易加密(easy_encryption_tool)小工具
原创易加密(easy_encryption_tool)小工具
原创
bowenerchen
修改于 2024-04-07 21:08:47
修改于 2024-04-07 21:08:47
项目背景
在工作和学习的过程中笔者经常需要快速的进行数据加解密的操作,然而,我发现现有的加密工具如openssl,虽然功能全面,但使用起来并不直观,尤其是对于非专业人士来说。
举个例子,当我想对一个简单的字符串“hello,world”进行AES加密时,使用openssl需要执行一串相对复杂的命令,如echo -n "hello,world" | openssl enc -aes-256-cbc -salt -a -pass pass:yourpassword
openssl 参数举例
这样的操作不仅容易出错,而且需要记忆大量的命令和参数,对于初学者或者偶尔使用加密功能的用户来说,无疑增加了学习成本和使用难度。
因此,我设计了一款更加直观易用的加密小工具——easy_encryption_tool。尽管它是一款命令行工具,但我力求在交互方式上做到尽可能简单和简洁,提供尽可能清晰的参数说明:
参数说明举例
加密示例
用户只需通过简单的命令和参数,就能轻松完成加密、解密、签名验签等操作。
比如,想要对“hello,world”字符串进行AES加密,只需输入easy_encryption_tool aes -a encrypt -i hello,world即可。
easy_encryption_tool不仅支持对称加解密、非对称加解密、签名验签、证书解析、HMAC计算以及随机字符串生成等多种功能,还提供了对字符串、base64编码的字节流、文件这三种输入输出方式的支持。这使得用户可以根据自己的需求灵活选择输入输出方式,提高了工具的实用性。
对于高级用户,easy_encryption_tool也提供了对加密模式、密钥、IV、非对称加密填充模式、非对称签名哈希算法等等参数的灵活设定。
对于非对称加解密,这款工具目前仅支持字符串和base64编码的字节流作为输入输出,这是因为非对称加解密算法通常更适用于加密小量数据,如对称密钥等。尽管如此,这一设计依然能够满足大多数日常加密需求。
easy_encryption_tool不仅是一个实用的加密工具,同时也是一个很好的入门工具。对于想了解加密算法的朋友来说,通过这款工具,可以更加直观地了解各种加密算法的原理和操作流程,从而加深对加密技术的理解和掌握。
未来,笔者还计划对easy_encryption_tool进行持续更新和迭代,加入更多实用的功能和算法,如国密算法SM2、SM3和SM4等,以满足用户不断增长的加密需求。我相信,随着工具的不断完善和发展,它将能够为更多用户提供更加便捷、高效和安全的加密能力。
项目地址
设计思路
需求分析
目标用户群体:需要快速进行密码能力实践的开发者、数据管理员、安全从业者以及对加密技术感兴趣的普通用户。
- 功能需求 支持多种加密算法 简化加密操作,降低使用门槛 提供多种输入输出方式 支持基本的证书解析 支持HMAC计算 支持随机数生成
- 非功能需求: 工具应稳定可靠,加密过程不应出错 用户即用即走,操作简单
设计原则
易用性:通过简化命令和参数,降低学习成本,使工具易于上手。
扩展性:设计应考虑到未来功能的扩展和算法的更新。
安全性:确保加密过程的安全性和数据的完整性。
功能设计
- 命令设计
设计简洁直观的命令格式,如:
easy_encryption_tool <算法> <模式> <操作> <输入>提供帮助命令,列出所有可用的算法、模式和操作 - 算法支持: 集成常见的对称加密算法(如AES-CBC,默认屏蔽不安全的算法如 AES-ECB) 支持非对称加密算法(如RSA、ECC等) 预留接口,以便未来添加更多算法,如国密算法SM2、SM3和SM4
- 输入输出设计: 支持字符串、base64编码的字节流和文件作为输入 支持文件和 base64 编码的字节流作为输出 提供证书解析和验证功能 实现HMAC计算,用于数据的完整性校验
交互设计
- 命令行界面: 设计简洁明了的命令行界面,提供必要的提示信息 支持用户输入检查和错误提示,提高用户输入的准确性
- 参数校验 对用户输入的参数进行校验,确保输入的有效性 对于非法输入或无效参数,给出明确的错误提示
安全性考虑
- 加密库选择 选择经过广泛测试和验证的加密库作为底层实现
- 密钥: 提供密钥生成能力 错误处理: 对加密过程中可能出现的错误进行妥善处理,避免数据丢失或损坏
未来扩展
- 功能增强: 根据用户反馈和需求,逐步增加新的功能和算法支持。
工具支持的命令
❯ easy_encryption_tool --help
Usage: easy_encryption_tool [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
aes aes加解密工具,默认支持 aes-cbc-256 和 aes-gcm-256
cert-parse 解析 pem 或 der 格式的证书
ecc ecc签名验签和密钥交换验证工具
hmac hmac消息验证码工具
random-str 随机字符串生成器
rsa rsa加解密和签名验签工具
version 展示当前版本信息以及运行时信息设置easy_encryption_tool 自动补全
手动设置(以 zsh 举例)
# ZSH
# 1. 执行命令生成~/.easy_encryption_tool_complete.sh文件
_EASY_ENCRYPTION_TOOL_COMPLETE=zsh_source easy_encryption_tool >~/.easy_encryption_tool_complete.sh
# 2. 在.zshrc 文件中引用生成的文件
# 使用 vim 或其他编辑器打开~.zshrc 文件,添加下面的语句到文件中,然后保存退出
. ~/.easy_encryption_tool_complete.sh
# 3. 使配置在当前shell session 中生效
source ~/.zshrc生成随机字符串
支持的参数
❯ easy_encryption_tool random-str --help
Usage: main.py random-str [OPTIONS]
Options:
-l, --length INTEGER RANGE 最小生成一个字节字符串,最大长度由系统最大整型值决定 [default: 32;
1<=x<=9223372036854775807]
-o, --output-file TEXT 指定输出的文件,文件需要具有可写权限
--help Show this message and exit.直接输出到 stdout
# -l指定随机字符串的长度为32字节
❯ easy_encryption_tool random-str -l 32
------ 632aebf88dfe8f93 begin@2024-04-04_15:01:23.987 ------
qBg@G%Tp((@2h81tg@9II7#0Su4`B06$
------ 632aebf88dfe8f93 took 0.049 milli-seconds to execute ------输出到文件
❯ easy_encryption_tool random-str -l 37 -o test_random
------ 71a2d32b0816349f begin@2024-04-04_15:24:22.476 ------
write to test_random success
------ 71a2d32b0816349f took 0.299 milli-seconds to execute ------AES对称加密算法
支持的命令参数
❯ easy_encryption_tool aes --help
Usage: main.py aes [OPTIONS]
Options:
-m, --mode [cbc|gcm] aes mode,默认为 cbc 模式,可选 cbc 或 gcm 模式
[default: cbc]
-k, --key TEXT key 默认 32 字节,即 256 位,只允许输入可见字符,
长度不够则自动补齐,长度超出则自动截取 [default:
kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk]
-v, --iv-nonce TEXT cbc 模式下,iv 默认 16 字节即 128 位,gcm 模式下 nonce 默认
12 字节即 96 位,长度不够则自动补齐,长度超出则自动截取 [default:
vvvvvvvvvvvvvvvv]
-r, --random-key-iv 是否自动生成随机的密钥和 iv/nonce,如果随机生成,则密钥长度默认 32
字节,iv 默认为 16 字节, nonce 默认为 12 字节
-a, --action [encrypt|decrypt] 加密(encrypt)或 解密(decrypt),加密后输出 base64 编码的字符串
[default: encrypt]
-i, --input-data TEXT 输入数据,即被加密或解密的数据,加密时允许输入:字符串、 base64
编码数据、文件路径,解密时允许输入:base64 编码数据、文件路径
[required]
-e, --is-base64-encoded 如果 -i/--input-data 的值被 base64 编码过,则需要带上 -e
参数,-e 与 -f 互斥 [default: False]
-f, --is-a-file 如果 -i/--input-data 的值是一个文件,则需要带上 -f
参数表示当前需要被处理的是一个文件,-e 与 -f 互斥
-l, --input-limit INTEGER 输入内容最大长度,单位为 MB,默认为 1MB,在 -i 为非文件时生效
[default: 1]
-o, --output-file TEXT 指定输出文件,当输入时指定了文件,则输出时必须指定
-t, --gcm-tag TEXT gcm 模式解密时,则此参数必填
--help Show this message and exit.关于密钥、IV和模式的预设
- 加密模式:仅支持 CBC 模式和 GCM 模式,加密时强制按照 PKCS#7 规则进行数据填充(Padding)
- 密钥:默认 32 字节,即 256 位,不足会自动补齐,超过会自动截取
- IV:CBC 模式下时 IV 长度默认 16 字节,GCM 模式下 Nonce 长度默认 12 字节(其中 4 字节预留作为计数器,由算法自行处理)
关于输入数据的预设
加密行为支持三种数据输入方式:
- 字符串如:hello,world
- Base64 编码的字节流如:aGVsbG8sd29ybGQK(生成的 shell 命令:echo "hello,world"|base64)
- 文件名路径:~/data/test_plain.txt
