前言：前兩篇博客寫了RSA非對稱加密的PKCS1格式秘鑰的加密與解密，后面收到很多同學來問自己公司用的是PKCS8格式的秘鑰，要如何加密解密。今天咱們就來解決這個問題。

一、前期準備工作

1、安裝第三方庫

pip install pycryptodome

2、將公鑰，私鑰分別存入.pem的文件

公鑰文件內容如下：

-----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAI4/D ai9lgfbeLswLcRQPubuSeoh9uQf6Ud5GC1Lr5AMwvSLgKtUdVUQG34hvswJmDdsQ X0LpLtokKsVdD3mFNstLd4euR9FpMausvvObjQETkXC1OpI4b1x/b2qPr0S0xKtY3Ay 97lmB6LTrZ6L8AKFdI13xQjpPhv7dXTO4SbTAgMBAAECgYA/Mgwjd3b8LqlIoHL00K HhfuQfvM8vMm41brsrBIEPAlxqwL99XpxyGiHcu6lEhM63cMT3hQC+sgnzuChYh6u jungAAk8cFeBn6zqyTO3VHHxGiN4ElmPUhnAzicrIciVcapsWZmCGLB1Xs9KLOY4ixlI qOZKTV9wGRpeQepOyIQJBAMkUX2cNo/ESbaSrP76UQFzg4urzcB5Cb+U1Ggz7LW OfRs5NCPjCge+uAXc12WlG5/x23Mpjm8Dde6x+dlFgwIcCQQC1GQQYf+uwUzPVN 7FNpK/cl3UoGRFSd0EUdkEfKQYOrA3Zmvvpbr/YO0fPGekc83wOfJzYCMpxAiRG9xK WpXZVAkEArdl1Wo4KjiVWsqZ06HsY4rR0vJpY93CNeehda5fG+Hj/KOKlvR2+ZdFV5x GhtUnezQKfhkR0p11Wzh5Qga9bBQJAW/nhl6PYi0wmpiLL/RgobUvLJ9tbbdu9hOvud Sn7tpXxztQlH1CtROAOv4N0XszW8/CcJCiK0Mx6qkQv/6z3pQJAG5RKpafYJRVJCIhNyt ZFAoayZ07m+TT14I2aWErGSYuEHif1mTC5vH5bDJsYXh30TWZ4ebT78gXJhkVehZ4xLQ== -----END PRIVATE KEY-----

私鑰文件內容如下：

-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCOPw2ovZYH23i7M C3EUD7m7knqIfbkH+lHeRgtS6+QDML0i4CrVHVVEBt+Ib7MCZg3bEF9C6S7aJCrFXQ 95hTbLS3eHrkfRaTGrrL7zm40BE5FwtTqSOG9cf29qj69EtMSrWNwMve5Zgei062ei/ACh XSNd8UI6T4b+3V0zuEm0wIDAQAB -----END PUBLIC KEY-----

二、秘鑰加載方式

方式一：讀取.pem文件

import traceback import base64 from Crypto.PublicKey import RSA #Crypto模塊中的pkcs1_v1_5就是pkcs8的格式的秘鑰 from Crypto.Cipher import PKCS1_v1_5 as PKCS1_v1_5_Cipher #從文件讀取公鑰、私鑰 private_key = RSA.import_key(open('privkeyzj.pem').read()) public_key = RSA.import_key(open('pubkeyzj.pem').read())

方式二：秘鑰作為參數傳遞

import traceback import base64 from Crypto.PublicKey import RSA #Crypto模塊中的pkcs1_v1_5就是pkcs8的格式的秘鑰 from Crypto.Cipher import PKCS1_v1_5 as PKCS1_v1_5_Cipherclass RSACrypto(object):#秘鑰作為參數傳遞def __init__(self, private_key=None, public_key=None):privateKey = '-----BEGIN RSA PRIVATE KEY-----\r\n{}\r\n-----END RSA PRIVATE KEY-----'.format(private_key).encode()publicKey = '-----BEGIN RSA PUBLIC KEY-----\r\n{}\r\n-----END RSA PUBLIC KEY-----'.format(public_key).encode()self.private_key = RSA.importKey(privateKey)self.public_key = RSA.importKey(publicKey)

