AES Encryption Golang and Python

huangapple go评论95阅读模式
英文:

AES Encryption Golang and Python

问题

我正在为自己做一个有趣的副业项目。一个是使用Golang编写的服务器,另一个是使用Python编写的客户端。我希望传输的数据能够进行加密,但是似乎无法使这两种加密方案一起工作。我在加密方面是个新手,所以请像对待一个小孩子一样解释。

这是我的Golang加密函数:

import (
    "crypto/aes"
    "crypto/cipher"
    "crypto/rand"
    "errors"
    "io"
    "fmt"
)

func Encrypt(key, text []byte) (ciphertext []byte, err error) {
    var block cipher.Block
    if block, err = aes.NewCipher(key); err != nil {
        return nil, err
    }
    ciphertext = make([]byte, aes.BlockSize+len(string(text)))
    iv := ciphertext[:aes.BlockSize]
    fmt.Println(aes.BlockSize)
    if _, err = io.ReadFull(rand.Reader, iv); err != nil {
        return
    }
    cfb := cipher.NewCFBEncrypter(block, iv)
    cfb.XORKeyStream(ciphertext[aes.BlockSize:], text)
    return
}

func Decrypt(key, ciphertext []byte) (plaintext []byte, err error) {
    var block cipher.Block
    if block, err = aes.NewCipher(key); err != nil {
        return
    }
    if len(ciphertext) < aes.BlockSize {
        err = errors.New("ciphertext too short")
        return
    }
    iv := ciphertext[:aes.BlockSize]
    ciphertext = ciphertext[aes.BlockSize:]
    cfb := cipher.NewCFBDecrypter(block, iv)
    cfb.XORKeyStream(ciphertext, ciphertext)
    plaintext = ciphertext
    return
}

这是我的Python实现:

from Crypto.Cipher import AES
from Crypto import Random
from binascii import hexlify

class AESCipher:
    def __init__( self, key ):
        self.key = key
        print "INIT KEY" + hexlify(self.key)
    
    def encrypt( self, raw ):
        print "RAW STRING: " + hexlify(raw)
        iv = Random.new().read( AES.block_size )
        cipher = AES.new( self.key, AES.MODE_CFB, iv )
        r = ( iv + cipher.encrypt( raw ) )
        print "ECRYPTED STRING: " + hexlify(r)
        return r

    def decrypt( self, enc ):
        enc = (enc)
        iv = enc[:16]
        cipher = AES.new(self.key, AES.MODE_CFB, iv)
        x=(cipher.decrypt( enc ))
        print "DECRYPTED STRING: " + hexlify(x)
        return x

我也无法完全理解我的Python函数的输出。我的Go例程完美运行。但是我希望能够在Go中加密,在Python中解密,反之亦然。

Python的示例输出:

INIT KEY61736466617364666173646661736466
RAW STRING: 54657374206d657373616765
ECRYPTED STRING: dfee33dd40c32fbaf9aac73ac4e0a5a9fc7bd2947d29005dd8d8e21a
dfee33dd40c32fbaf9aac73ac4e0a5a9fc7bd2947d29005dd8d8e21a
DECRYPTED STRING: 77d899b990d2d3172a3229b1b69c6f2554657374206d657373616765
77d899b990d2d3172a3229b1b69c6f2554657374206d657373616765
wØ™¹ÐÒÓ*2)±¶œo%Test message

你可以看到消息被解密了,但是最后出现在字符串的末尾?

编辑:
从Go解密的示例输出。
如果我尝试使用Go解密以下内容(使用Python生成):

ECRYPTED STRING: (Test Message) 7af474bc4c8ea9579d83a3353f83a0c2844f8efb019c82618ea0b478

我得到的结果是:

Decrypted Payload: 54 4E 57 9B 90 F8 D6 CD 12 59 0B B1
Decrypted Payload: TNW�����Y�

奇怪的是,第一个字符总是正确的。

这是两个完整项目的链接:

Github

英文:

I am working on a fun side project for myself. A golang server and a python client. I want data transmitted to be encrypted but cant seem to get the two encryption schemes working together. I am a novice when it comes to encryption so please explain like you are talking to a toddler.