解密行为支持两种数据输入方式:
- Base64 编码的字节流如:/hEP3J5KHZgNnCeBD/W5MQ==
- 文件名路径:~/data/test_cipher.bin
指定密钥和 IV
使用默认的密钥
# 加密hello,world,密钥和 iv 均为默认数据
❯ easy_encryption_tool aes -m cbc -a encrypt -i hello,world
------ 15ec713c1b8c0ef3 begin@2024-04-04_15:29:25.203 ------
plain size:11
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
iv:vvvvvvvvvvvvvvvv
cipher size:16
cipher:PcgHm88aPtUjwVx+SDvMqw==
auth_tag_size:0
auth_tag:
------ 15ec713c1b8c0ef3 took 26.874 milli-seconds to execute ------
# 解密hello,world
❯ easy_encryption_tool aes -m cbc -a decrypt -i PcgHm88aPtUjwVx+SDvMqw== -e
------ fb11b7f46716698e begin@2024-04-04_15:29:40.648 ------
cipher size:16
plain size:11
str plain:hello,world
------ fb11b7f46716698e took 13.754 milli-seconds to execute ------使用随机生成的密钥
# 加密 -r 表示随机生成密钥和 IV
❯ easy_encryption_tool aes -m cbc -a encrypt -i hello,world -r
------ d39dbe0c997a868b begin@2024-04-04_15:29:54.358 ------
plain size:11
key:Ta9M^p)+L1+_L^26!Xmcs6AR2^3p_5FY
iv:9*H`JW(dzpi5HBd0
cipher size:16
cipher:h7lMpOimKxO0zr7AMVsI9w==
auth_tag_size:0
auth_tag:
------ d39dbe0c997a868b took 14.258 milli-seconds to execute ------
# 解密
# -k 和 -v 的值使用引号是为了预防里面带有特殊 shell 命令的字符比如‘&’、‘!’等等
❯ easy_encryption_tool aes -m cbc -a decrypt -i h7lMpOimKxO0zr7AMVsI9w== -e -k 'Ta9M^p)+L1+_L^26!Xmcs6AR2^3p_5FY' -v '9*H`JW(dzpi5HBd0'
------ 1332e834884e2b0e begin@2024-04-04_15:31:06.666 ------
cipher size:16
plain size:11
str plain:hello,world
------ 1332e834884e2b0e took 15.691 milli-seconds to execute ------使用指定的密钥
密钥或 iv 长度不够时会自动填充
# 加密,此时 key(1234) 和 iv(1234) 长度都不足
❯ easy_encryption_tool aes -m cbc -a encrypt -i hello,world -k 1234 -v 4321
------ c5abaa3af64a5f6c begin@2024-04-04_15:31:34.231 ------
plain size:11
key:1234g6Z0GE$Z@ybb^IIb3FN5Ux%BE=00
iv:4321nJ4j*Nud(yH4
cipher size:16
cipher:dHJKRtSi8KsCe6ZFltF0kA==
auth_tag_size:0
auth_tag:
------ c5abaa3af64a5f6c took 14.648 milli-seconds to execute ------
# 解密
❯ easy_encryption_tool aes -m cbc -a decrypt -i dHJKRtSi8KsCe6ZFltF0kA== -e -k '1234g6Z0GE$Z@ybb^IIb3FN5Ux%BE=00' -v '4321nJ4j*Nud(yH4'
------ 7c2018bd08e58a63 begin@2024-04-04_15:32:16.014 ------
cipher size:16
plain size:11
str plain:hello,world
------ 7c2018bd08e58a63 took 14.343 milli-seconds to execute ------密钥或iv超长时会自动截取
# 加密,此时密钥和 iv 的长度都超长
❯ easy_encryption_tool aes -m cbc -a encrypt -i hello,world -k 12345678901234567890123456789012abcde -v 1234567890123456abcde
------ 8ff4bd52df0a0865 begin@2024-04-04_15:32:31.104 ------
plain size:11
key:12345678901234567890123456789012
iv:1234567890123456
cipher size:16
cipher:wOXlD3Ie7xiQh81aR8N1tQ==
auth_tag_size:0
auth_tag:
------ 8ff4bd52df0a0865 took 13.849 milli-seconds to execute ------
# 解密
❯ easy_encryption_tool aes -m cbc -a decrypt -i wOXlD3Ie7xiQh81aR8N1tQ== -e -k 12345678901234567890123456789012 -v 1234567890123456
------ 50ea907cc74207ad begin@2024-04-04_15:32:46.937 ------
cipher size:16
plain size:11
str plain:hello,world
------ 50ea907cc74207ad took 13.690 milli-seconds to execute ------指定明文
输入字符串作为明文
# 加密
❯ easy_encryption_tool aes -m cbc -a encrypt -i hello,world
------ e6dc33dc9ca747d0 begin@2024-04-04_15:33:05.505 ------
plain size:11
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
iv:vvvvvvvvvvvvvvvv
cipher size:16
cipher:PcgHm88aPtUjwVx+SDvMqw==
auth_tag_size:0
auth_tag:
------ e6dc33dc9ca747d0 took 14.098 milli-seconds to execute ------输入base64编码的字节流作为明文
# 加密 -e 表明输入的数据经过了 base64 编码,加密或解密时需要先将数据做 base64 解码
❯ easy_encryption_tool aes -m cbc -a encrypt -i 9H8InkmnUjgVHC8elQxThUSmzkO0tuGlP0Si4X1kmoK7azOIDoFnt8dXjeWNGb+dc7qiEBPi+jymax4i+24KBQ== -e
------ fc5b00c0a79ff88e begin@2024-04-04_15:33:17.585 ------
plain size:64
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
iv:vvvvvvvvvvvvvvvv
cipher size:80
cipher:ZHq7uJQjkx/2Bm5ZmrcuS/5c/s/qayDVcuWZmvsTle1RAUKyv0dvGhOVYEINmL35eSMVoT3Bx/M6lU9NGCuiM5OxyJ2VcuB30dp8GVZg0oQ=
auth_tag_size:0
auth_tag:
------ fc5b00c0a79ff88e took 14.382 milli-seconds to execute ------输入文件作为明文
# 加密
❯ easy_encryption_tool aes -m cbc -a encrypt -i ./test_data/test_plain.txt -f -o ./tmp_cipher.bin
------ 1d5fb25a63f1ed4d begin@2024-04-04_15:33:57.461 ------
input file size:64
cipher size:80
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
iv:vvvvvvvvvvvvvvvv
auth_tag_size:0
auth_tag:
------ 1d5fb25a63f1ed4d took 14.859 milli-seconds to execute ------指定密文
输入base64编码的字节流作为密文
如果解密出来的明文直接可以以字符串方式打印
# 明文本身为 hello,world
❯ easy_encryption_tool aes -m cbc -a decrypt -i PcgHm88aPtUjwVx+SDvMqw== -e
------ 2b6a86223a0ba102 begin@2024-04-04_15:35:26.995 ------
cipher size:16
plain size:11
str plain:hello,world
------ 2b6a86223a0ba102 took 13.676 milli-seconds to execute ------如果解密出来的密文不能以字符串方式打印
# 明文本身是字节流
❯ easy_encryption_tool aes -m cbc -a decrypt -i ZHq7uJQjkx/2Bm5ZmrcuS/5c/s/qayDVcuWZmvsTle1RAUKyv0dvGhOVYEINmL35eSMVoT3Bx/M6lU9NGCuiM5OxyJ2VcuB30dp8GVZg0oQ= -e
