我一直在嘗試下面的Java代碼轉換爲它的等效蟒:將Java加密代碼到Python相當於
Encrypt.java
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
//import org.jose4j.base64url.Base64;
public class Encrypt {
public static void main(String[] args)
throws InvalidKeySpecException, NoSuchAlgorithmException, UnsupportedEncodingException, CertificateException, FileNotFoundException {
PublicKey pubKey;
Object localObject1 = new
String("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmy"
+
"qvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXe"
+
"iqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmE"
+ "MWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB");
//localObject1 = new X509EncodedKeySpec(Base64.decode(((String)localObject1).getBytes("utf-8")));
localObject1 = new X509EncodedKeySpec(Base64.decodeBase64(((String)localObject1).getBytes("utf-8")));
localObject1 = KeyFactory.getInstance("RSA").generatePublic((KeySpec)localObject1);
System.out.println((PublicKey)localObject1);
System.out.println("___________________________________________________________________________________________________________________________________________________");
// String secret_pub_key= //"-----BEGIN RSA PUBLIC KEY-----" +
// "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkvq7mHuTMGeJF/qiAot"+
// "OcLTd6hjDEcMHIk2IY35JInuypD6WieogOxSS6kHYho/U+BW/Cgz0XjziPIQSJZx"+
// "AGOrtdZrTa6n6S6I65YB2wPB93lLi/qnBmUSetEgAgM+MOfiYT8Dift9Mut+BvbE"+
// "iFMH163ovoiTyLDpbTYDB6InzFzu1l7G01pi/ZAc69kWrJ+yNMEUcnAerRPt30et"+
// "XAbKD2lC696VJa/2xtWZ5T7vwMpFLIaGFAg228ZifgwDIRFsBmwPsAsngQSGVVBo"+
// "Ijm3fb0PUDV4MTw+cNT0ldHbYCAWy6zgA0K7eL5LcUN8+ai7u6VMWYUT4FAvYNiP"+
// "IwIDAQAB";
// //"-----END RSA PUBLIC KEY-----";
// X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(Base64.decode(secret_pub_key));
// KeyFactory keyFactory = KeyFactory.getInstance("RSA");
// PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
Object secret_pub_key= new String(//"-----BEGIN RSA PUBLIC KEY-----" +
"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukY"+
"ycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz"+
"+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hd"+
"lnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNq"+
"XeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638T"+
"i8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl"+
"+wIDAQAB");
//"-----END RSA PUBLIC KEY-----";
secret_pub_key = new X509EncodedKeySpec(Base64.decodeBase64(((String)secret_pub_key).getBytes("utf-8")));
secret_pub_key = KeyFactory.getInstance("RSA").generatePublic((KeySpec)secret_pub_key);
pubKey = (PublicKey)secret_pub_key;
Object localObject;
Lc lc = new Lc();
System.out.println("\n\nlc.pub is" + lc.pub);
System.out.println("\n\n\nokokokokok" + pubKey.getEncoded());
//byte[] arrayOfByte = new String(Base64.encodeBase64(lc.pub.getEncoded())).getBytes();
byte[] arrayOfByte = new String(Base64.encodeBase64(pubKey.getEncoded())).getBytes();
StringBuilder localStringBuilder1 = new StringBuilder();
int i = 0;
