可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
Does Python have a built-in, simple way of encoding/decoding strings using a password?
Something like this:
>>> encode(\'John Doe\', password = \'mypass\')
\'sjkl28cn2sx0\'
>>> decode(\'sjkl28cn2sx0\', password = \'mypass\')
\'John Doe\'
So the string \"John Doe\" gets encrypted as \'sjkl28cn2sx0\'. To get the original string, I would \"unlock\" that string with the key \'mypass\', which is a password in my source code. I\'d like this to be the way I can encrypt/decrypt a Word document with a password.
I would like to use these encrypted strings as URL parameters. My goal is obfuscation, not strong security; nothing mission critical is being encoded. I realize I could use a database table to store keys and values, but am trying to be minimalist.
回答1:
Assuming you are only looking for simple obfuscation that will obscure things from the very casual observer, and you aren\'t looking to use third party libraries. I\'d recommend something like the Vigenere cipher. It is one of the strongest of the simple ancient ciphers.
Vigenère cipher
It\'s quick and easy to implement. Something like:
import base64
def encode(key, string):
encoded_chars = []
for i in xrange(len(string)):
key_c = key[i % len(key)]
encoded_c = chr(ord(string[i]) + ord(key_c) % 256)
encoded_chars.append(encoded_c)
encoded_string = \"\".join(encoded_chars)
return base64.urlsafe_b64encode(encoded_string)
Decode is pretty much the same, except you subtract the key.
It is much harder to break if the strings you are encoding are short, and/or if it is hard to guess the length of the passphrase used.
If you are looking for something cryptographic, PyCrypto is probably your best bet, though previous answers overlook some details: ECB mode in PyCrypto requires your message to be a multiple of 16 characters in length. So, you must pad. Also, if you want to use them as URL parameters, use base64.urlsafe_b64_encode()
, rather than the standard one. This replaces a few of the characters in the base64 alphabet with URL-safe characters (as it\'s name suggests).
However, you should be ABSOLUTELY certain that this very thin layer of obfuscation suffices for your needs before using this. The Wikipedia article I linked to provides detailed instructions for breaking the cipher, so anyone with a moderate amount of determination could easily break it.
回答2:
As you explicitly state that you want obscurity not security, we\'ll avoid reprimanding you for the weakness of what you suggest :)
So, using PyCrypto:
from Crypto.Cipher import AES
import base64
msg_text = \'test some plain text here\'.rjust(32)
secret_key = \'1234567890123456\' # create new & store somewhere safe
cipher = AES.new(secret_key,AES.MODE_ECB) # never use ECB in strong systems obviously
encoded = base64.b64encode(cipher.encrypt(msg_text))
# ...
decoded = cipher.decrypt(base64.b64decode(encoded))
print decoded.strip()
If someone gets a hold of your database and your code base, they will be able to decode the encrypted data. Keep your secret_key safe!
回答3:
The \"encoded_c\" mentioned in the @smehmood\'s Vigenere cipher answer should be \"key_c\".
Here are working encode/decode functions.
import base64
def encode(key, clear):
enc = []
for i in range(len(clear)):
key_c = key[i % len(key)]
enc_c = chr((ord(clear[i]) + ord(key_c)) % 256)
enc.append(enc_c)
return base64.urlsafe_b64encode(\"\".join(enc))
def decode(key, enc):
dec = []
enc = base64.urlsafe_b64decode(enc)
for i in range(len(enc)):
key_c = key[i % len(key)]
dec_c = chr((256 + ord(enc[i]) - ord(key_c)) % 256)
dec.append(dec_c)
return \"\".join(dec)
回答4:
Here\'s a Python 3 version of the functions from @qneill \'s answer:
import base64
def encode(key, clear):
enc = []
for i in range(len(clear)):
key_c = key[i % len(key)]
enc_c = chr((ord(clear[i]) + ord(key_c)) % 256)
enc.append(enc_c)
return base64.urlsafe_b64encode(\"\".join(enc).encode()).decode()
def decode(key, enc):
dec = []
enc = base64.urlsafe_b64decode(enc).decode()
for i in range(len(enc)):
key_c = key[i % len(key)]
dec_c = chr((256 + ord(enc[i]) - ord(key_c)) % 256)
dec.append(dec_c)
return \"\".join(dec)
The extra encode/decodes are needed because Python 3 has split strings/byte arrays into two different concepts, and updated their APIs to reflect that..