------ d399aa241aa6b691 begin@2024-04-04_15:35:39.781 ------
cipher size:80
plain size:64
b64 encoded plain:9H8InkmnUjgVHC8elQxThUSmzkO0tuGlP0Si4X1kmoK7azOIDoFnt8dXjeWNGb+dc7qiEBPi+jymax4i+24KBQ==
------ d399aa241aa6b691 took 13.869 milli-seconds to execute ------输入文件作为密文
❯ easy_encryption_tool aes -m cbc -a decrypt -i ./tmp_cipher.bin -f -o ./tmp_plain.txt
------ 1f27fb444d1139b2 begin@2024-04-04_15:36:03.267 ------
input file size:80
decrypt ./tmp_cipher.bin success
write to ./tmp_plain.txt
plain size:64
------ 1f27fb444d1139b2 took 14.259 milli-seconds to execute ------
# 文件大小一致、内容一致
❯ ll ./tmp_plain.txt ./test_data/test_plain.txt
-rw-r--r-- 1 xxxx staff 64 Apr 2 21:06 ./test_data/test_plain.txt
-rw-r--r-- 1 xxxx staff 64 Apr 3 10:58 ./tmp_plain.txt
❯ cat tmp_plain.txt ./test_data/test_plain.txt
123456789012345612345678901234561234567890123456123456789012345
123456789012345612345678901234561234567890123456123456789012345使用GCM模式
代码层面的预设
代码中,对于加密的明文默认使用固定的上下文数据作为验证数据
if mode == aes_gcm_mode:
self.__auth_data = json.dumps({
'mode': mode, # 值为 gcm
'obj': 'aes_operator',
}).encode(encoding = 'utf-8')
if action == aes_encrypt_action:
self.__aes_gcm_obj = Cipher(algorithms.AES(self.__key), modes.GCM(self.__iv), backend = default_backend())
self.__aes_gcm_enc_op = self.__aes_gcm_obj.encryptor()
self.__aes_gcm_enc_op.authenticate_additional_data(self.__auth_data)对字符串做加解密
# gcm模式加密
❯ easy_encryption_tool aes -m gcm -a encrypt -i hello,world
------ b8e914a4634acde7 begin@2024-04-04_15:36:39.558 ------
plain size:11
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
iv:vvvvvvvvvvvv
cipher size:16
cipher:TajM7IwxIZIoqHkU87dY7w==
auth_tag_size:16
auth_tag:df8z3ccRyGOQTluw26dIlA==
------ b8e914a4634acde7 took 14.280 milli-seconds to execute ------对 base64 编码的字节流做加解密
# 加密
❯ easy_encryption_tool aes -m gcm -a encrypt -i 9H8InkmnUjgVHC8elQxThUSmzkO0tuGlP0Si4X1kmoK7azOIDoFnt8dXjeWNGb+dc7qiEBPi+jymax4i+24KBQ== -e
------ 7781b5bffdcef12b begin@2024-04-04_15:37:05.562 ------
plain size:64
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
iv:vvvvvvvvvvvv
cipher size:80
cipher:0bKoHqq6BMVP2DIPY74Ob2tGi69gVzHSZREJT3DAeCsVU52ykLcfKZIq/GD2PEkCwLLE8o37nvPK9t/pr4LStVy5unAN/EVllIvvopq2pis=
auth_tag_size:16
auth_tag:B1Jp0FuxyNXAOVAvj9S+Ow==
------ 7781b5bffdcef12b took 13.915 milli-seconds to execute ------
# 解密
❯ easy_encryption_tool aes -m gcm -a decrypt -i 0bKoHqq6BMVP2DIPY74Ob2tGi69gVzHSZREJT3DAeCsVU52ykLcfKZIq/GD2PEkCwLLE8o37nvPK9t/pr4LStVy5unAN/EVllIvvopq2pis= -e -t B1Jp0FuxyNXAOVAvj9S+Ow==
------ 5bcc82c4235dcde4 begin@2024-04-04_15:37:17.397 ------
cipher size:80
plain size:64
b64 encoded plain:9H8InkmnUjgVHC8elQxThUSmzkO0tuGlP0Si4X1kmoK7azOIDoFnt8dXjeWNGb+dc7qiEBPi+jymax4i+24KBQ==
------ 5bcc82c4235dcde4 took 13.844 milli-seconds to execute ------对文件做加解密
# 加密
❯ easy_encryption_tool aes -m gcm -a encrypt -i ./test_data/test_plain.txt -f -o ./tmp_gcm_cipher.bin
------ 0c4605fe37eb7e4b begin@2024-04-04_15:37:45.621 ------
input file size:64
cipher size:80
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
iv:vvvvvvvvvvvv
auth_tag_size:16
auth_tag:krJchuyaDRYHnu5tsy8UzA==
------ 0c4605fe37eb7e4b took 14.347 milli-seconds to execute ------
# 解密
❯ easy_encryption_tool aes -m gcm -a decrypt -i ./tmp_gcm_cipher.bin -f -o tmp_gcm_plain.txt -t krJchuyaDRYHnu5tsy8UzA==
------ d181cab086ebaeaa begin@2024-04-04_15:38:00.709 ------
input file size:80
decrypt ./tmp_gcm_cipher.bin success
write to tmp_gcm_plain.txt
plain size:64
------ d181cab086ebaeaa took 14.397 milli-seconds to execute ------tag值对解密很重要
# gcm模式正常解密
❯ easy_encryption_tool aes -m gcm -a decrypt -i TajM7IwxIZIoqHkU87dY7w== -e -t df8z3ccRyGOQTluw26dIlA==
------ 86699527d1227e39 begin@2024-04-04_15:38:22.322 ------
cipher size:16
plain size:11
str plain:hello,world
------ 86699527d1227e39 took 13.987 milli-seconds to execute ------
# 不传 gcm tag 会报错
❯ easy_encryption_tool aes -m gcm -a decrypt -i TajM7IwxIZIoqHkU87dY7w== -e
------ 11c1531f0fd5b7a8 begin@2024-04-04_15:38:32.957 ------
expected a gcm tag(16 Bytes)
------ 11c1531f0fd5b7a8 took 0.030 milli-seconds to execute ------
# 传错误的 tag 会解密失败
❯ easy_encryption_tool aes -m gcm -a decrypt -i TajM7IwxIZIoqHkU87dY7w== -e -t H7n7OzKgQyHL86zbnQ0r+g==
------ 90580b5c3649a1ba begin@2024-04-04_15:38:46.823 ------
decrypt TajM7IwxIZIoqHkU87dY7w== failed:
------ 90580b5c3649a1ba took 14.030 milli-seconds to execute ------常用的参数合法性检查
-m 模式参数
easy_encryption_tool aes -m abc -a encrypt -i 1234
Usage: main.py aes [OPTIONS]
Try 'main.py aes --help' for help.
Error: Invalid value for '-m' / '--mode': 'abc' is not one of 'cbc', 'gcm'.-a 动作参数
easy_encryption_tool aes -m cbc -a abc -i 1234
Usage: main.py aes [OPTIONS]
Try 'main.py aes --help' for help.
