问题描述
我一直在研究源自 Diffie Hellman 密钥对交换的纯概念证明代码,通过对这些密钥进行 SHA-256 加密,然后将其用作 AES-256 文本加密的密钥。我只写它供个人使用。我知道质数和秘密需要更长的时间..
我唯一遇到问题的代码是 AES-256 加密。它似乎可以工作,因为它显示了加密文本并且能够对其进行解密,但是经过仔细检查,每次运行程序时加密文本都会发生变化?我觉得这很奇怪,因为该程序能够加密给定的纯文本,生成加密文本,然后使用给定的密钥对其进行解密。但是,每次使用相同的明文和相同的密钥运行程序时,此加密文本都会发生变化。
请看下面的代码...
from __future__ import print_function
import hashlib
from Crypto.Cipher import AES
from Crypto import Random
from base64 import b64encode,b64decode
# Variables
sharedPrime = 3721728827 # p
sharedBase = 2097383831 # g
p1Secret = 927391 # a
p2Secret = 193749 # b
# Begin
print( "\n--------------------------------------------\n" )
print( "Publicly Shared Variables:")
print( " Publicly Shared Prime (p): ",sharedPrime )
print( " Publicly Shared Base (g): ",sharedBase )
print( "\nPrivate Variables:")
print( " Private key a (a): ",p1Secret )
print( " Private key b (b): ",p2Secret )
print( "\n--------------------------------------------\n" )
# Person1 Sends Person2 A = g^a mod p
A = (sharedBase**p1Secret) % sharedPrime
print("Public Keys Sent Over Public Chanel: ")
print(" A = g^b mod p")
print(" Person1 Sends Over Public Chanel: ",A )
# Person2 Sends Person1 B = g^b mod p
B = (sharedBase ** p2Secret) % sharedPrime
print(" B = g^a mod p")
print(" Person2 Sends Over Public Chanel: ",B )
print( "\n--------------------------------------------\n" )
print( "Privately Calculated Shared Secret: " )
# P1 Computes Shared Secret: s = B^a mod p
p1SharedSecret = (B ** p1Secret) % sharedPrime
print( " s = B^a mod p")
print( " Person1 Shared Secret: ",p1SharedSecret )
# P2 Computes Shared Secret: s = A^b mod p
p2SharedSecret = (A**p2Secret) % sharedPrime
print( " s = A^b mod p")
print( " Person2 Shared Secret: ",p2SharedSecret )
print( "\n--------------------------------------------\n" )
# Converts DH secret to SHA256
print( "Converting shared key to SHA-256 key")
secretbyte = str(p1SharedSecret).encode()
print( " Shared secret to bytes: ",secretbyte)
shaV = hashlib.sha256(secretbyte).hexdigest()
print( " SHA-256 key: ",shaV)
key32 = shaV[0:32]
print( " SHA-256 key to AES-256 32bit secret key: ",key32)
print( "\n--------------------------------------------\n" )
#Begin AES-256 encryption
print( "Using SHA-256 32bit key for AES-256 encryption")
class AESCipher(object):
def __init__(self,key):
self.block_size = AES.block_size
self.key = hashlib.sha256(secretbyte).digest()
def encrypt(self,plain_text):
plain_text = self.__pad(plain_text)
iv = Random.new().read(self.block_size)
cipher = AES.new(self.key,AES.MODE_CBC,iv)
encrypted_text = cipher.encrypt(plain_text.encode())
return b64encode(iv + encrypted_text).decode("utf-8")
def decrypt(self,encrypted_text):
encrypted_text = b64decode(encrypted_text)
iv = encrypted_text[:self.block_size]
cipher = AES.new(self.key,iv)
plain_text = cipher.decrypt(encrypted_text[self.block_size:]).decode("utf-8")
return self.__unpad(plain_text)
def __pad(self,plain_text):
number_of_bytes_to_pad = self.block_size - len(plain_text) % self.block_size
ascii_string = chr(number_of_bytes_to_pad)
padding_str = number_of_bytes_to_pad * ascii_string
padded_plain_text = plain_text + padding_str
return padded_plain_text
@staticmethod
def __unpad(plain_text):
last_character = plain_text[len(plain_text) - 1:]
return plain_text[:-ord(last_character)]
#Accept user input for encryption
message = input("Please enter message you want to be encrypted: ")
encmessage = AESCipher(key32)
encrypted = encmessage.encrypt(message)
print("Your encrypted message is: \n",encrypted)
print("Person 2 will Now decrypt this message using the shared public key")
decrypted = encmessage.decrypt(encrypted)
print("Your decrypted message is: \n",decrypted)
代码生成 72538667a2065257993b531746b9d92527cfe3caecc1457c4842e6a6caffe472
的 SHA-256 密钥,然后我将其截断为 32 个字符以生成 72538667a2065257993b531746b9d925
的 AES-256 密钥。然后我输入的任何明文都将被成功编码和解码,但是即使输入了相同的密钥和明文,加密文本每次也会发生变化。我做错了什么吗?
解决方法
只要你的密文每次都能解密成功,你就不用担心密文不一样了。
您的代码使用 CBC 链接模式,这种模式很常见,每次加密时都会生成不同的初始化向量,以避免加密后相同的明文看起来相同(这将部分破坏加密点,因为攻击者现在知道它是否是相同的明文)。
图片来源:Block cipher mode of operation - Wikipedia(公共领域)