回答5:
As has been mentioned the PyCrypto library contains a suite of ciphers. The XOR cipher can be used to do the dirty work if you don\'t want to do it yourself:
from Crypto.Cipher import XOR
import base64
def encrypt(key, plaintext):
cipher = XOR.new(key)
return base64.b64encode(cipher.encrypt(plaintext))
def decrypt(key, ciphertext):
cipher = XOR.new(key)
return cipher.decrypt(base64.b64decode(ciphertext))
Even though it only provides minimal security I\'d still recommend using a random looking key without any space characters (as XOR\'ing an ASCII [a-zA-Z] character with a space just flips the case).
The cipher works as follows without having to pad the plaintext:
>>> encrypt(\'notsosecretkey\', \'Attack at dawn!\')
\'LxsAEgwYRQIGRRAKEhdP\'
>>> decrypt(\'notsosecretkey\', encrypt(\'notsosecretkey\', \'Attack at dawn!\'))
\'Attack at dawn!\'
Credit to https://stackoverflow.com/a/2490376/241294 for the base64 encode/decode functions (I\'m a python newbie).
回答6:
Here\'s an implementation of URL Safe encryption and Decryption using AES(PyCrypto) and base64.
import base64
from Crypto import Random
from Crypto.Cipher import AES
AKEY = \'mysixteenbytekey\' # AES key must be either 16, 24, or 32 bytes long
iv = Random.new().read(AES.block_size)
def encode(message):
obj = AES.new(AKEY, AES.MODE_CFB, iv)
return base64.urlsafe_b64encode(obj.encrypt(message))
def decode(cipher):
obj2 = AES.new(AKEY, AES.MODE_CFB, iv)
return obj2.decrypt(base64.urlsafe_b64decode(cipher))
If you face some issue like this https://bugs.python.org/issue4329 ( TypeError: character mapping must return integer, None or unicode )
use str(cipher) while decoding as follows
return obj2.decrypt(base64.urlsafe_b64decode(str(cipher)))
In [13]: encode(\"Hello World\")
Out[13]: b\'67jjg-8_RyaJ-28=\'
In [14]: %timeit encode(\"Hello World\")
100000 loops, best of 3: 13.9 µs per loop
In [15]: decode(b\'67jjg-8_RyaJ-28=\')
Out[15]: b\'Hello World\'
In [16]: %timeit decode(b\'67jjg-8_RyaJ-28=\')
100000 loops, best of 3: 15.2 µs per loop
回答7:
Working encode/decode functions in python3 (adapted very little from qneill\'s answer):
def encode(key, clear):
enc = []
for i in range(len(clear)):
key_c = key[i % len(key)]
enc_c = (ord(clear[i]) + ord(key_c)) % 256
enc.append(enc_c)
return base64.urlsafe_b64encode(bytes(enc))
def decode(key, enc):
dec = []
enc = base64.urlsafe_b64decode(enc)
for i in range(len(enc)):
key_c = key[i % len(key)]
dec_c = chr((256 + enc[i] - ord(key_c)) % 256)
dec.append(dec_c)
return \"\".join(dec)
回答8:
Thanks for some great answers. Nothing original to add, but here are some progressive rewrites of qneill\'s answer using some useful Python facilities. I hope you agree they simplify and clarify the code.