Error: Invalid value for '-a' / '--action': 'abc' is not one of 'encrypt', 'decrypt'.-i 输入参数
字符串超限
# 这里设置最大限制为0MBytes,也就是不允许加密,这里是故意预留的
❯ easy_encryption_tool aes -m cbc -a encrypt -i 1234 -l 0
------ 5ce766f36cc28968 begin@2024-04-04_15:39:42.675 ------
the data exceeds the maximum bytes limit, limited to:0Bytes, now:4Bytes
------ 5ce766f36cc28968 took 0.023 milli-seconds to execute ------非法的base64编码数据
# 任意构造的字符串
❯ easy_encryption_tool aes -m cbc -a encrypt -i qwert -e
------ 4844fa0e0939482d begin@2024-04-04_15:39:53.597 ------
invalid b64 encoded data:qwert
------ 4844fa0e0939482d took 0.044 milli-seconds to execute ------
# base64数据缺少字符(正确的是:ZUD3MJT3ohiimrryNW7jBw==)
❯ easy_encryption_tool aes -m cbc -a encrypt -i ZUD3MJT3ohiimrryNW7jBw -e
------ 22301b388db43f9d begin@2024-04-04_15:40:05.092 ------
invalid b64 encoded data:ZUD3MJT3ohiimrryNW7jBw
------ 22301b388db43f9d took 0.036 milli-seconds to execute ------文件不可读
# 创建文件并设置为只可root读
sudo touch test_plain
sudo chmod 400 test_plain
# 查看文件
ll test_plain
-r-------- 1 root staff 0 Apr 3 11:29 test_plain
# 使用其他用户运行命令访问
easy_encryption_tool aes -m cbc -a encrypt -i test_plain -f
test_plain may not exist or may be unreadable
------ aes_command took 0.076 milli-seconds to execute ------文件不可写
# 文件写权限检查失败
easy_encryption_tool aes -m cbc -a encrypt -i tmp_gcm_plain.txt -f -o test_plain
tmp_gcm_plain.txt opened in mode rb success
test_plain may not exist or may not writable
tmp_gcm_plain.txt closed success
------ aes_command took 0.126 milli-seconds to execute -------e 与 -f 参数互斥
❯ easy_encryption_tool aes -m cbc -a encrypt -i test_plain -f -e
------ 75998f7a4a1364f6 begin@2024-04-04_15:40:30.038 ------
the input data cannot be used as both a file and base64 encoded data
------ 75998f7a4a1364f6 took 0.026 milli-seconds to execute ------对文件加密或解密时,必须指定输出的文件名
# 加密不指定输出文件
❯ easy_encryption_tool aes -m gcm -a encrypt -i ./test_data/test_plain.txt -f
------ 3564874090cf12d5 begin@2024-04-04_15:40:55.522 ------
need a output file specified and writable
------ 3564874090cf12d5 took 0.074 milli-seconds to execute ------
# 解密不指定输出文件
❯ easy_encryption_tool aes -m gcm -a decrypt -i ./test_data/test_plain.txt -f -t df8z3ccRyGOQTluw26dIlA==
------ c3dee26a5649a077 begin@2024-04-04_15:41:07.541 ------
need a output file specified and writable
------ c3dee26a5649a077 took 0.084 milli-seconds to execute ------HMAC验证码
支持的命令参数
❯ easy_encryption_tool hmac --help
Usage: main.py hmac [OPTIONS]
Options:
-i, --input-data TEXT 输入数据,允许输入:字符串、 base64 编码数据、文件路径 [required]
-e, --is-base64-encoded 如果 -i/--input-data 的值被 base64 编码过,则需要带上 -e
参数,-e 与 -f 互斥 [default: False]
-f, --is-a-file 如果 -i/--input-data 的值是一个文件,则需要带上 -f
参数表示当前需要被处理的是一个文件,-e 与 -f 互斥
-h, --hash-alg [sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]
哈希算法 [default: sha256]
-k, --key TEXT key 默认值为 32 字节,即 256 位,只允许输入可见字符 [default:
kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk]
-r, --random-key 是否自动生成随机的密钥,如果自动生成随机密钥则默认 32 字节长度
--help Show this message and exit.关于输入数据和密钥的预设
- 输入数据支持三种方式:字符串明文、base64 编码的字节流、文件
- 密钥默认 32 字节,支持生成随机密钥(长度强制为 32 字节)
指定密钥
使用默认密钥
❯ easy_encryption_tool hmac -i hello,world
------ 1daa56484b0a4733 begin@2024-04-04_15:41:52.566 ------
data size:11Bytes
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
hmac:dcd5f3d53661434856c4fb1f76072a22c5fb2526bfd8713aa5041cc43aab7675
------ 1daa56484b0a4733 took 0.029 milli-seconds to execute ------自己指定密钥
❯ easy_encryption_tool hmac -i hello,world -k 1234
------ 990d2a043f6fb90a begin@2024-04-04_15:42:03.420 ------
data size:11Bytes
key:1234
hmac:96dd6f73018a6d1911d77a906bc41a6aaae760331eb367ca7134a6b85dbbfdcb
------ 990d2a043f6fb90a took 0.025 milli-seconds to execute ------生成随机密钥
❯ easy_encryption_tool hmac -i hello,world -r
------ 8acd4791042aae7c begin@2024-04-04_15:42:14.518 ------
data size:11Bytes
key:6+98I^y4IsiGGj0p!(1^O+iuoH%CO!s5
hmac:f8f9931c074fd30c9fe60c31beb87600bfd3b51960e91f34d765d339aa9981f8
------ 8acd4791042aae7c took 0.057 milli-seconds to execute ------指定输入
输入字符串
❯ easy_encryption_tool hmac -i hello,world
------ 7ad6f172e3498e2a begin@2024-04-04_15:42:33.801 ------
data size:11Bytes
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
hmac:dcd5f3d53661434856c4fb1f76072a22c5fb2526bfd8713aa5041cc43aab7675
------ 7ad6f172e3498e2a took 0.028 milli-seconds to execute ------输入 base64 编码的字节流
❯ easy_encryption_tool hmac -i krJchuyaDRYHnu5tsy8UzA== -e
------ 7f8694414df48f4e begin@2024-04-04_15:42:46.859 ------
data size:16Bytes
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
hmac:276e565d1e8a65b38463e124c45c60b00e01a8a623995aae360d1035e0d58923
------ 7f8694414df48f4e took 0.035 milli-seconds to execute ------输入文件
❯ easy_encryption_tool hmac -i ./test_data/test_plain.txt -f
------ d9f4d5072cc8d6ee begin@2024-04-04_15:42:57.326 ------
file size:64Bytes
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
hmac:5b0ea206c45019e090246cea031ca3a267bab15d39bd53491272473aef75d8b0
------ d9f4d5072cc8d6ee took 0.102 milli-seconds to execute ------指定哈希算法
# 支持的 hash 列表:
# [sha224 | sha256 | sha384 | sha512 | sha3_224 | sha3_256 | sha3_384 | sha3_512]
# 使用 sha512
❯ easy_encryption_tool hmac -i ./test_data/test_plain.txt -f -h sha512
------ 440b99b2f7479972 begin@2024-04-04_15:43:10.055 ------
file size:64Bytes
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
hmac:3c41a94f15c6517e5774d0878268e33c12d9170136c8d9c972f9294324aca61ee2bc4e0f1c7b4a59525ba40f3ccf7b94ebb1de74881ae85023a187e8c1626e1b
------ 440b99b2f7479972 took 0.107 milli-seconds to execute ------
