在Python中使用公有模数和指数的RSA加密密码

Question

我需要加密一个密码，并将其作为http头添加，以便从python客户端进行rest调用。我正在尝试用Python语言实现下面列出的C#代码，但是使用Python语言的rest POST请求似乎失败了，因为从Python语言生成的加密密码字符串似乎与来自C#的加密密码不匹配。C#代码生成正确的加密密码

模数："w1jcEfmxCTz5aB9wGg1Vl5K45VUm8Aj7+05sBarmrwbvC9BNjAqSySPmC2ajWSQGdmBs4xylKZjHKaXg5rxuNw=="

指数：

"AQAB"

要加密的密码：'tricky'

来自C#的加密密码(每次生成时都会更改)：'%14%1d%0a%bb%a0X%24H%ad%ce%9aG%f6a%dau%d8%01%ec%d5)+%d3%11%8e%3ew%c8K%dce%ec%84K%e6%1d%ea%81%3e%d14%87%80s%8eo%a6%bc%fd%1b%8f%a1V8%c8%96%b1%ec%1f%d7qd%bbz'

来自Python的加密密码：'%21%F6%7E.i%F4%F4%5E%E5%A9v%03E%8C%1C%3E%F1%D7%DBT%A2%03z%BF%E2%E8%8FJh%E3%85%AA%24%25%C2%C9Hg%18z%22a%F8g%0B%81%3C%DC%FEr%F8C%98s%B5%DA1%F6%60%23%BAw%10F'

下面是我使用Pycrypto进行加密的python代码：

from base64 import b64decode
from Crypto.PublicKey.RSA import construct

def get_encrypted_password(password, modulus, exponent):
    password = password.encode('utf-8')

    # decode base64 string to be used as modulus(n) and exponent(e) components for constructing the RSA public key object
    modulus = b64decode(modulus)
    exponent = b64decode(exponent)

    n = int.from_bytes(modulus, byteorder=sys.byteorder)
    e = int.from_bytes(exponent, byteorder=sys.byteorder)

    pubkey = construct((n,e))
    encrypted = pubkey.encrypt(password,None)[0]
    #url encode the encrypted password
    encrypted = urllib.parse.quote_plus(encrypted)
    return encrypted

这是执行加密的C#代码：

public static string EncryptForTransport(string strToEncrypt, string rsaPublicKey)
        {
            KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.AllFlags);

            permission.Assert();

            if (string.IsNullOrEmpty(strToEncrypt))
            { return strToEncrypt; }

            RSACryptoServiceProvider rsaEncryptor = GetRsaEncryptor(rsaPublicKey);

            byte[] buffer = rsaEncryptor.Encrypt(Encoding.UTF8.GetBytes(strToEncrypt), false);

            try
            {
                rsaEncryptor.Clear();
            }
            catch (CryptographicException)
            {
                //errors may occur ignore them.
            }

            string encryptedStr = HttpUtility.UrlEncode(buffer);// byteConverterGetString;

            return encryptedStr;

        }

        private static RSACryptoServiceProvider GetRsaEncryptor(string rsaPublicKey)
        {
            RSACryptoServiceProvider.UseMachineKeyStore = true;
            RSACryptoServiceProvider rsaEncryptor = RSACryptoServiceProvider.Create() as RSACryptoServiceProvider;
            if (rsaEncryptor.PersistKeyInCsp)
                rsaEncryptor.PersistKeyInCsp = false;
            rsaEncryptor.FromXmlString(rsaPublicKey);

            return rsaEncryptor;
        }

关于我在Python中使用RSA加密密码的错误之处，有什么想法吗？

Answer 1

为了匹配C#代码所做的工作，您必须正确地解析大端模数和指数，并使用PKCSv1.5填充。下面的例子略微修改了你的代码以显示这一点。

from base64 import b64decode
from Crypto.PublicKey.RSA import construct
from Crypto.Cipher import PKCS1_v1_5
import urllib.parse


def get_encrypted_password(password, modulus, exponent):
    password = password.encode('utf-8')

    # decode base64 string to be used as modulus(n) and exponent(e) components for
    # constructing the RSA public key object

    modulus = b64decode(modulus)
    exponent = b64decode(exponent)

    n = int.from_bytes(modulus, byteorder='big')
    e = int.from_bytes(exponent, byteorder='big')

    pubkey = construct((n, e))
    pubkey = PKCS1_v1_5.new(pubkey)
    encrypted = pubkey.encrypt(password)
    # url encode the encrypted password
    encrypted = urllib.parse.quote_plus(encrypted)
    return encrypted