import base64
def qneill_encode(key, clear):
enc = []
for i in range(len(clear)):
key_c = key[i % len(key)]
enc_c = chr((ord(clear[i]) + ord(key_c)) % 256)
enc.append(enc_c)
return base64.urlsafe_b64encode(\"\".join(enc))
def qneill_decode(key, enc):
dec = []
enc = base64.urlsafe_b64decode(enc)
for i in range(len(enc)):
key_c = key[i % len(key)]
dec_c = chr((256 + ord(enc[i]) - ord(key_c)) % 256)
dec.append(dec_c)
return \"\".join(dec)
enumerate()
-- pair the items in a list with their index
iterate over the characters in a string
def encode_enumerate(key, clear):
enc = []
for i, ch in enumerate(clear):
key_c = key[i % len(key)]
enc_c = chr((ord(ch) + ord(key_c)) % 256)
enc.append(enc_c)
return base64.urlsafe_b64encode(\"\".join(enc))
def decode_enumerate(key, enc):
dec = []
enc = base64.urlsafe_b64decode(enc)
for i, ch in enumerate(enc):
key_c = key[i % len(key)]
dec_c = chr((256 + ord(ch) - ord(key_c)) % 256)
dec.append(dec_c)
return \"\".join(dec)
build lists using a list comprehension
def encode_comprehension(key, clear):
enc = [chr((ord(clear_char) + ord(key[i % len(key)])) % 256)
for i, clear_char in enumerate(clear)]
return base64.urlsafe_b64encode(\"\".join(enc))
def decode_comprehension(key, enc):
enc = base64.urlsafe_b64decode(enc)
dec = [chr((256 + ord(ch) - ord(key[i % len(key)])) % 256)
for i, ch in enumerate(enc)]
return \"\".join(dec)
Often in Python there\'s no need for list indexes at all. Eliminate loop index variables entirely using zip and cycle:
from itertools import cycle
def encode_zip_cycle(key, clear):
enc = [chr((ord(clear_char) + ord(key_char)) % 256)
for clear_char, key_char in zip(clear, cycle(key))]
return base64.urlsafe_b64encode(\"\".join(enc))
def decode_zip_cycle(key, enc):
enc = base64.urlsafe_b64decode(enc)
dec = [chr((256 + ord(enc_char) - ord(key_char)) % 256)
for enc_char, key_char in zip(enc, cycle(key))]
return \"\".join(dec)
and some tests...
msg = \'The quick brown fox jumps over the lazy dog.\'
key = \'jMG6JV3QdtRh3EhCHWUi\'
print(\'cleartext: {0}\'.format(msg))
print(\'ciphertext: {0}\'.format(encode_zip_cycle(key, msg)))
encoders = [qneill_encode, encode_enumerate, encode_comprehension, encode_zip_cycle]
decoders = [qneill_decode, decode_enumerate, decode_comprehension, decode_zip_cycle]
# round-trip check for each pair of implementations
matched_pairs = zip(encoders, decoders)
assert all([decode(key, encode(key, msg)) == msg for encode, decode in matched_pairs])
print(\'Round-trips for encoder-decoder pairs: all tests passed\')
# round-trip applying each kind of decode to each kind of encode to prove equivalent
from itertools import product
all_combinations = product(encoders, decoders)
assert all(decode(key, encode(key, msg)) == msg for encode, decode in all_combinations)
print(\'Each encoder and decoder can be swapped with any other: all tests passed\')
>>> python crypt.py
cleartext: The quick brown fox jumps over the lazy dog.
ciphertext: vrWsVrvLnLTPlLTaorzWY67GzYnUwrSmvXaix8nmctybqoivqdHOic68rmQ=
Round-trips for encoder-decoder pairs: all tests passed
Each encoder and decoder can be swapped with any other: all tests passed
回答9:
This works but password length should be exactly 8
. This is simple and requires pyDes.