# 使用sha3_256
❯ easy_encryption_tool hmac -i ./test_data/test_plain.txt -f -h sha3_256
------ c48755f9b49e99b3 begin@2024-04-04_15:43:23.256 ------
file size:64Bytes
key:kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
hmac:25494b6effa8df3ad1bff777892e08ceccf3fbaa181608d006400b8da3fef853
------ c48755f9b49e99b3 took 0.087 milli-seconds to execute ------RSA非对称密钥
支持的命令
❯ easy_encryption_tool rsa --help
Usage: main.py rsa [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
decrypt
encrypt
generate
sign
verify生成密钥对
支持的参数
❯ easy_encryption_tool rsa generate --help
Usage: main.py rsa generate [OPTIONS]
Options:
-s, --size [2048|3072|4096] 密钥位数 [default: 2048]
-e, --encoding [pem|der] 密钥格式 [default: pem]
-f, --file-name TEXT 输出密钥对的文件名前缀,最终写入数据时会创建文件并加上文件名后缀 [default:
demo; required]
-p, --password TEXT 私钥密码,使用私钥时需要输入正确的密码
-r, --random-password 是否生成私钥的随机密码,如果带上 -r 标识,则随机生成32字节的密码
--help Show this message and exit.默认生成
# 密钥长度2048位,私钥不带密码
❯ easy_encryption_tool rsa generate -f test
------ 6b89fd023be2d70e begin@2024-04-04_15:48:44.313 ------
generate test_rsa_public.pem/test_rsa_private.pem success
------ 6b89fd023be2d70e took 134.487 milli-seconds to execute ------指定长度且指定密码
# pem格式密钥,私钥不带密码
❯ easy_encryption_tool rsa generate -f test_no_pwd_pem -s 4096 -e pem
------ 7d68ecefd4536a1c begin@2024-04-04_15:50:00.393 ------
generate test_no_pwd_pem_rsa_public.pem/test_no_pwd_pem_rsa_private.pem success
------ 7d68ecefd4536a1c took 560.056 milli-seconds to execute ------
# pem格式密钥,私钥带密码
❯ easy_encryption_tool rsa generate -f test_pwd_pem -s 4096 -e pem -p 1234567890
------ f036eed08d4188e6 begin@2024-04-04_15:51:20.417 ------
private key password:1234567890
generate test_pwd_pem_rsa_public.pem/test_pwd_pem_rsa_private_cipher.pem success
------ f036eed08d4188e6 took 341.474 milli-seconds to execute ------
# der格式密钥,私钥不带密码
❯ easy_encryption_tool rsa generate -f test_no_pwd_der -s 4096 -e der
------ e152e62cc8ff4080 begin@2024-04-04_15:51:53.004 ------
generate test_no_pwd_der_rsa_public.der/test_no_pwd_der_rsa_private.der success
------ e152e62cc8ff4080 took 620.032 milli-seconds to execute ------
# der格式密钥,私钥带密码
❯ easy_encryption_tool rsa generate -f test_pwd_der -s 4096 -e der -p 1234567890
------ 9b08b9054b7642cd begin@2024-04-04_15:52:04.209 ------
private key password:1234567890
generate test_pwd_der_rsa_public.der/test_pwd_der_rsa_private_cipher.der success
------ 9b08b9054b7642cd took 1108.390 milli-seconds to execute ------指定长度且随机生成密码
❯ easy_encryption_tool rsa generate -f test -s 4096 -r
------ e3eba04fda53c701 begin@2024-04-04_15:53:14.570 ------
private key password:4)H(iipM9=qnUV!!16LZ3)n&YGQE@v04
generate test_rsa_public.pem/test_rsa_private_cipher.pem success
------ e3eba04fda53c701 took 300.131 milli-seconds to execute ------ 加密与解密
支持的参数
# 加密
❯ easy_encryption_tool rsa encrypt --help
Usage: main.py rsa encrypt [OPTIONS]
Options:
-f, --public-key TEXT 公钥文件路径 [required]
-i, --input-data TEXT 输入数据,可以直接为字符串,也可以为
base64编码的数据,base64编码的数据需要带上标识 -c [required]
-e, --encoding [pem|der] 密钥格式 [default: pem]
-c, --b64-encoded 输入数据是否被 base64 编码过
-l, --input-limit INTEGER 输入内容最大长度,单位为 MB,默认为 1MB,非对称不适合直接加密过长的数据
[default: 1]
-m, --mode [oaep|pkcs1v15] 加密时的填充模式 [default: oaep; required]
-h, --hash-mode [sha256|sha384|sha512]
此参数仅在-m为 oaep 时生效 [default: sha256]
--help Show this message and exit.
# 解密
❯ easy_encryption_tool rsa decrypt --help
Usage: main.py rsa decrypt [OPTIONS]
Options:
-f, --private-key TEXT 私钥文件路径 [required]
-i, --input-data TEXT 输入的密文数据, 必须为base64编码的数据 [required]
-e, --encoding [pem|der] 密钥格式 [default: pem]
-m, --mode [oaep|pkcs1v15] 加密时的填充模式 [default: oaep; required]
-h, --hash-mode [sha256|sha384|sha512]
此参数仅在-m为 oaep 时生效 [default: sha256]
-p, --password TEXT 私钥密码,使用私钥时需要输入正确的密码
--help Show this message and exit.使用 PEM 密钥加解密
私钥不需要密码
# 加密
❯ easy_encryption_tool rsa encrypt -e pem -f ./test_data/test_no_pwd_pem_public.pem -i hello,world
------ 18869a5ba5f11a4f begin@2024-04-04_15:55:10.501 ------
pub key size:4096
padding mode:oaep-sha256
cipher:pQlqgAyKEdrjcdRPe90uWHIJv781VD1X0xxxxxxxxxxxxxx
------ 18869a5ba5f11a4f took 15.731 milli-seconds to execute ------
# 解密
❯ easy_encryption_tool rsa decrypt -e pem -f ./test_data/test_no_pwd_pem_private.pem -i pQlqgAyKEdrjcdxxxxxxxxxxxxxx
------ 197c89cd0b631ce0 begin@2024-04-04_15:55:40.536 ------
private key password:
key size:4096
padding mode:oaep-sha256
origin plain:hello,world
------ 197c89cd0b631ce0 took 338.602 milli-seconds to execute ------私钥需要密码
# 加密
❯ easy_encryption_tool rsa encrypt -e pem -f ./test_data/test_pwd_pem_public.pem -i hello,world
------ e1cde686b573fb50 begin@2024-04-04_15:56:04.554 ------
pub key size:4096
padding mode:oaep-sha256
cipher:pF06oJgMvzJ8WUpxxxxxxxxxxx
------ e1cde686b573fb50 took 15.492 milli-seconds to execute ------
# 解密 -p 指定密码
❯ easy_encryption_tool rsa decrypt -e pem -f ./test_data/test_pwd_pem_private_cipher.pem -i pF06oJgMvzJ8WUphoYqaccLhxxxxxxxx -p 1234567890
------ cb0ebbe7b572b665 begin@2024-04-04_15:56:25.496 ------
private key password:1234567890
key size:4096
padding mode:oaep-sha256
origin plain:hello,world
------ cb0ebbe7b572b665 took 338.788 milli-seconds to execute ------使用 DER 密钥加解密
私钥不需要密码
# 加密
❯ easy_encryption_tool rsa encrypt -e der -f ./test_data/test_no_pwd_der_public.der -i hello,world
------ 10e4568e22050ecc begin@2024-04-04_15:56:47.705 ------
pub key size:4096
padding mode:oaep-sha256
cipher:V0g9TwUetAKZOl6xwe9SL7ra1xxxxxxxxxx
------ 10e4568e22050ecc took 14.792 milli-seconds to execute ------
# 解密
❯ easy_encryption_tool rsa decrypt -e der -f ./test_data/test_no_pwd_der_private.der -i V0g9TwUetAKZOl6xwe9SL7ra1P3Kxxxxxxxxxx
