python密码学库pynacl功能介绍
作者:西京刀客
python库-密码学库pynacl
什么是pynacl
官方: https://pynacl.readthedocs.io/en/latest/
PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library. These libraries have a stated goal of improving usability, security and speed. It supports Python 3.6+ as well as PyPy 3.
PyNaCl 是 libsodium C库绑定封装。PyNaCl是libsodium库的Python实现。libsodium是一个基于NaCI开发的先进而且易用的加密库,主要用于加密、解密、签名和生成密码哈希等。PyNaCI能够提供数字签名、密钥加密、公钥加密、哈希和消息身份验证、基于密码的密钥派生和密码散列功能。
libsodium 是c写的,现代,便携式,易于使用的加密库。Sodium是一个新的,易于使用的软件库,用于加密,解密,签名,密码哈希等。
官网:libsodium.org
github: https://github.com/jedisct1/libsodium
PyNaCl功能:
- Digital signatures
- Secret-key encryption
- Public-key encryption
- Hashing and message authentication
- Password based key derivation and password hashing
数字签名使用example
官方:https://pynacl.readthedocs.io/en/latest/signing/
数字签名允许您公布公共密钥,然后您可以使用私有签名密钥来签名消息。然后,拥有您的公钥的其他人可以使用它来验证您的消息实际上是真实的。
签名和验证消息而无需编码密钥或消息:
签名 (SigningKey):
from nacl.encoding import Base64Encoder from nacl.signing import SigningKey # Generate a new random signing key signing_key = SigningKey.generate() # Sign a message with the signing key signed_b64 = signing_key.sign(b"Attack at Dawn", encoder=Base64Encoder) # Obtain the verify key for a given signing key verify_key = signing_key.verify_key # Serialize the verify key to send it to a third party verify_key_b64 = verify_key.encode(encoder=Base64Encoder)
验签 (VerifyKey):
from nacl.encoding import Base64Encoder from nacl.signing import VerifyKey # Create a VerifyKey object from a base64 serialized public key verify_key = VerifyKey(verify_key_b64, encoder=Base64Encoder) # Check the validity of a message's signature # The message and the signature can either be passed together, or # separately if the signature is decoded to raw bytes. # These are equivalent: verify_key.verify(signed_b64, encoder=Base64Encoder) signature_bytes = Base64Encoder.decode(signed_b64.signature) verify_key.verify(signed_b64.message, signature_bytes, encoder=Base64Encoder) # Alter the signed message text forged = signed_b64[:-1] + bytes([int(signed_b64[-1]) ^ 1]) # Will raise nacl.exceptions.BadSignatureError, since the signature check # is failing verify_key.verify(forged)
Traceback (most recent call last): ... nacl.exceptions.BadSignatureError: Signature was forged or corrupt
classnacl.signing.SigningKey(seed, encoder)[source]¶
使用ED25519算法生产数字签名的私钥。
签名密钥是由32字节(256位)随机种子值产生的。该值可以以32的长度为bytes()传递到签名密钥中。
参数:
seed (bytes) – Random 32-byte value (i.e. private key).
encoder – A class that is able to decode the seed.
到此这篇关于python密码学库pynacl的文章就介绍到这了,更多相关python密码学库内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!