Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you an introduction to the encryption library on how to carry out Python. The article is rich in content and analyzes and narrates it from a professional point of view. I hope you can get something after reading this article.

Encrypt your data and make it secure.

A rule of the Cryptography Club is: never invent your own cryptographic system. The second rule of the Cryptography Club is: never implement your own cryptosystem: in the real world, many loopholes have been found in the implementation and design stages of the cryptosystem.

A useful basic encryption library in Python is called cryptography. It is not only a basic library of "security", but also a "danger" layer. "danger" layer needs to be more careful and relevant knowledge, and the use of it is prone to security vulnerabilities. In this introductory article, we will not cover anything in the "danger" layer!

The most useful advanced security feature in the cryptography library is an Fernet implementation. Fernet is a practical standard for encrypting buffers. It is not suitable for very large files, such as files with gigabytes or more, because it requires you to load the contents to be encrypted or decrypted into the memory buffer at once.

Fernet supports symmetric symmetric (key secret key) encryption *: encryption and decryption use the same key, so security must be maintained.

Generating a key is simple:

> k = fernet.Fernet.generate_key () > type (k)

These bytes can be written to files with appropriate permissions on secure machines.

With the key, encryption is also easy:

> frn = fernet.Fernet (k) > encrypted = frn.encrypt (b "x marks the spot") > encrypted [: 10] broomgAAAAABb1'

If you encrypt it on your machine, you will see a slightly different value. Not only because (I hope) you generated a different key from mine, but also because Fernet connects the values to be encrypted with some randomly generated buffers. This is one of the "practices" I mentioned earlier: it will prevent opponents from distinguishing which encryption values are the same, which is sometimes an important part of the threat.

Decryption is equally simple:

> frn = fernet.Fernet (k) > frn.decrypt (encrypted) b'x marks the spot'

Note that this only encrypts and decrypts byte strings. In order to encrypt and decrypt text strings, you usually need to encode and decode them using UTF-8.

One of the most interesting developments in cryptography in the mid-20th century was public key public key encryption. It can keep the decryption key secret while issuing the encryption key. For example, it can be used to hold the API key used by the server: the server is the party that can access the decryption key, but anyone can save the public encryption key.

Although cryptography does not have any security features that support public key encryption, the PyNaCl library does. PyNaCl encapsulates and provides some good ways to use the NaCl encryption system invented by Daniel J. Bernstein.

NaCl always encrypts both encrypt and signed sign or decrypts decrypt and verifies signed verify signature at the same time. This is a way to prevent scalability-based malleability-based, where hackers modify encryption values.

Encryption is done with a public key, while signing is done with a key:

> from nacl.public import PrivateKey, PublicKey, Box > source = PrivateKey.generate () > with open ("target.pubkey", "rb") as fpin:... Target_public_key = PublicKey (fpin.read ()) > enc_box = Box (source, target_public_key) > result = enc_box.encrypt (b "x marks the spot") > result [: 4] b'\ xe2\ x1c0\ xa4'

Decryption reverses the role: it requires a private key for decryption and a public key to verify the signature:

> from nacl.public import PrivateKey, PublicKey, Box > with open ("source.pubkey", "rb") as fpin:... Source_public_key = PublicKey (fpin.read ()) > with open ("target.private_key", "rb") as fpin:... Target = PrivateKey (fpin.read ()) > dec_box = Box (target, source_public_key) > dec_box.decrypt (result) b'x marks the spot'

The PocketProtector library is built on top of PyNaCl and contains a complete key management scheme.

The above is the introduction to the encryption library of Python shared by the editor. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.