------ ff1efcc52f4fc05e begin@2024-04-04_15:57:10.634 ------
private key password:
key size:4096
padding mode:oaep-sha256
origin plain:hello,world
------ ff1efcc52f4fc05e took 348.368 milli-seconds to execute ------私钥需要密码
# 加密
❯ easy_encryption_tool rsa encrypt -e der -f ./test_data/test_pwd_der_public.der -i hello,world
------ d59dc4bec2be5592 begin@2024-04-04_15:57:28.114 ------
pub key size:4096
padding mode:oaep-sha256
cipher:XNNpZfpu7ZjnI1HnH/KN9xxxxxxxxx
------ d59dc4bec2be5592 took 14.696 milli-seconds to execute ------
# 解密 -p 指定密码
❯ easy_encryption_tool rsa decrypt -e der -f ./test_data/test_pwd_der_private_cipher.der -i XNNpZfpuxxxxxxxxx -p 1234567890
------ 806b307f230908a4 begin@2024-04-04_15:57:47.873 ------
private key password:1234567890
key size:4096
padding mode:oaep-sha256
origin plain:hello,world
------ 806b307f230908a4 took 343.988 milli-seconds to execute ------对明文为 base64 编码的字节流做加解密
# 加密
❯ easy_encryption_tool rsa encrypt -e pem -f ./test_data/test_pwd_pem_public.pem -i krJchuyaDRYHnu5tsy8UzA== -c
------ 29fa5af7e9f84f15 begin@2024-04-04_15:58:07.029 ------
pub key size:4096
padding mode:oaep-sha256
cipher:QiztiJ21bVsNf4DyPhzDAR/E24Xqexxxxxxxxx
------ 29fa5af7e9f84f15 took 15.584 milli-seconds to execute ------
# 解密 -p 指定密码
❯ easy_encryption_tool rsa decrypt -e pem -f ./test_data/test_pwd_pem_private_cipher.pem -i QiztiJ21bVsNf4DyPhzDAR/E24Xqe94P398JLDakFl3LDhOA3I/XHY3v3R0GBNRrrMPtUorGHxCVmJNqxxxxxx -p 1234567890
------ d1f6350d34acf14e begin@2024-04-04_15:58:25.431 ------
private key password:1234567890
key size:4096
padding mode:oaep-sha256
b64 encoded plain:krJchuyaDRYHnu5tsy8UzA==
------ d1f6350d34acf14e took 344.681 milli-seconds to execute ------加密模式设置
OAEP模式
# 加密
❯ easy_encryption_tool rsa encrypt -e pem -f ./test_data/test_no_pwd_pem_public.pem -i hello,world -m oaep
------ 5d4c86b12cac7641 begin@2024-04-04_15:58:41.153 ------
pub key size:4096
padding mode:oaep-sha256
cipher:LmYOuAO+zP1qCjivxxxxxxxxxx
------ 5d4c86b12cac7641 took 14.201 milli-seconds to execute ------
# 解密
❯ easy_encryption_tool rsa decrypt -e pem -f test_data/test_no_pwd_pem_private.pem -m oaep -i LmYOuAO+zP1qxxxxxx
------ 9f151c4c9f56af86 begin@2024-04-04_15:59:05.700 ------
private key password:
key size:4096
padding mode:oaep-sha256
origin plain:hello,world
------ 9f151c4c9f56af86 took 346.121 milli-seconds to execute ------PKCS1v15 模式
# 加密
❯ easy_encryption_tool rsa encrypt -e pem -f ./test_data/test_no_pwd_pem_public.pem -i hello,world -m pkcs1v15
------ 875086be5059242c begin@2024-04-04_15:59:19.282 ------
pub key size:4096
padding mode:pkcs1v15
cipher:i1hVnoQsWAQK4sftuvg08xxxxxxx
------ 875086be5059242c took 14.024 milli-seconds to execute ------
# 解密
❯ easy_encryption_tool rsa decrypt -e pem -f test_data/test_no_pwd_pem_private.pem -m pkcs1v15 -i i1hVnoQsWAQK4sftuvgxxxxxxxx
------ d5096f43a1dd5d65 begin@2024-04-04_15:59:37.216 ------
private key password:
key size:4096
padding mode:pkcs1v15
origin plain:hello,world
------ d5096f43a1dd5d65 took 348.221 milli-seconds to execute ------签名与验签
支持的参数
# 签名
❯ easy_encryption_tool rsa sign --help
Usage: main.py rsa sign [OPTIONS]
Options:
-f, --private-key TEXT 私钥文件路径 [required]
-e, --encoding [pem|der] 密钥格式 [default: pem]
-m, --mode [pss|pkcs1v15] 签名时的填充模式 [default: pss; required]
-h, --hash-mode [sha256|sha384|sha512]
签名时的哈希算法 [default: sha256]
-p, --password TEXT 私钥密码,使用私钥时需要输入正确的密码
-i, --input-data TEXT 需要被签名的数据 [required]
-c, --b64-encoded 输入数据是否被 base64 编码过
--help Show this message and exit.
# 验签
❯ easy_encryption_tool rsa verify --help
Usage: main.py rsa verify [OPTIONS]
Options:
-f, --public-key TEXT 公钥文件路径 [required]
-e, --encoding [pem|der] 密钥格式 [default: pem]
-m, --mode [pss|pkcs1v15] 签名时的填充模式 [default: pss; required]
-h, --hash-mode [sha256|sha384|sha512]
签名时的哈希算法 [default: sha256]
-i, --input-data TEXT 需要被签名的数据 [required]
-c, --b64-encoded 输入数据是否被 base64 编码过
-s, --signature TEXT base64 编码过的签名值
--help Show this message and exit.PSS模式
# 签名 -p 指定密码
❯ easy_encryption_tool rsa sign -e der -f ./test_data/test_pwd_der_private_cipher.der -m pss -i hello,world -p 1234567890
------ 9238d47e0e2636f1 begin@2024-04-04_16:01:35.674 ------
key size:4096
signature:74bd0807319b4b7c58dc40eaf58efee8xxxxxxxx
----------------
base64 encoded:dL0IBzGbS3xY3EDq9xxxxxxxx
mode:pss-sha256
------ 9238d47e0e2636f1 took 348.185 milli-seconds to execute ------
# 验签
❯ easy_encryption_tool rsa verify -e der -f ./test_data/test_pwd_der_public.der -m pss -s dL0IBzGbS3xY3EDqxxxxxxxxx -i hello,world
------ 8e8b995bbc527e67 begin@2024-04-04_16:02:01.136 ------
verify success
key size:4096
mode:pss-sha256
------ 8e8b995bbc527e67 took 14.193 milli-seconds to execute ------PKCS1v15模式
# 签名 -p 指定密码
❯ easy_encryption_tool rsa sign -e pem -f ./test_data/test_pwd_pem_private_cipher.pem -i hello,world -p 1234567890
------ c12c59d278e72bb6 begin@2024-04-04_16:02:15.070 ------
key size:4096
signature:8590c16fd7349f7da4b845xxxxxxx
----------------
base64 encoded:hZDBb9c0n32kuEWrVsD9exxxxxxxx
mode:pss-sha256
------ c12c59d278e72bb6 took 343.034 milli-seconds to execute ------
# 验签
❯ easy_encryption_tool rsa verify -e pem -f ./test_data/test_pwd_pem_public.pem -i hello,world -s hZDBb9c0n32kuEWrVsD9eGzQxxxxxxxxxx
------ 8151e7568131a1c6 begin@2024-04-04_16:02:36.431 ------
verify success
key size:4096
mode:pss-sha256
------ 8151e7568131a1c6 took 13.708 milli-seconds to execute ------ECC椭圆曲线
支持的命令
❯ easy_encryption_tool ecc --help
Usage: main.py ecc [OPTIONS] COMMAND [ARGS]...
Options:
--help Show this message and exit.
