $ env_keys， 数组$ pub_key_ids）

openssl_seal() seals (encrypts) data by using RC4 with a randomly generated 
secret key. The key is encrypted with each of the public keys associated 
with the identifiers in pub_key_ids and each encrypted key is returned in 
env_keys. This means that one can send sealed data to multiple recipients 
(provided one has obtained their public keys). Each recipient must receive 
both the sealed data and the envelope key that was encrypted with the 
recipient's public key. 

Answer 1

this blogpost有一个非常详细的描述openssl_seal()里面发生了什么。它在java中也有一个实现。因此，我认为它应该是相对简单的（“作为练习留给读者的证明”有点直截了当），使用pyopenssl（其中包括RC4或更新版本）在Python中执行等效实现，但是，为这些目的更集中tlslite。

Answer 2

什么openssl_seal所做的是：

1. 从证书中提取PUBLIC_KEY
2. 生成一个128位（16个字节）长random_key（这将用于使用对称算法来加密消息，因为它是更快）使用PKCS＃1
3. 加密使用ARC4消息和random_key
4. 输出encrypted_random_key和encrypted_message
5. 加密random_key

接收方可以使用他们的private_key解密encrypted_random_key，然后使用random_key解密encrypted_message。

由于没有通过标准库在Python这样的方式，我只是要”扔出去，我已经尝试了3种方法：

# pyca/cryptography (cryptography.io) version 
# pip install cryptography 

import os 

import cryptography 
from cryptography import x509 


message = 'Super secret secret message' 
message = message.encode('utf-8') 
certificate_data = open('/path/to/certificate.cer', 'r').read() 
certificate_data = certificate_data.encode('utf-8') 
certificate = cryptography.x509.load_pem_x509_certificate(data=certificate_data, backend=cryptography.hazmat.backends.default_backend()) 
public_key = certificate.public_key() 
random_key = os.urandom(16) 
encrypted_random_key = public_key.encrypt(plaintext=random_key, padding=cryptography.hazmat.primitives.asymmetric.padding.PKCS1v15()) 
print(encrypted_random_key) 
algorithm = cryptography.hazmat.primitives.ciphers.algorithms.ARC4(random_key) 
cipher = cryptography.hazmat.primitives.ciphers.Cipher(algorithm=algorithm, mode=None, backend=cryptography.hazmat.backends.default_backend()) 
encryptor = cipher.encryptor() 
encrypted_message = encryptor.update(message) 
print(encrypted_message) 

。

# M2Crypto version 
# pip install pip install git+https://gitlab.com/m2crypto/m2crypto@python3 

import M2Crypto 


message = 'Super secret secret message' 
message = message.encode('utf-8') 
certificate = M2Crypto.X509.load_cert('/path/to/certificate.cer') 
public_key = certificate.get_pubkey() 
rsa_pub = public_key.get_rsa() 
random_key = M2Crypto.Rand.rand_bytes(16) 
encrypted_random_key = rsa_pub.public_encrypt(random_key, M2Crypto.RSA.pkcs1_padding) 
print(encrypted_random_key) 
cipher = M2Crypto.EVP.Cipher(alg='rc4', key=random_key, iv=b'', op=M2Crypto.encrypt) 
encrypted_message = cipher.update(message) 
encrypted_message += cipher.final() 
print(encrypted_message) 

。

# PyCrypto version 
# pip install pycrypto 

# Please bear in mind that PyCrypto cannot handle x509 certificates. 
# You will have to extract the public_key to a pem file: 
# openssl x509 -inform pem -in certificate.cer -pubkey -noout > public_key.pem 

from Crypto import Random 
from Crypto.Cipher import ARC4 
from Crypto.Cipher import PKCS1_OAEP 
from Crypto.Cipher import PKCS1_v1_5 
from Crypto.PublicKey import RSA 


message = 'Super secret secret message' 
message = message.encode('utf-8') 
public_key_data = open('/path/to/public_key.pem', 'r').read() 
public_key = RSA.importKey(public_key_data) 
random_key = Random.new().read(16) 
cipher = PKCS1_v1_5.new(public_key) 
encrypted_random_key = cipher.encrypt(random_key) 
print(encrypted_random_key) 
cipher = ARC4.new(random_key) 
encrypted_message = cipher.encrypt(message) 
print(encrypted_message) 

你可以看看我的文章在=>http://helpfulsheep.com/2017-09-01-openssl-seal-in-python/