pycrypto - szyfrogram z niewłaściwej długości

Question

Mam wygenerowany klucz publiczny i prywatny z pycrypto, i zapisać je do pliku za pomocą przycisku na eksport:

from Crypto.PublicKey import RSA 
bits=2048 
new_key = RSA.generate(bits, e=65537) 

prv = open('keymac.pem','w') 
prv.write(new_key.exportKey('PEM')) 
prv.close() 
pub = open('pubmac.pem', 'w') 
pub.write(new_key.publickey().exportKey('PEM')) 
pub.close() 

używam klucza publicznego do zaszyfrowania pliku (po http://insiderattack.blogspot.com/2014/07/encrypted-file-transfer-utility-in.html#comment-form)

Po odczytaniu pliku w celu odszyfrowania otrzymuję komunikat "Ciphertext with incorrect length".

dodałem try-z wyjątkiem bloku wokół kodu deszyfrowania na przykład Deepal Jayasekara:

try: 
    encryptedonetimekey = filetodecrypt.read(512) 
    privatekey = open("keymac.pem", 'r').read() 
    rsaofprivatekey = RSA.importKey(privatekey) 
    pkcs1ofprivatekey = PKCS1_OAEP.new(rsaofprivatekey) 
    aesonetimekey = pkcs1ofprivatekey.decrypt(encryptedonetimekey) 

    except Exception as decrypprivkeyerr: 
     print "Decryption of the one time key using the private key  failed!!" 
     print "Key error == %s" %decrypprivkeyerr 
    raise Exception("Decryption using Private key failed error = %s" %decrypprivkeyerr) 

jestem brakuje czegoś? Czy powinienem zapisać klucz prywatny inaczej? Czy nie czytam poprawnie klucza prywatnego?

Answer 1

To nie odpowiada bezpośrednio na twoje pytanie, ale może dać ci wskazówki dotyczące problemu. Im przy użyciu dwóch funkcji do szyfrowania zawartości do pliku, a nie bezpośrednio szyfrowania pliku. Jeden do zaszyfrowania (w moim przypadku nazwa użytkownika i hasło) do pliku, a następnie do odszyfrowania tych danych do użycia w razie potrzeby.

Uwaga potrzeba padding

Creat zaszyfrowanej treści w pliku:

from Crypto.Cipher import AES 
import base64 
import os 
import argparse 

parser = argparse.ArgumentParser(description='Arguments used to generate new credentials file, Use: -u for username, -p for password') 
parser.add_argument('-u', help='Specify username', required=True) 
parser.add_argument('-p', help='Specify password', required=True) 
parser.add_argument('-b', help='Specify debug', required=False, action='store_true') 
args = vars(parser.parse_args()) 


def encrypt(username, password): 
    #Encrypt Credentials To '.creds' file, including 'secret' for username and password 
    dir_path = os.path.dirname(os.path.realpath(__file__)) 
    # the block size for the cipher object; must be 16 per FIPS-197 
    BLOCK_SIZE = 16 

    # the character used for padding--with a block cipher such as AES, the value 
    # you encrypt must be a multiple of BLOCK_SIZE in length. This character is 
    # used to ensure that your value is always a multiple of BLOCK_SIZE 
    PADDING = '{' 

    # one-liner to sufficiently pad the text to be encrypted 
    pad = lambda s: s + (BLOCK_SIZE - len(s) % BLOCK_SIZE) * PADDING 

    # generate a random secret key 
    user_secret = os.urandom(BLOCK_SIZE) 
    pass_secret = os.urandom(BLOCK_SIZE) 

    # one-liners to encrypt/encode and decrypt/decode a string 
    # encrypt with AES, encode with base64 

    EncodeAES = lambda c, s: base64.b64encode(c.encrypt(pad(s))) 
    # create a cipher object using the random secret 
    user_cipher = AES.new(user_secret) 
    pass_cipher = AES.new(pass_secret) 

    # encode a string 
    user_encoded = EncodeAES(user_cipher, username) 
    pass_encoded = EncodeAES(pass_cipher, password) 
    try: 
     with open('.creds', 'w') as filename: 
      filename.write(user_encoded + '\n') 
      filename.write(user_secret + '\n') 
      filename.write(pass_encoded + '\n') 
      filename.write(pass_secret + '\n') 
      filename.close() 
      print '\nFile Written To: ', dir_path + '/.creds' 
    except Exception, e: 
     print e 

    if args['b']: 
     print((user_encoded, user_secret), (pass_encoded, pass_secret)) 

username = args['u'] 
password = args['p'] 

encrypt(username, password) 

odszyfrowania danych

def decrypt(dir_path, filename): 
    #Read '.creds' file and return unencrypted credentials (user_decoded, pass_decoded) 

    lines = [line.rstrip('\n') for line in open(dir_path + filename)] 

    user_encoded = lines[0] 
    user_secret = lines[1] 
    pass_encoded = lines[2] 
    pass_secret = lines[3] 

    # the character used for padding--with a block cipher such as AES, the value 
    # you encrypt must be a multiple of BLOCK_SIZE in length. This character is 
    # used to ensure that your value is always a multiple of BLOCK_SIZE 
    PADDING = '{' 

    DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(PADDING) 

    # create a cipher object using the random secret 
    user_cipher = AES.new(user_secret) 
    pass_cipher = AES.new(pass_secret) 

    # decode the encoded string 
    user_decoded = DecodeAES(user_cipher, user_encoded) 
    pass_decoded = DecodeAES(pass_cipher, pass_encoded) 

    return (user_decoded, pass_decoded)