Commands:
ecdh
generate
sign
verify生成密钥对
❯ easy_encryption_tool ecc generate --help
Usage: main.py ecc generate [OPTIONS]
Options:
-c, --curve [secp256r1|secp384r1|secp521r1|secp256k1]
ecc 椭圆曲线类型 [default: secp256k1]
-e, --encoding [pem|der] 密钥格式 [default: pem]
-f, --file-name TEXT 输出密钥对的文件名前缀,最终写入数据时会创建文件并加上文件名后缀 [default:
demo; required]
-p, --password TEXT 私钥密码,使用私钥时需要输入正确的密码
-r, --random-password 是否生成私钥的随机密码,如果带上 -r 标识,则随机生成32字节的密码
--help Show this message and exit.默认生成
❯ easy_encryption_tool ecc generate
------ d6b0cebd74d64b57 begin@2024-04-04_16:07:59.720 ------
generate demo_ecc_public.pem/demo_ecc_private.pem success
------ d6b0cebd74d64b57 took 17.039 milli-seconds to execute ------指定椭圆曲线且指定密码
❯ easy_encryption_tool ecc generate -c secp384r1 -p 1234567890
------ e852fd0a2d84d39f begin@2024-04-04_16:08:46.706 ------
private key password:1234567890
generate demo_ecc_public.pem/demo_ecc_private_cipher.pem success
------ e852fd0a2d84d39f took 16.710 milli-seconds to execute ------指定椭圆曲线且随机生成密码
❯ easy_encryption_tool ecc generate -c secp384r1 -r
------ 073bd5585937e6fd begin@2024-04-04_16:09:28.102 ------
private key password:)N)y&4dq=ODg`339uE`7*@A9Gl0eVs3Z
generate demo_ecc_public.pem/demo_ecc_private_cipher.pem success
------ 073bd5585937e6fd took 16.721 milli-seconds to execute ------ECDH密钥交换
支持的参数
❯ easy_encryption_tool ecc ecdh --help
Usage: main.py ecc ecdh [OPTIONS]
Options:
-a, --alice-pub-key TEXT 你自己的公钥文件的路径如: ./alice_public.pem [required]
-k, --alice-pri-key TEXT 你自己的私钥文件的路径如: ./alice_private.pem [required]
-p, --password TEXT 你自己的私钥的密码,如果创建时设置了密码,那么在使用私钥时需要输入正确的密码
-b, --bob-pub-key TEXT 对方的公钥文件的路径如: ./bob_public.pem [required]
-e, --encoding [pem|der] 密钥格式 [default: pem]
-l, --length INTEGER RANGE 派生密钥的长度,默认 32 字节,长度范围[16 -- 64] [default: 32;
16<=x<=64]
-s, --salt TEXT 用于增加派生密钥安全性的盐值,两边必须提供一样的盐值 [default:
hello,world1234567890!@#$%^&*()_+{}:";<>?/;
required]
-c, --context TEXT 用于增加派生密钥安全性的上下文信息,两边必须提供一样的上下文数据 [default: ecc
handshake context data; required]
--help Show this message and exit.生成 alice 与 bob 的密钥对
❯ easy_encryption_tool ecc generate -f alice -p 1234567890
------ f4815ee66aa727b2 begin@2024-04-04_16:11:03.966 ------
private key password:1234567890
generate alice_ecc_public.pem/alice_ecc_private_cipher.pem success
------ f4815ee66aa727b2 took 17.763 milli-seconds to execute ------
❯ easy_encryption_tool ecc generate -f bob -p 1234567890
------ 76e72cdd07cb5c32 begin@2024-04-04_16:11:26.201 ------
private key password:1234567890
generate bob_ecc_public.pem/bob_ecc_private_cipher.pem success
------ 76e72cdd07cb5c32 took 16.373 milli-seconds to execute ------alice派生和 bob 共享的对称密钥
❯ easy_encryption_tool ecc ecdh -a ./alice_ecc_public.pem -k ./alice_ecc_private_cipher.pem -p 1234567890 -b ./bob_ecc_public.pem -l 64 -s alice-bob -c key-alice-bob
------ 8235537a02e647d4 begin@2024-04-04_16:14:48.686 ------
curve name:secp256k1
derived key:u+UNGIzrPbLRVlTSixl8fgd3SgLuGeQrwSI4Irs1tpSVivmTxYLTOUm/o1pvqPLuOGVA8D3iLdUGLEE72Wo1QQ==
length:64
------ 8235537a02e647d4 took 18.166 milli-seconds to execute ------bob派生和alice共享的对称密钥
❯ easy_encryption_tool ecc ecdh -a ./bob_ecc_public.pem -k ./bob_ecc_private_cipher.pem -p 1234567890 -b ./alice_ecc_public.pem -l 64 -s alice-bob -c key-alice-bob
------ d50d7d254d02104c begin@2024-04-04_16:15:39.570 ------
curve name:secp256k1
derived key:u+UNGIzrPbLRVlTSixl8fgd3SgLuGeQrwSI4Irs1tpSVivmTxYLTOUm/o1pvqPLuOGVA8D3iLdUGLEE72Wo1QQ==
length:64
------ d50d7d254d02104c took 16.998 milli-seconds to execute ------签名与验签
支持的参数
# 签名
❯ easy_encryption_tool ecc sign --help
Usage: main.py ecc sign [OPTIONS]
Options:
-f, --private-key TEXT 私钥文件路径 [required]
-e, --encoding [pem|der] 密钥格式 [default: pem]
-h, --hash-mode [sha256|sha384|sha512|sha3-224|sha3-256|sha3-384|sha3-512]
签名时的哈希算法 [default: sha256]
-p, --password TEXT 私钥密码,如果生成时设置了密码那么在使用私钥时需要输入正确的密码
-i, --input-data TEXT 需要被签名的数据 [required]
-c, --b64-encoded 输入数据是否被 base64 编码过
--help Show this message and exit.
# 验签
❯ easy_encryption_tool ecc verify --help
Usage: main.py ecc verify [OPTIONS]
Options:
-f, --public-key TEXT 公钥文件路径 [required]
-e, --encoding [pem|der] 密钥格式 [default: pem]
-h, --hash-mode [sha256|sha384|sha512|sha3-224|sha3-256|sha3-384|sha3-512]
签名时的哈希算法 [default: sha256]
-i, --input-data TEXT 需要被签名的数据 [required]
-c, --b64-encoded 输入数据是否被 base64 编码过
-s, --signature TEXT base64 编码过的签名值
--help Show this message and exit.生成密钥对
❯ easy_encryption_tool ecc generate -c secp384r1 -p 1234567890 -e der
------ 3a40beeed28cffa4 begin@2024-04-04_16:17:49.172 ------
private key password:1234567890
generate demo_ecc_public.der/demo_ecc_private_cipher.der success
------ 3a40beeed28cffa4 took 16.821 milli-seconds to execute ------签名
❯ easy_encryption_tool ecc sign -f ./demo_ecc_private_cipher.der -e der -h sha3-512 -p 1234567890 -i aGVsbG8sd29ybGQK -c
------ dbc12fab8422ba0f begin@2024-04-04_16:18:57.578 ------
curve name:secp384r1
key size:384
signature:30640230243bba7exxxxxx
mode:ECDSA
------ dbc12fab8422ba0f took 17.265 milli-seconds to execute ------验签
❯ easy_encryption_tool ecc verify -f ./demo_ecc_public.der -e der -h sha3-512 -i aGVsbG8sd29ybGQK -c -s MGQCMCQ7un7AqV9670hoZzKCtwIXKFpmeuUs5eQ8avWzPorb2oa74qfZ+ZW5NNA46uViTAIwbEfa7QaeUbsSwnTBMhnBc+1LWcb3bKqwT1C0NZ8/JcD6TatMF8uIiIdn835MjPmT
------ d1c74d3acc46413b begin@2024-04-04_16:20:09.177 ------
curve name:secp384r1
verify success
key size:384
mode:ECDSA
------ d1c74d3acc46413b took 15.220 milli-seconds to execute ------证书解析与验证
解析证书并验证签名
❯ easy_encryption_tool cert-parse -f test_certs/baidu.com.cer
------ 27f6aa95a2461345 begin@2024-04-06_15:02:26.887 ------
------- verify signature: -------
verify cert signature success
ca issuer:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
------- basic info: -------
version: v3-2
serial_number: 26585094245224241434632730821
signature_algorithm: PKCS #1 RSA Encryption
signature_hash_algorithm: sha256
issuer: GlobalSign nv-sa|GlobalSign RSA OV SSL CA 2018|BE
valid_before: 20230706015106Z
valid_after: 20240806015105Z
subject: Beijing Baidu Netcom Science Technology Co., Ltd|CN|baidu.com
public_key_bits: 2048