while (i < arrayOfByte.length) {
if (arrayOfByte.length > i + 200) {
localObject = Arrays.copyOfRange(arrayOfByte, i, i + 200);
} else {
localObject = Arrays.copyOfRange(arrayOfByte, i, arrayOfByte.length + 1);
}
StringBuilder localStringBuilder2 = new StringBuilder();
lc.pub = (PublicKey)localObject1;
localObject = new String((byte[])localObject);
localStringBuilder1.append(lc.upperDot((String)localObject) + ":::");
i += 200;
}
System.out.println("The ducking key is " + localStringBuilder1.toString());
}
}
Lc.java
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public class Lc {
public static PublicKey pub;
public static PrivateKey pri;
public byte[] by;
public String dot;
public Lc() {
Object localObject = "RSA";
try
{
localObject = KeyPairGenerator.getInstance((String)localObject);
KeyPair localKeyPair = ((KeyPairGenerator)localObject).generateKeyPair();
localObject = localKeyPair.getPublic();
pub = (PublicKey)localObject;
localObject = localKeyPair.getPrivate();
pri = (PrivateKey)localObject;
}
catch (NoSuchAlgorithmException localNoSuchAlgorithmException)
{
localNoSuchAlgorithmException.printStackTrace();
}
}
public static String upperDot(String paramString)
{
Object localObject = "RSA/ECB/PKCS1Padding";
try
{
Cipher localCipher = Cipher.getInstance((String)localObject);
localObject = pub;
int i = 1;
localCipher.init(i, (Key)localObject);
localObject = paramString.getBytes();
byte[] arrayOfByte1 = localCipher.doFinal((byte[])localObject);
byte[] arrayOfByte2 = Base64.encodeBase64(arrayOfByte1);
localObject = new String(arrayOfByte2);
return (String)localObject;
}
catch (Exception localException)
{
System.out.print(localException);
}
return null;
}
}
請忽略上述2個java文件的糟糕設計和調試打印s tatements
,上述產生的輸出,這是我感興趣的是最後一個輸出語句的內容:
的迴避關鍵是t4z2jf9GKtKvXiXCPYU3u7Y0LwQOOeQBVi + YRATc3GqyTNb085bRLUVqiNT5v/ZcZl2FZPegeN8OTG9vPbwuY1HrQ04xv0vUf3ohJORiUXwEQtoBVMDnKHib50FPZCbAZIp/1u0KgEPBV9rEe7BmHi2UGCNnp0e50G68cBPLknUinBIIYIIrw/o3U4SAT + uBdo6wyi/x0tWR3El8gJpL34JJVWzdzi4y61cPZI31gxyY19t1EzzmtqB0wnjV5RvTsavR5s3RgtBu3EV + b43poam2K0CsRyfB2lFawkZBnvRL6GzvozBpUYe4awdPbU4Pjvuju5B3zWXloQ5kMVZAkg == ::: MpcHcJWhGdYrS1VLza + ereOU1ZRZ9LyVTN0KBBdQLIjYXChX1eKtRdftrF306L5BE8Ni9ibTylbcsc6tocphVpYnCvYN2eKVcEoHLyk9Iz/Cf2ikYJCUFtHh/CP nSILhwI7txdVds0Il58uDMevMnvvRntqVR7nw6UUmUVwmtFvNWVdceP61BHc9YsDMdQs8jPOeGAHWmqA2g4ODYB2W07yQhmwNIQZEmkmrfRHUd1dqM57sIWS9HdgEbrnqhyt1pIWrCxzgYbzZCuaDS/llcFsqgLBbaPpTg2qNUFi2x3r1jJ1UeJeX + Y/mOhrEvBXSLmadsCYmEROIutNgoVWigg == :::
現在我想實現通過蟒蛇完全相同的行爲(2.7,如果該事項)。我迄今爲止依靠pycrypto和M2Crypto,但都沒有幫助。
這是我在製造蟒當量的上述的嘗試:
from Crypto.PublicKey import RSA
from base64 import b64decode
from base64 import b64encode
def ecnryptorFun(key, secret):
encrypted = key.encrypt(secret, 1)
final_text = b64encode(encrypted[0])
return final_text
def sayHello(body):
url = 'https://consumer-app-development.appspot.com/api/sayHello'
res = requests.post(url=url, data=body)
return res.text
