1. 技术文章
  2. How do I do encryption/decryption without generating keypairs again?

How do I do encryption/decryption without generating keypairs again?

╄→гoц情女王★ 提交于 2020-01-04 05:14:22

问题


I have been working on a project myself and using this website's codes as a guide. Is there any way, I can put the generation of keys into 1 file and encryption/decryption into another. How do I define bob_box without having to generate another pair of keys?

GEN.PY:

import libnacl.public

def genkeys():

    bob = libnacl.public.SecretKey()
    alice = libnacl.public.SecretKey()

    bob_box = libnacl.public.Box(bob.sk, alice.pk)
    alice_box = libnacl.public.Box(alice.sk, bob.pk)

genkeys()

ENDEcrypt:

import libnacl.public
from GEN import genkeys

msg = '1234'

# Bob's box encrypts messages for Alice
bob_ctxt = bob_box.encrypt(msg)

# Alice's box decrypts messages from Bob
bclear = alice_box.decrypt(bob_ctxt)

# Alice can send encrypted messages which only Bob can decrypt
alice_ctxt = alice_box.encrypt(msg)
aclear = bob_box.decrypt(alice_ctxt)

output when I run ENDEcrypt:

Traceback (most recent call last):
File "/home/pi/Desktop/BOBALICE/endecrypt.py", line 7, in <module>
bob_ctxt = bob_box.encrypt(msg)
NameError: name 'bob_box' is not defined

回答1:


The API of libnacl is designed in such a way that two parties that want to communicate securely must somehow exchange their public keys. Let's say Alice wants to send a message to Bob.

# Alice's computer:                             Bob's computer:
alice_sign = libnacl.public.SecretKey()         bob_enc = libnacl.public.SecretKey()
alice_spk_h = alice_sign.hex_pk()               bob_epk_h = bob_enc.hex_pk()

# magic happens where alice_spk_h goes to Bob and bob_epk_h goes to alice (i.e. by phone)

bob_epk = libnacl.public.PublicKey(bob_epk_h)   alice_spk = libnacl.public.PublicKey(
                                                        alice_spk_h)
alice_box = libnacl.public.Box(                 bob_box = libnacl.public.Box(
        alice_sign.sk, bob_epk)                         bob_enc.sk, alice_spk)

# preparation is done, let's start encrypting...

ct = alice_box.encrypt(msg)

# send ct to Bob (the message is protected)

                                                msg = bob_box.decrypt(ct)

As you can see, you need to treat the public and secret keys separately to send them between machine of the communicating parties. You cannot combine them into one method, because that would contradict the usage scenario of libnacl's public-key encryption.

Keep in mind that with a single key pair per party, it is only permissible to send the encrypted messages in one direction. If you need to send messages back, then each party needs to have two keys (one for signing and one for encryption; note that I named Alice's and Bob's keys in a certain way to make that clear).

Is there a way to do the generation of keys in one file and the storing of keys into a box + encryption/decryption into another file?

Yes, but here you have to think about what these files are doing. A Python file is code. If you run the code that generates the SecretKey from a command line, you need to store it in some way, because running the code again would change the key.

gen.py

import libnacl.public

def genkey():
    return libnacl.public.SecretKey()

def gen_keys_and_save():
    # Generate two key pairs and store them for later use
    enc = genkey()
    enc.save('myencsecret.key')
    with open('myencpublic.key', 'w') as pkf:
        pkf.write(enc.hex_pk())

    sign = genkey()
    sign.save('mysignsecret.key')
    with open('mysignpublic.key', 'w') as pkf:
        pkf.write(sign.hex_pk())

if __name__ == "__main__":
    # this code only runs when executed directly (i.e. from command line)
    gen_keys_and_save()

enc.py

import libnacl.public
import libnacl.utils

def encrypt(mysignsecret, theirencpublic, data):
    box = libnacl.public.Box(mysignsecret, theirencpublic)
    return box.encrypt(data)

def parse_and_encrypt(mysignsecretfile, theirencpublicfile, data):
    sk = libnacl.utils.load_key(mysignsecretfile)
    with open(theirencpublicfile, 'r') as pkf:
        pk = libnacl.public.PublicKey(pkf.read())
    return encrypt(sk, pk, data)

if __name__ == "__main__":
    parse_and_encrypt('mysignsecret.key', 'theirencpublic.key', 'some kind of msg')

dec.py

import libnacl.public

def decrypt(myencsecret, theirsignpublic, ciphertext):
    box = libnacl.public.Box(myencsecret, theirsignpublic)
    return box.decrypt(ciphertext)

# similar to enc.py ...

Now you can run it like this:

$ python gen.py

Now you need to receive theirencpublic.key and send mysignpublic.key. When you've done that, you can do that:

$ python enc.py


来源:https://stackoverflow.com/questions/44917150/how-do-i-do-encryption-decryption-without-generating-keypairs-again

标签
python
encryption
key-pair
nacl-cryptography
pynacl
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!