public_key_type: 6(6:RSA|116:DSA|408:EC|28:DH)
------ 27f6aa95a2461345 took 83.634 milli-seconds to execute ------解析完整证书内容
❯ easy_encryption_tool cert-parse -f baidu.com.cer -v
------ 247b96f11927fe0f begin@2024-04-06_15:04:26.023 ------
------- verify signature: -------
verify cert signature success
ca issuer:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
------- basic info: -------
version: v3-2
serial_number: 26585094245224241434632730821
signature_algorithm: PKCS #1 RSA Encryption
signature_hash_algorithm: sha256
issuer: GlobalSign nv-sa|GlobalSign RSA OV SSL CA 2018|BE
valid_before: 20230706015106Z
valid_after: 20240806015105Z
subject: Beijing Baidu Netcom Science Technology Co., Ltd|CN|baidu.com
public_key_bits: 2048
public_key_type: 6(6:RSA|116:DSA|408:EC|28:DH)
------- verbose info: -------
public_key_exponent: ('10001',)
public_key_modules: ('BB04BB84765807B45A8854E06A56BCE5D48D3E1EB928E0D7018F382B41B2597DF0AC27B426241438FE4CEA3B4951F7E95B40F73FA6C8DA0F026E258B4791B82E9E0021191D1800FCDE04FD2679395DF290BC809DA87CB2918989D8402FE5D2A7F35E6D482BC51F0AB1E08E8C76FFBCD1670AD249D609EE260302F3CCCDEA8AD531A82D8F03FD5EFCE43AC68967994CCE986DFA840D0E538BE66352C59B4AA9ABA32235990DEE19FF9B2DF5A477F2EC1080F4AB82B9D17E361F0E9F9B19A0F5C357DD88BBCEE1909C3F4BBADD3AA941B3DD864DC2C2B7E8FF3713C0048943443811E6A396F70922212F2C4E0E7EE5D85CBB00445BAFDEE4B3B0F03CB63845495D',)
public_key_fingerprints: 43A4C24005AA3F8B7E7AAE35C6729A52025DACF5AAC86E4BF8D8B6633321A9D6
signature: 0X195A675043B1AC7A93A86818728B407EA675DEAC21FCC94116204BF38C0BB94745AEF85D79F64335260198F0B9863E2901F1DFB072B5AE78D2DF61B678678AC9779ADEE0E4412F9C1EE53B7C973F422FADE3497F9D2B0288906925030114B9B5CB0F593D2D973D02D55190690C811022DAC651EF480CD24FDE61F26A8715A56D718E3702A2850F1E1975A3802E6A1AA2028C2FECBD3D81033F8AC0A0E6B40E0857CB001C8AB71B8F38719A8DC0710C3FBCD4BE569DF718C1AABEE4DF1A86E2626F23863054782D471FB4AD052973249814A019C002FD90904E625CE84D3189C3E88B9E73593B9891CA47A5055BC51E8F85390ECEB5260A804E9F084A11491363
certificate_fingerprints: D8:AA:2D:80:6C:57:1F:B6:2E:D4:87:48:41:90:92:3F:93:24:F0:31:9C:FF:FE:DF:7B:62:1F:13:4E:6B:C1:00
extension_count: 10
extensions_detail: {
"x509.AuthorityInformationAccess": {
"oid": "1.3.6.1.5.5.7.1.1",
"critical": false,
"value": {
"caIssuers": "http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt",
"OCSP": "http://ocsp.globalsign.com/gsrsaovsslca2018"
}
},
"x509.BasicConstraints": {
"oid": "2.5.29.19",
"critical": false,
"value": "<BasicConstraints(ca=False, path_length=None)>"
},
"x509.KeyUsage": {
"oid": "2.5.29.15",
"critical": true,
"value": "<KeyUsage(digital_signature=True, content_commitment=False, key_encipherment=True, data_encipherment=False, key_agreement=False, key_cert_sign=False, crl_sign=False, encipher_only=False, decipher_only=False)>"
},
"x509.SubjectKeyIdentifier": {
"oid": "2.5.29.14",
"critical": false,
"value": "<SubjectKeyIdentifier(digest=b'\\xeds\\xab\\xf9 \\xbez\\x19\\x9fY\\x1f\\xb2\\x9f\\xf2?/?\\x91\\x84\\x12')>"
},
"x509.SubjectAlternativeName": {
"oid": "2.5.29.17",
"critical": false,
"value": "<SubjectAlternativeName(<GeneralNames([<DNSName(value='baidu.com')>, <DNSName(value='baifubao.com')>, <DNSName(value='www.baidu.cn')>, <DNSName(value='www.baidu.com.cn')>, <DNSName(value='mct.y.nuomi.com')>, <DNSName(value='apollo.auto')>, <DNSName(value='dwz.cn')>, <DNSName(value='*.baidu.com')>, <DNSName(value='*.baifubao.com')>, <DNSName(value='*.baidustatic.com')>, <DNSName(value='*.bdstatic.com')>, <DNSName(value='*.bdimg.com')>, <DNSName(value='*.hao123.com')>, <DNSName(value='*.nuomi.com')>, <DNSName(value='*.chuanke.com')>, <DNSName(value='*.trustgo.com')>, <DNSName(value='*.bce.baidu.com')>, <DNSName(value='*.eyun.baidu.com')>, <DNSName(value='*.map.baidu.com')>, <DNSName(value='*.mbd.baidu.com')>, <DNSName(value='*.fanyi.baidu.com')>, <DNSName(value='*.baidubce.com')>, <DNSName(value='*.mipcdn.com')>, <DNSName(value='*.news.baidu.com')>, <DNSName(value='*.baidupcs.com')>, <DNSName(value='*.aipage.com')>, <DNSName(value='*.aipage.cn')>, <DNSName(value='*.bcehost.com')>, <DNSName(value='*.safe.baidu.com')>, <DNSName(value='*.im.baidu.com')>, <DNSName(value='*.baiducontent.com')>, <DNSName(value='*.dlnel.com')>, <DNSName(value='*.dlnel.org')>, <DNSName(value='*.dueros.baidu.com')>, <DNSName(value='*.su.baidu.com')>, <DNSName(value='*.91.com')>, <DNSName(value='*.hao123.baidu.com')>, <DNSName(value='*.apollo.auto')>, <DNSName(value='*.xueshu.baidu.com')>, <DNSName(value='*.bj.baidubce.com')>, <DNSName(value='*.gz.baidubce.com')>, <DNSName(value='*.smartapps.cn')>, <DNSName(value='*.bdtjrcv.com')>, <DNSName(value='*.hao222.com')>, <DNSName(value='*.haokan.com')>, <DNSName(value='*.pae.baidu.com')>, <DNSName(value='*.vd.bdstatic.com')>, <DNSName(value='*.cloud.baidu.com')>, <DNSName(value='click.hm.baidu.com')>, <DNSName(value='log.hm.baidu.com')>, <DNSName(value='cm.pos.baidu.com')>, <DNSName(value='wn.pos.baidu.com')>, <DNSName(value='update.pan.baidu.com')>])>)>"
},
"x509.CRLDistributionPoints": {
"oid": "2.5.29.31",
"critical": false,
"value": "<CRLDistributionPoints([<DistributionPoint(full_name=[<UniformResourceIdentifier(value='http://crl.globalsign.com/gsrsaovsslca2018.crl')>], relative_name=None, reasons=None, crl_issuer=None)>])>"
},
"x509.ExtendedKeyUsage": {
"oid": "2.5.29.37",
"critical": false,
"value": "<ExtendedKeyUsage([<ObjectIdentifier(oid=1.3.6.1.5.5.7.3.1, name=serverAuth)>, <ObjectIdentifier(oid=1.3.6.1.5.5.7.3.2, name=clientAuth)>])>"
},
"x509.FreshestCRL": {
"ERROR": "x509.ExtensionNotFound",
"oid": "",
"value": {},
"critical": false
},
"x509.NameConstraints": {
"ERROR": "x509.ExtensionNotFound",
"oid": "",
"value": {},
"critical": false
},
"x509.PolicyConstraints": {
"ERROR": "x509.ExtensionNotFound",
"oid": "",
"value": {},
"critical": false
}
}
------ 247b96f11927fe0f took 76.036 milli-seconds to execute ------原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
评论
登录后参与评论
推荐阅读
目录
相关产品与服务
云加密机
云加密机(Cloud Hardware Security Module,CloudHSM)基于国密局认证的物理加密机(Hardware Security Module,HSM),利用虚拟化技术,提供弹性、高可用、高性能的数据加解密、密钥管理等云上数据安全服务;符合合规要求,满足金融、互联网等行业加密需求,保障您的业务数据隐私安全。
腾讯云开发者