Here is my golang encryption functions:

import (
    &quot;crypto/aes&quot;
    &quot;crypto/cipher&quot;
    &quot;crypto/rand&quot;
    &quot;errors&quot;
    &quot;io&quot;
	&quot;fmt&quot;
)
func Encrypt(key, text []byte) (ciphertext []byte, err error) {
    var block cipher.Block
    if block, err = aes.NewCipher(key); err != nil {
        return nil, err
    }
    ciphertext = make([]byte, aes.BlockSize+len(string(text)))
    iv := ciphertext[:aes.BlockSize]
	fmt.Println(aes.BlockSize)
    if _, err = io.ReadFull(rand.Reader, iv); err != nil {
        return
    }
    cfb := cipher.NewCFBEncrypter(block, iv)
    cfb.XORKeyStream(ciphertext[aes.BlockSize:], text)
    return
}

func Decrypt(key, ciphertext []byte) (plaintext []byte, err error) {
    var block cipher.Block
    if block, err = aes.NewCipher(key); err != nil {
        return
    }
    if len(ciphertext) &lt; aes.BlockSize {
        err = errors.New(&quot;ciphertext too short&quot;)
        return
    }
    iv := ciphertext[:aes.BlockSize]
    ciphertext = ciphertext[aes.BlockSize:]
    cfb := cipher.NewCFBDecrypter(block, iv)
    cfb.XORKeyStream(ciphertext, ciphertext)
    plaintext = ciphertext
    return
}

and here is my Python implementation:

 class AESCipher:
    def __init__( self, key ):
        self.key = key
        print &quot;INIT KEY&quot; + hexlify(self.key)
    def encrypt( self, raw ):
        print &quot;RAW STRING: &quot; + hexlify(raw)
        iv = Random.new().read( AES.block_size )
        cipher = AES.new( self.key, AES.MODE_CFB, iv )
        r = ( iv + cipher.encrypt( raw ) )
        print &quot;ECRYPTED STRING: &quot; + hexlify(r)
        return r

    def decrypt( self, enc ):
        enc = (enc)
        iv = enc[:16]
        cipher = AES.new(self.key, AES.MODE_CFB, iv)
        x=(cipher.decrypt( enc ))
        print &quot;DECRYPTED STRING: &quot; + hexlify(x)
        return x

i cant quite figure out the output of my python functions either. My Go routines are working perfectly. But i want to be able to encrypt in Go an decrypt in python and vice versa.

Sample Output from Python:

INIT KEY61736466617364666173646661736466
RAW STRING: 54657374206d657373616765
ECRYPTED STRING: dfee33dd40c32fbaf9aac73ac4e0a5a9fc7bd2947d29005dd8d8e21a
dfee33dd40c32fbaf9aac73ac4e0a5a9fc7bd2947d29005dd8d8e21a
DECRYPTED STRING: 77d899b990d2d3172a3229b1b69c6f2554657374206d657373616765
77d899b990d2d3172a3229b1b69c6f2554657374206d657373616765
w&#216;™&#185;�&#210;&#211;*2)&#177;&#182;œo%Test message

As you can see the message is decrypted but ends up at the end of the string?

EDIT:
Sample output decrypting from GO.
If i try and decrypt with GO the below (generated with Python)

ECRYPTED STRING: (Test Message) 7af474bc4c8ea9579d83a3353f83a0c2844f8efb019c82618ea0b478

I get

Decrypted Payload: 54 4E 57 9B 90 F8 D6 CD 12 59 0B B1
Decrypted Payload: TNW�����Y�

The strange part is the first character is always correct

here are both full projects:

Github

答案1

得分: 5

Python使用8位段,而Go使用128位段,所以第一个字符有效,但后续字符无效的原因是每个段都依赖于前一个段,因此不同的段大小会破坏链条。

我为Python编写了这些URL安全(非填充的base64编码)的加密/解密函数,以便可以选择以与Go相同的方式加密(当指定block_segments=True时)。

def decrypt(key, value, block_segments=False):
    # base64库无法处理Unicode值,所以我们将value转换为字符串
    value = str(value)
    # 在这里添加填充("=")以避免解码失败
    value = base64.b64decode(value + '=' * (4 - len(value) % 4), '-_')
    iv, value = value[:AES.block_size], value[AES.block_size:]
    if block_segments:
        # Python默认使用8位段,为了支持使用128位段加密的语言,我们需要填充和截断值
        remainder = len(value) % 16
        padded_value = value + '
def decrypt(key, value, block_segments=False):
    # base64库无法处理Unicode值,所以我们将value转换为字符串
    value = str(value)
    # 在这里添加填充("=")以避免解码失败
    value = base64.b64decode(value + '=' * (4 - len(value) % 4), '-_')
    iv, value = value[:AES.block_size], value[AES.block_size:]
    if block_segments:
        # Python默认使用8位段,为了支持使用128位段加密的语言,我们需要填充和截断值
        remainder = len(value) % 16
        padded_value = value + '\0' * (16 - remainder) if remainder else value
        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        # 返回去除填充的解密字符串
        return cipher.decrypt(padded_value)[:len(value)]
    return AES.new(key, AES.MODE_CFB, iv).decrypt(value)


def encrypt(key, value, block_segments=False):
    iv = Random.new().read(AES.block_size)
    if block_segments:
        # 参考解密函数的注释
        remainder = len(value) % 16
        padded_value = value + '\0' * (16 - remainder) if remainder else value
        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        value = cipher.encrypt(padded_value)[:len(value)]
    else:
        value = AES.new(key, AES.MODE_CFB, iv).encrypt(value)
    # 返回去除填充的加密值,以避免查询字符串问题
    return base64.b64encode(iv + value, '-_').rstrip('=')
' * (16 - remainder) if remainder else value
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128) # 返回去除填充的解密字符串 return cipher.decrypt(padded_value)[:len(value)] return AES.new(key, AES.MODE_CFB, iv).decrypt(value) def encrypt(key, value, block_segments=False): iv = Random.new().read(AES.block_size) if block_segments: # 参考解密函数的注释 remainder = len(value) % 16 padded_value = value + '
def decrypt(key, value, block_segments=False):
    # base64库无法处理Unicode值,所以我们将value转换为字符串
    value = str(value)
    # 在这里添加填充("=")以避免解码失败
    value = base64.b64decode(value + '=' * (4 - len(value) % 4), '-_')
    iv, value = value[:AES.block_size], value[AES.block_size:]
    if block_segments:
        # Python默认使用8位段,为了支持使用128位段加密的语言,我们需要填充和截断值
        remainder = len(value) % 16
        padded_value = value + '\0' * (16 - remainder) if remainder else value
        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        # 返回去除填充的解密字符串
        return cipher.decrypt(padded_value)[:len(value)]
    return AES.new(key, AES.MODE_CFB, iv).decrypt(value)


def encrypt(key, value, block_segments=False):
    iv = Random.new().read(AES.block_size)
    if block_segments:
        # 参考解密函数的注释
        remainder = len(value) % 16
        padded_value = value + '\0' * (16 - remainder) if remainder else value
        cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
        value = cipher.encrypt(padded_value)[:len(value)]
    else:
        value = AES.new(key, AES.MODE_CFB, iv).encrypt(value)
    # 返回去除填充的加密值,以避免查询字符串问题
    return base64.b64encode(iv + value, '-_').rstrip('=')
' * (16 - remainder) if remainder else value
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128) value = cipher.encrypt(padded_value)[:len(value)] else: value = AES.new(key, AES.MODE_CFB, iv).encrypt(value) # 返回去除填充的加密值,以避免查询字符串问题 return base64.b64encode(iv + value, '-_').rstrip('=')