三、分對稱加密與解密

import traceback import base64 from Crypto.PublicKey import RSA #Crypto模塊中的pkcs1_v1_5就是pkcs8的格式的秘鑰 from Crypto.Cipher import PKCS1_v1_5 as PKCS1_v1_5_Cipherclass RSACrypto(object):def __init__(self, private_key=None, public_key=None):# 秘鑰從文件讀取self.private_key = RSA.import_key(open('privkeyzj.pem').read())self.public_key = RSA.import_key(open('pubkeyzj.pem').read())self.max_encode_len,self.max_decode_len=self.choice_channel()# 預加密,獲取模值def choice_channel(self):try:msg='test'models_dict={'64': 512, '128': 1024, "512": 2048}pk = PKCS1_v1_5_Cipher.new(key=self.public_key)encrypt_text = pk.encrypt(msg.encode()) # 進行加密result = base64.b64encode(encrypt_text).decode() # 加密通過base64進行編碼decode_str = base64.b64decode(result)max_decode_len = len(decode_str)key_size=models_dict['{}'.format(max_decode_len)]max_encode_len=int(key_size/8-11)#print('初始化獲取的模值:',max_encode_len,max_decode_len)return max_encode_len,max_decode_lenexcept Exception as e:print(traceback.print_exc(),e)# 公鑰加密# 初始化公鑰--初始化加密方法--加密字符串編碼encode()--加密方法加密--加密后進行base64編碼---完成# 公鑰分段加密(在用)def to_encrypt_section(self,msg):try:# 加密的 plaintext = max_len 最大長度是 證書key位數/8 - 11, 例如1024 bit的證書，被加密的串最長 1024/8 - 11=117,加密得到的密文長度，卻恰恰是密鑰的長度pk = PKCS1_v1_5_Cipher.new(key=self.public_key)if len(msg) <= self.max_encode_len:encrypt_text = pk.encrypt(msg.encode()) # 進行加密result = base64.b64encode(encrypt_text).decode() # 加密通過base64進行編碼return resultelse:encrypt_text = []for i in range(0, len(msg), self.max_encode_len):cont = msg[i: (i + self.max_encode_len)]encrypt_text.append(pk.encrypt(message=cont.encode()))encrypt_data = b''.join(encrypt_text)# base64 編碼result = base64.b64encode(s=encrypt_data).decode()return resultexcept Exception as e:print(traceback.print_exc(),e)#分段解密def to_decrypt_section(self,msg):try:decode_str = base64.b64decode(msg)decode_msg=PKCS1_v1_5_Cipher.new(key=self.private_key)#max_decode_len = 128if len(decode_str) <= self.max_decode_len:text = decode_msg.decrypt(decode_str, 'DecryptError')return text.decode() # 解密出來的是字節碼格式，decodee轉換為字符串else:text = []for i in range(0,len(decode_str),self.max_decode_len):cont=decode_str[i: (i + self.max_decode_len)]data = decode_msg.decrypt(ciphertext=cont, sentinel='to_decrypt_section_error')text.append(data)decrypt_text=b''.join(text)result=decrypt_text.decode()return resultexcept Exception as e:print(traceback.print_exc(),e)if __name__ == '__main__':cl=RSACrypto() #初始化秘鑰str1='123456'decodestr=cl.to_encrypt_section(msg=str1)print("加密后：",decodestr)str2 = cl.to_decrypt_section(msg=decodestr)print("解密后：",str2)輸出： 加密后： hP7xEyAGRu/MZjKncRLDzkIo39J6fcWmnKtjhrMVZxTlbWmoqZ3GSte0IUoz7/Sba83m7LjX/8cnPVRZi4K6g4uHBnven0O4QpLlQftTRRTJjWpEUjSBNRMf+IqHBCNgjdlB0W6keKla1z7UlB9WNZUC0uIwJgiFUU7ayEyluhs= 解密后： 123456

四、總結

1、企業常用非對稱秘鑰格式PKCS1和PKCS8

2、PKCS1格式秘鑰和PKCS8格式秘鑰只是秘鑰格式不一樣，加密方式是一樣的

3、加密細節詳解請參考上兩篇文章

總結

以上是生活随笔為你收集整理的RSA 非对称加密之 PKCS8 格式秘钥的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。