from pyDes import *
def encode(data,password):
k = des(password, CBC, \"\\0\\0\\0\\0\\0\\0\\0\\0\", pad=None, padmode=PAD_PKCS5)
d = k.encrypt(data)
return d
def decode(data,password):
k = des(password, CBC, \"\\0\\0\\0\\0\\0\\0\\0\\0\", pad=None, padmode=PAD_PKCS5)
d = k.decrypt(data)
return d
x = encode(\'John Doe\', \'mypass12\')
y = decode(x,\'mypass12\')
print x
print y
OUTPUT:
³.\\Þ\\åS¾+æÅ`;Ê
John Doe
回答10:
If you want to be safe, you can use Fernet, which is cryptographically sound. You can use a static \"salt\" if you don\'t want to store it separately - you will only lose dictionary and rainbow attack prevention. I chose it because I can pick long or short passwords´, which is not so easy with AES.
from cryptography.fernet import Fernet
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
import base64
#set password
password = \"mysecretpassword\"
#set message
message = \"secretmessage\"
kdf = PBKDF2HMAC(algorithm=hashes.SHA256(), length=32, salt=\"staticsalt\", iterations=100000, backend=default_backend())
key = base64.urlsafe_b64encode(kdf.derive(password))
f = Fernet(key)
#encrypt
encrypted = f.encrypt(message)
print encrypted
#decrypt
decrypted = f.decrypt(encrypted)
print decrypted
If that\'s too complicated, someone suggested simplecrypt
from simplecrypt import encrypt, decrypt
ciphertext = encrypt(\'password\', plaintext)
plaintext = decrypt(\'password\', ciphertext)
回答11:
Simple way is using the library, and PyCrypto is the good one.
回答12:
External libraries provide secret-key encryption algorithms.
For example, the Cypher
module in PyCrypto offers a selection of many encryption algorithms:
Crypto.Cipher.AES
Crypto.Cipher.ARC2
Crypto.Cipher.ARC4
Crypto.Cipher.Blowfish
Crypto.Cipher.CAST
Crypto.Cipher.DES
Crypto.Cipher.DES3
Crypto.Cipher.IDEA
Crypto.Cipher.RC5
Crypto.Cipher.XOR
MeTooCrypto is a Python
wrapper for OpenSSL, and provides (among other functions) a full-strength general purpose cryptography library. Included are symmetric ciphers (like AES).
回答13:
if you want secure encryption:
for python 2, you should use keyczar http://www.keyczar.org/
for python 3, until keyczar is available, i have written simple-crypt http://pypi.python.org/pypi/simple-crypt
both these will use key strengthening which makes them more secure than most other answers here. and since they\'re so easy to use you might want to use them even when security is not critical...
回答14:
You can use AES to encrypt your string with a password. Though, you\'ll want to chose a strong enough password so people can\'t easily guess what it is (sorry I can\'t help it. I\'m a wannabe security weenie).
AES is strong with a good key size, but it\'s also easy to use with PyCrypto.
回答15:
An other implementation of @qneill code which include CRC checksum of the original message, it throw an exception if the check fail:
import hashlib
import struct
import zlib
def vigenere_encode(text, key):
text = \'{}{}\'.format(text, struct.pack(\'i\', zlib.crc32(text)))
enc = []
for i in range(len(text)):
key_c = key[i % len(key)]
enc_c = chr((ord(text[i]) + ord(key_c)) % 256)
enc.append(enc_c)
return base64.urlsafe_b64encode(\"\".join(enc))
def vigenere_decode(encoded_text, key):
dec = []
encoded_text = base64.urlsafe_b64decode(encoded_text)
for i in range(len(encoded_text)):
key_c = key[i % len(key)]
dec_c = chr((256 + ord(encoded_text[i]) - ord(key_c)) % 256)
dec.append(dec_c)
dec = \"\".join(dec)
checksum = dec[-4:]
dec = dec[:-4]
assert zlib.crc32(dec) == struct.unpack(\'i\', checksum)[0], \'Decode Checksum Error\'
return dec