使用 hashlib sha1 进行 Python 加密的基础知识

发布于 2024-10-14 18:44:05 字数 647 浏览 4 评论 0原文

我正在努力完全理解加密的工作原理和编码方式，尤其是使用 python。我只是想了解基础知识并以最简单的形式创建代码。

我将在两个不同的站点之间传递用户 ID，但显然我需要使用私钥对其进行加密，以便 Website2 知道它来自 Website1。这似乎是我的代码： http://docs.python.org/library/hashlib.html#module-hashlib ，但它没有很好的例子（或者也许我在错误的地方）。

我遇到的问题是完全理解如何编码和解码。

因此，假设每个网站都知道的共享私钥是：

shared_private_key = "ABCDEF"

我希望 Website1 将以下用户 ID 传递给 Website2：

userID = "123456"

Website1 如何使用私钥加密我的 userID，加密可以通过 HTTP 标头发送，以及然后让 Website2 解密并能够使用共享私钥读取用户 ID？

我很抱歉问了这样一个基本问题，但我不明白应该如何做。谢谢。

原文

I'm struggling to fully understand how encryption works and is coded, particularly with python. I'm just trying to get the basics down and create code in the simplest form.

I'm going to be passing a userID between two different sites, but obviously I need this to be encrypted with a private key so Website2 knows it came from Website1. This seems to be the code for me:
http://docs.python.org/library/hashlib.html#module-hashlib, but it doesn't have very good examples (or maybe I'm in the wrong spot).

The problem I'm having is fully understanding how to encode and decode.

So lets say the shared private key which each website will know is:

shared_private_key = "ABCDEF"

And I want Website1 to pass to Website2 the userID of:

userID = "123456"

How would Website1 encrypt my userID with the private key in a fashion that the encryption can be sent via HTTP headers, and then have Website2 decrypt and be able to read the userID using the shared private key?

I apologize for asking such a basic question, but I'm failing to grasp how this should be done. Thanks.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

栀梦 2024-10-21 18:44:05

hashlib 模块提供哈希函数。虽然与加密有一定关系，但一旦对某些数据进行哈希处理，您就无法返回从哈希结果中获取原始数据。

您可以采取不同的方法，而不是对数据进行加密：使用数据的哈希值和一些秘密来创建唯一的签名。

shared_private_key = "ABCDEF"

def create_signature(data):
    return hashlib.sha1(repr(data) + "," + shared_private_key).hexdigest()

def verify_signature(data, signature):
    return signature == create_signature(data)

最后，您将数据和签名发送到网站 2。这样您就可以（大部分）确定没有未经授权的人篡改数据。

The hashlib module provides hashing functions. While there is some relation to encryption, once you hash some data you can not go back to get the original data from the hash result.

Instead of encripting the data you can take a different approach: creating a unique signature using a hash of the data and some secret.

shared_private_key = "ABCDEF"

def create_signature(data):
    return hashlib.sha1(repr(data) + "," + shared_private_key).hexdigest()

def verify_signature(data, signature):
    return signature == create_signature(data)

Finally, you send to the Website 2 the data plus the signature. That way you can be (mostly) sure that no unauthorized person tampered the data.

回复收藏 0 原文

我纯我任性 2024-10-21 18:44:05

您想要的是一个加密库，而不仅仅是提供哈希算法。使用 python 的 hashlib 库：

import hashlib
m = hashlib.sha1()
m.update("The quick brown fox jumps over the lazy dog")
print(m.hexdigest())

返回：2fd4e1c67a2d28fced849ee1bb76e7391b93eb12

给定此哈希，恢复原始消息~~极其困难~~不可能（通常）。你想要的是一个加密库，而Python标准库没有。 SO 上有很多与 python 加密库相关的问题可能会有所帮助。

What you want is an encryption library not one that just provides hash algorithms. With python's hashlib library:

import hashlib
m = hashlib.sha1()
m.update("The quick brown fox jumps over the lazy dog")
print(m.hexdigest())

Returns: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12

Given this hash, it is ~~extremely difficult~~ impossible(in general) to recover the original message. What you want is a encryption library, which the Python standard library doesn't have. There are plenty of questions related to python cryptography libraries on SO that might be helpful.

回复收藏 0 原文