问题描述

我正在使用 python 2.7.1我想在 CTR 模式下使用 AES 加密某事.我为 python 安装了 PyCrypto 库.我写了以下代码:

I am using python 2.7.1 I want to encrypt sth using AES in CTR mode. I installed PyCrypto library for python. I wrote the following code:

secret = os.urandom(16)
crypto = AES.new(os.urandom(32), AES.MODE_CTR, counter=lambda: secret)
encrypted = crypto.encrypt("asdk")
print crypto.decrypt(encrypted)

我必须运行 crypto.decrypt 与我的明文字节大小一样多的次数，才能正确获取解密数据.即:

i have to run crypto.decrypt as many times as the byte size of my plaintext in order to get correctly the decrypted data. I.e:

encrypted = crypto.encrypt("test")
print crypto.decrypt(encrypted)
print crypto.decrypt(encrypted)
print crypto.decrypt(encrypted)
print crypto.decrypt(encrypted)

最后一次解密调用会将明文返回给我.解密的其他输出是一些乱码字符串.我想知道这是否正常?我是否必须每次都包含在一个大小等于我的明文的循环中，或者我弄错了什么?

The last call to decrypt will give me the plaintext back. The other outputs from decrypt are some gibberish strings . I am wondering if this is normal or not? Do i have to include into a loop with size equal of my plaintext every time or i have gotten sth wrong?

推荐答案

根据@gertvdijk 的说法，AES_CTR 是一种不需要需要填充的流密码.所以我删除了相关代码.

According to @gertvdijk, AES_CTR is a stream cipher which does not need padding. So I've deleted the related codes.

这是我知道的.

1. 在加密和解密时必须使用相同的密钥(AES.new(...) 中的第一个参数)，并保持密钥的私密性.

1. You have to use a same key(the first parameter in AES.new(...)) in encryption and decryption, and keep the key private.

加密/解密方法是有状态的，即crypto.en(de)crypt("abcd")==crypto.en(de)crypt("abcd") 不总是正确的.在您的 CTR 中，您的计数器回调始终返回相同的内容，因此在加密时它变得无状态(我不是 100% 肯定这是原因)，但我们仍然发现它在解密时有点有状态.作为结论，我们应该始终使用新对象来完成它们.

The encryption/decryption methods are stateful, that means crypto.en(de)crypt("abcd")==crypto.en(de)crypt("abcd") is not always true. In your CTR, your counter callback always returns a same thing, so it becomes stateless when encrypt (I am not 100% sure it is the reason), but we still find that it is somewhat stateful in decryption. As a conclusion, we should always use a new object to do them.

加密和解密中的 counter 回调 函数的行为应该相同.在你的情况下，它是让他们两个都返回相同的秘密.然而我不认为 secret 是一个秘密".您可以使用随机生成的 "secret" 并在没有任何加密的情况下将其传递给通信对等方，以便对方可以直接使用它，只要 secret 为 不可预测.

The counter callback function in both encryption and decryption should behave the same. In your case, it is to make both of them return the same secret. Yet I don't think the secret is a "secret". You can use a random generated "secret" and pass it across the communicating peers without any encryption so that the other side can directly use it, as long as the secret is not predictable.

所以我会这样写我的密码，希望它能提供一些帮助.

So I would write my cipher like this, hope it will offer some help.

import os
import hashlib
import Crypto.Cipher.AES as AES

class Cipher:

        @staticmethod
        def md5sum( raw ):
                m = hashlib.md5()
                m.update(raw)
                return m.hexdigest()

        BS = AES.block_size

        @staticmethod 
        def pad( s ):
                """note that the padding is no necessary"""
                """return s + (Cipher.BS - len(s) % Cipher.BS) * chr(Cipher.BS - len(s) % Cipher.BS)"""
                return s

        @staticmethod
        def unpad( s ):
                """return s[0:-ord(s[-1])]"""
                return s

        def __init__(self, key):
                self.key = Cipher.md5sum(key)
                #the state of the counter callback 
                self.cnter_cb_called = 0 
                self.secret = None

        def _reset_counter_callback_state( self, secret ):
                self.cnter_cb_called = 0
                self.secret = secret

        def _counter_callback( self ):
                """
                this function should be stateful
                """
                self.cnter_cb_called += 1
                return self.secret[self.cnter_cb_called % Cipher.BS] * Cipher.BS


        def encrypt(self, raw):
                secret = os.urandom( Cipher.BS ) #random choose a "secret" which is not secret
                self._reset_counter_callback_state( secret )
                cipher = AES.new( self.key, AES.MODE_CTR, counter = self._counter_callback )
                raw_padded = Cipher.pad( raw )
                enc_padded = cipher.encrypt( raw_padded )
                return secret+enc_padded #yes, it is not secret

        def decrypt(self, enc):
                secret = enc[:Cipher.BS]
                self._reset_counter_callback_state( secret )
                cipher = AES.new( self.key, AES.MODE_CTR, counter = self._counter_callback )
                enc_padded = enc[Cipher.BS:] #we didn't encrypt the secret, so don't decrypt it
                raw_padded = cipher.decrypt( enc_padded )
                return Cipher.unpad( raw_padded )

一些测试:

>>> from Cipher import Cipher
>>> x = Cipher("this is key")
>>> "a"==x.decrypt(x.encrypt("a"))
True
>>> "b"==x.decrypt(x.encrypt("b"))
True
>>> "c"==x.decrypt(x.encrypt("c"))
True
>>> x.encrypt("a")==x.encrypt("a")
False #though the input is same, the outputs are different

参考:http://packages.python.org/pycrypto/Crypto.Cipher.blockalgo-module.html#MODE_CTR

这篇关于CTR 中的 AES 如何用于 Python 和 PyCrypto?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！