请注意,对于安全的消息传递,您需要额外的安全功能,例如使用nonce来防止重放攻击。

以下是Go的等效函数:

func Decrypt(key []byte, encrypted string) ([]byte, error) {
    ciphertext, err := base64.RawURLEncoding.DecodeString(encrypted)
    if err != nil {
        return nil, err
    }
    block, err := aes.NewCipher(key)
    if err != nil {
        return nil, err
    }
    if len(ciphertext) < aes.BlockSize {
        return nil, errors.New("ciphertext too short")
    }
    iv := ciphertext[:aes.BlockSize]
    ciphertext = ciphertext[aes.BlockSize:]
    cfb := cipher.NewCFBDecrypter(block, iv)
    cfb.XORKeyStream(ciphertext, ciphertext)
    return ciphertext, nil
}

func Encrypt(key, data []byte) (string, error) {
    block, err := aes.NewCipher(key)
    if err != nil {
        return "", err
    }
    ciphertext := make([]byte, aes.BlockSize+len(data))
    iv := ciphertext[:aes.BlockSize]
    if _, err := io.ReadFull(rand.Reader, iv); err != nil {
        return "", err
    }
    stream := cipher.NewCFBEncrypter(block, iv)
    stream.XORKeyStream(ciphertext[aes.BlockSize:], data)
    return base64.RawURLEncoding.EncodeToString(ciphertext), nil
}
英文:

Python uses 8-bit segments while Go uses 128-bit segments so the reason the first character works but the following ones don't is because each segment depends on the previous and thus a different segment size breaks the chain.

I made these URL safe (non-padded base64 encoding) encrypt/decrypt functions for Python to optionally encrypt the same way Go does (when you specify block_segments=True).

def decrypt(key, value, block_segments=False):
    # The base64 library fails if value is Unicode. Luckily, base64 is ASCII-safe.
    value = str(value)
    # We add back the padding (&quot;=&quot;) here so that the decode won&#39;t fail.
    value = base64.b64decode(value + &#39;=&#39; * (4 - len(value) % 4), &#39;-_&#39;)
    iv, value = value[:AES.block_size], value[AES.block_size:]
    if block_segments:
        # Python uses 8-bit segments by default for legacy reasons. In order to support
        # languages that encrypt using 128-bit segments, without having to use data with
        # a length divisible by 16, we need to pad and truncate the values.
        remainder = len(value) % 16
        padded_value = value + &#39;
def decrypt(key, value, block_segments=False):
# The base64 library fails if value is Unicode. Luckily, base64 is ASCII-safe.
value = str(value)
# We add back the padding (&quot;=&quot;) here so that the decode won&#39;t fail.
value = base64.b64decode(value + &#39;=&#39; * (4 - len(value) % 4), &#39;-_&#39;)
iv, value = value[:AES.block_size], value[AES.block_size:]
if block_segments:
# Python uses 8-bit segments by default for legacy reasons. In order to support
# languages that encrypt using 128-bit segments, without having to use data with
# a length divisible by 16, we need to pad and truncate the values.
remainder = len(value) % 16
padded_value = value + &#39;\0&#39; * (16 - remainder) if remainder else value
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
# Return the decrypted string with the padding removed.
return cipher.decrypt(padded_value)[:len(value)]
return AES.new(key, AES.MODE_CFB, iv).decrypt(value)
def encrypt(key, value, block_segments=False):
iv = Random.new().read(AES.block_size)
if block_segments:
# See comment in decrypt for information.
remainder = len(value) % 16
padded_value = value + &#39;\0&#39; * (16 - remainder) if remainder else value
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
value = cipher.encrypt(padded_value)[:len(value)]
else:
value = AES.new(key, AES.MODE_CFB, iv).encrypt(value)
# The returned value has its padding stripped to avoid query string issues.
return base64.b64encode(iv + value, &#39;-_&#39;).rstrip(&#39;=&#39;)
&#39; * (16 - remainder) if remainder else value cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128) # Return the decrypted string with the padding removed. return cipher.decrypt(padded_value)[:len(value)] return AES.new(key, AES.MODE_CFB, iv).decrypt(value) def encrypt(key, value, block_segments=False): iv = Random.new().read(AES.block_size) if block_segments: # See comment in decrypt for information. remainder = len(value) % 16 padded_value = value + &#39;
def decrypt(key, value, block_segments=False):
# The base64 library fails if value is Unicode. Luckily, base64 is ASCII-safe.
value = str(value)
# We add back the padding (&quot;=&quot;) here so that the decode won&#39;t fail.
value = base64.b64decode(value + &#39;=&#39; * (4 - len(value) % 4), &#39;-_&#39;)
iv, value = value[:AES.block_size], value[AES.block_size:]
if block_segments:
# Python uses 8-bit segments by default for legacy reasons. In order to support
# languages that encrypt using 128-bit segments, without having to use data with
# a length divisible by 16, we need to pad and truncate the values.
remainder = len(value) % 16
padded_value = value + &#39;\0&#39; * (16 - remainder) if remainder else value
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
# Return the decrypted string with the padding removed.
return cipher.decrypt(padded_value)[:len(value)]
return AES.new(key, AES.MODE_CFB, iv).decrypt(value)
def encrypt(key, value, block_segments=False):
iv = Random.new().read(AES.block_size)
if block_segments:
# See comment in decrypt for information.
remainder = len(value) % 16
padded_value = value + &#39;\0&#39; * (16 - remainder) if remainder else value
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
value = cipher.encrypt(padded_value)[:len(value)]
else:
value = AES.new(key, AES.MODE_CFB, iv).encrypt(value)
# The returned value has its padding stripped to avoid query string issues.
return base64.b64encode(iv + value, &#39;-_&#39;).rstrip(&#39;=&#39;)
&#39; * (16 - remainder) if remainder else value cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128) value = cipher.encrypt(padded_value)[:len(value)] else: value = AES.new(key, AES.MODE_CFB, iv).encrypt(value) # The returned value has its padding stripped to avoid query string issues. return base64.b64encode(iv + value, &#39;-_&#39;).rstrip(&#39;=&#39;)