key64 = b'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA76y3+1w4Ld9Q4WvHQkCkg6qjwq2wWOYMV9nAthX6ugatNlShRb2gBmyqvh7tOYHhjAhkG9Z33jCVinPuhgb0ioa5/sFAgP5LDdo5SBk4b4n/wRUbdMhfFFcTT0As2OsmdBc2iONUaG4g3WjgRODxy6LLahms6YgTnG+AqeDo8LpXxsiFXeiqGUyKQU1l16BPc2xyG+tDitFbKHx9pDL12e/w5b4G4Zg4yJgbNlZrGc3Udz5EbDREnAwirjAA3F6x2DF3j746vETb1g2y6+P5sS4lvG3XmaB1JBlhNh5qpqADRqmEMWeiYhrRcK9KjS1URSUizGPo96d8R82DmXvYKQIDAQAB'
keyDER = b64decode(key64)
keyPub = RSA.importKey(keyDER)
secret = b"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApzQvzc+chU92SSh2eukYycdTJArCjL4+AqW8a2lKZ2jb5g04q6FGSRJgNkuggXt7U5ys5pb+J0699vY9rzgz+WmH6W/ZRZ2hAf3rtWaC1YYetD1SfmD2OGItGfkFYuppjjjKXEnTDzCBQT5IL7hdlnlCfpDkcPmJWvKJU+5gJek9RanVQYXLWgtOIVrQ7LJhQEFDMuYSw+rz7+paBxNqXeHTvDk/ylGtHjb3xOvbVg3DfL2z76YYX69Ae3Cd1rlqaY0IT01k3oeqNZg3638Ti8l+6ytwChRhtOHZh5XCaW6Cfbz2nezgYgY1qTAKK05o8Of+W/dErUt4166qnjBl+wIDAQAB"
#secret1 = b64encode(secret)
arrayOfByte = bytearray(secret)
i = 0
localStringBuilder1 = ""
while i < len(arrayOfByte):
if len(arrayOfByte) > (i+200):
localObject = arrayOfByte[i:i+200]
else:
localObject = arrayOfByte[i:len(arrayOfByte)+1]
localObj_byte_array = bytearray(localObject)
localStringBuilder1 = localStringBuilder1 + ecnryptorFun(keyPub, str(localObject)) + ':::'
#localStringBuilder1 = localStringBuilder1 + ecnryptorFun(encryption_key, localObj_byte_array) + ':::'
i += 200;
print localStringBuilder1
上述Python代碼的輸出
vkqbraD/5HMvs9LG59VXCGCLUoJ0msU6fVvLMDCc8fQ41S3R3IC0EfxLCk9FoHUIGK5h90Rd0at2ROvcOVCtESAYZlYYCB1U99NqWCFLvyDBxS4uEAVHD5yv4U82Dmn/P/ASI + d/GxnvP/xvyiI + tp39lWx77DuV4hlnRbltHu9f4o4cvqZ + Nn7wCzY1TBzIClT8f4lx2g9E/5 + mhfkQIHejGIAMyJXl3xy + qhQSoy8DvudGQU95eGfDRdci4yqOwDeG2 + QlUip627tMbttAroWQjM8jC419kFPetTlmV/RczE/vcwnyM3iEnrhB9KnjRLYEecJ8 mEYU7L/TxBe +的Tg == ::: V1oZBPETF9ryap59T4zOwfW0/pASSCULWL8ZlvUrSlRLeaZmIxplNmewqyUnrhwIbnpDvwhmz7 + 2/Dd2EN4hJndRnGl7aoEX8/GJP0Kz9vL2qEDbIGQC/Dv6O75KPFZ/E06DYLcycLhNZYxudwVP9rJAhFEEMgefpY40v1 + B6sqqogrGnZhfwITaqpU0FKTbHSlHUymlD6Cn4lb0yLMISG6MZRQrP5B67UkGexlpxPQTHsXcLy0vTEzMZkvdxbv4YtawNvmgeQEgD1jqIB45pOngrwp3jcs9D9Ib2hCwpOoqkwOV/YAA + XO + dkPo8BxOw5DH/jWRcksb3N65YEmlvQ == :::
現在雖然上述產生非常相似的輸出,但它不是正確的。爲什麼?因爲當上面的java代碼的輸出被髮送到後端時,我收到一個HTTP 200 OK和期望的響應。
但是,當上面的python代碼的輸出與後端類似地發送時,我收到500內部服務器錯誤,意思是(根據我的假設,考慮到所有其他參數,頭文件等)在java和python HTTP請求之間保持完全一致)後端輸入不正確,因此破壞(再次請忽略500,我同意它應該是更有意義的東西,絕對不是500)
我無權訪問後端。它更像是一個紅色的團隊 - 我們正在做的藍色團隊練習
此外,我可能會調用上面的python代碼,仍然設法達到最終結果並完成工作,但那會是更多的是黑客攻擊,儘管這已經足夠了,但我更感興趣的是知道如何才能夠獨自完成Python。
按下面我的意見提出了一些建議嘗試這樣做,以及: 所以,我想這個問題,以及:
from Crypto.Cipher import PKCS1_v1_5
def encryptMsg(secret):
message = secret
key = RSA.importKey(open('myPubkey.pem').read())
cipher = PKCS1_v1_5.new(key)
ciphertext = b64encode(cipher.encrypt(message))
return ciphertext
,然後在while循環,這樣的:
localStringBuilder1 = localStringBuilder1 + encryptMsg(str(localObject)) + ':::'
仍似乎沒有工作。與以前相同的結果。
響應不看進過多的代碼:在Java中你使用PKCS#1 V1。 5填充,但在Python中,您沒有使用任何填充。您需要使用'PKCS1_5'類 –
謝謝。說得通。我看到有[https://www.dlitz.net/software/pycrypto/api/2.6/Crypto.Signature.PKCS1_v1_5-module.html] 讓我探索它。 – qre0ct
不..看上去不像上面的鏈接可以提供幫助。有沒有其他的Python庫可以提供這個功能? – qre0ct