問題描述

我正在使用 python 2.7.1我想在 CTR 模式下使用 AES 加密某事.我為 python 安裝了 PyCrypto 庫.我寫了以下代碼:

I am using python 2.7.1 I want to encrypt sth using AES in CTR mode. I installed PyCrypto library for python. I wrote the following code:

secret = os.urandom(16)
crypto = AES.new(os.urandom(32), AES.MODE_CTR, counter=lambda: secret)
encrypted = crypto.encrypt("asdk")
print crypto.decrypt(encrypted)

我必須運行 crypto.decrypt 與我的明文字節(jié)大小一樣多的次數，才能正確獲取解密數據.即:

i have to run crypto.decrypt as many times as the byte size of my plaintext in order to get correctly the decrypted data. I.e:

encrypted = crypto.encrypt("test")
print crypto.decrypt(encrypted)
print crypto.decrypt(encrypted)
print crypto.decrypt(encrypted)
print crypto.decrypt(encrypted)

最后一次解密調用會將明文返回給我.解密的其他輸出是一些亂碼字符串.我想知道這是否正常?我是否必須每次都包含在一個大小等于我的明文的循環(huán)中，或者我弄錯了什么?

The last call to decrypt will give me the plaintext back. The other outputs from decrypt are some gibberish strings . I am wondering if this is normal or not? Do i have to include into a loop with size equal of my plaintext every time or i have gotten sth wrong?

推薦答案

根據@gertvdijk 的說法，AES_CTR 是一種不需要需要填充的流密碼.所以我刪除了相關代碼.

According to @gertvdijk, AES_CTR is a stream cipher which does not need padding. So I've deleted the related codes.

這是我知道的.

1. 在加密和解密時必須使用相同的密鑰(AES.new(...) 中的第一個參數)，并保持密鑰的私密性.

1. You have to use a same key(the first parameter in AES.new(...)) in encryption and decryption, and keep the key private.

加密/解密方法是有狀態(tài)的，即crypto.en(de)crypt("abcd")==crypto.en(de)crypt("abcd") 不總是正確的.在您的 CTR 中，您的計數器回調始終返回相同的內容，因此在加密時它變得無狀態(tài)(我不是 100% 肯定這是原因)，但我們仍然發(fā)現它在解密時有點有狀態(tài).作為結論，我們應該始終使用新對象來完成它們.

The encryption/decryption methods are stateful, that means crypto.en(de)crypt("abcd")==crypto.en(de)crypt("abcd") is not always true. In your CTR, your counter callback always returns a same thing, so it becomes stateless when encrypt (I am not 100% sure it is the reason), but we still find that it is somewhat stateful in decryption. As a conclusion, we should always use a new object to do them.

加密和解密中的 counter 回調 函數的行為應該相同.在你的情況下，它是讓他們兩個都返回相同的秘密.然而我不認為 secret 是一個秘密".您可以使用隨機生成的 "secret" 并在沒有任何加密的情況下將其傳遞給通信對等方，以便對方可以直接使用它，只要 secret 為 不可預測.

The counter callback function in both encryption and decryption should behave the same. In your case, it is to make both of them return the same secret. Yet I don't think the secret is a "secret". You can use a random generated "secret" and pass it across the communicating peers without any encryption so that the other side can directly use it, as long as the secret is not predictable.

所以我會這樣寫我的密碼，希望它能提供一些幫助.

So I would write my cipher like this, hope it will offer some help.

import os
import hashlib
import Crypto.Cipher.AES as AES

class Cipher:

        @staticmethod
        def md5sum( raw ):
                m = hashlib.md5()
                m.update(raw)
                return m.hexdigest()

        BS = AES.block_size

        @staticmethod 
        def pad( s ):
                """note that the padding is no necessary"""
                """return s + (Cipher.BS - len(s) % Cipher.BS) * chr(Cipher.BS - len(s) % Cipher.BS)"""
                return s

        @staticmethod
        def unpad( s ):
                """return s[0:-ord(s[-1])]"""
                return s

        def __init__(self, key):
                self.key = Cipher.md5sum(key)
                #the state of the counter callback 
                self.cnter_cb_called = 0 
                self.secret = None

        def _reset_counter_callback_state( self, secret ):
                self.cnter_cb_called = 0
                self.secret = secret

        def _counter_callback( self ):
                """
                this function should be stateful
                """
                self.cnter_cb_called += 1
                return self.secret[self.cnter_cb_called % Cipher.BS] * Cipher.BS


        def encrypt(self, raw):
                secret = os.urandom( Cipher.BS ) #random choose a "secret" which is not secret
                self._reset_counter_callback_state( secret )
                cipher = AES.new( self.key, AES.MODE_CTR, counter = self._counter_callback )
                raw_padded = Cipher.pad( raw )
                enc_padded = cipher.encrypt( raw_padded )
                return secret+enc_padded #yes, it is not secret

        def decrypt(self, enc):
                secret = enc[:Cipher.BS]
                self._reset_counter_callback_state( secret )
                cipher = AES.new( self.key, AES.MODE_CTR, counter = self._counter_callback )
                enc_padded = enc[Cipher.BS:] #we didn't encrypt the secret, so don't decrypt it
                raw_padded = cipher.decrypt( enc_padded )
                return Cipher.unpad( raw_padded )

一些測試:

>>> from Cipher import Cipher
>>> x = Cipher("this is key")
>>> "a"==x.decrypt(x.encrypt("a"))
True
>>> "b"==x.decrypt(x.encrypt("b"))
True
>>> "c"==x.decrypt(x.encrypt("c"))
True
>>> x.encrypt("a")==x.encrypt("a")
False #though the input is same, the outputs are different

參考:http://packages.python.org/pycrypto/Crypto.Cipher.blockalgo-module.html#MODE_CTR

這篇關于CTR 中的 AES 如何用于 Python 和 PyCrypto?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！