Note that for secure message passing you want additional security features, such as a nonce to prevent against replay attacks.

Here are the Go equivalent functions:

func Decrypt(key []byte, encrypted string) ([]byte, error) {
	ciphertext, err := base64.RawURLEncoding.DecodeString(encrypted)
	if err != nil {
		return nil, err
	}
	block, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}
	if len(ciphertext) &lt; aes.BlockSize {
		return nil, errors.New(&quot;ciphertext too short&quot;)
	}
	iv := ciphertext[:aes.BlockSize]
	ciphertext = ciphertext[aes.BlockSize:]
	cfb := cipher.NewCFBDecrypter(block, iv)
	cfb.XORKeyStream(ciphertext, ciphertext)
	return ciphertext, nil
}

func Encrypt(key, data []byte) (string, error) {
	block, err := aes.NewCipher(key)
	if err != nil {
		return &quot;&quot;, err
	}
	ciphertext := make([]byte, aes.BlockSize+len(data))
	iv := ciphertext[:aes.BlockSize]
	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
		return &quot;&quot;, err
	}
	stream := cipher.NewCFBEncrypter(block, iv)
	stream.XORKeyStream(ciphertext[aes.BlockSize:], data)
	return base64.RawURLEncoding.EncodeToString(ciphertext), nil
}

答案2

得分: 3

你在Python中的解密过程中忘记了切掉IV。请将以下代码进行修改:

x=(cipher.decrypt( enc ))

修改为

x = cipher.decrypt( enc[16:] )

或者修改为

x = cipher.decrypt( enc )[16:]
英文:

You forgot to slice off the IV during decryption in Python. Change

x=(cipher.decrypt( enc ))

to

x = cipher.decrypt( enc[16:] )

or to

x = cipher.decrypt( enc )[16:]

huangapple
  • 本文由 发表于 2016年3月5日 14:54:16
  • 转载请务必保留本文链接:https://go.coder-hub.com/35811119.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定