如何確保Python中的安全加密？

使用對稱金鑰進行安全加密

Python 中安全加密的建議方法是使用加密庫中的 Fernet 配方。它採用 AES CBC 加密和 HMAC 進行完整性驗證，有效保護資料免遭篡改和未經授權的解密。

Fernet 加解密

<code class="python">from cryptography.fernet import Fernet

# Generate a secret key for encryption
key = Fernet.generate_key()

# Encode a message (plaintext)
encoded_message = Fernet(key).encrypt(b"John Doe")

# Decode the encrypted message (ciphertext)
decoded_message = Fernet(key).decrypt(encoded_message)

print(decoded_message.decode())  # Output: John Doe</code>

密碼衍生的Fernet 金鑰

雖然建議使用隨機產生的金鑰以確保安全，但如有必要，您也可以從密碼派生金鑰：

<code class="python">from cryptography.fernet import Fernet
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes

def derive_key(password):
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=secrets.token_bytes(16),
        iterations=100_000,
        backend=default_backend()
    )
    return b64e(kdf.derive(password.encode()))

# Generate a password using a key derivation function
key = derive_key(password)

# Encrypt and decrypt using the password-derived Fernet key
encoded_message = Fernet(key).encrypt(b"John Doe")
decoded_message = Fernet(key).decrypt(encoded_message)

print(decoded_message.decode())  # Output: John Doe</code>

隱藏資料

對於非敏感數據，請考慮使用base64編碼而不是加密：

<code class="python">from base64 import urlsafe_b64encode as b64e

# Encode data
encoded_data = b64e(b"Hello world!")

# Decode data
decoded_data = b64d(encoded_data)

print(decoded_data)  # Output: b'Hello world!'</code>

對資料進行簽名

使用HMAC 對資料進行簽署以確保完整性：

<code class="python">import hmac
import hashlib

# Sign data using a secret key
key = secrets.token_bytes(32)
signature = hmac.new(key, b"Data to sign", hashlib.sha256).digest()

# Verify the signature
def verify(data, signature, key):
    expected = hmac.new(key, data, hashlib.sha256).digest()
    return hmac.compare_digest(expected, signature)

# Verify the signature using the same key
print(verify(b"Data to sign", signature, key))  # Output: True</code>

其他：不安全方案的正確實作

AES CFB:

<code class="python">import secrets
from base64 import urlsafe_b64encode as b64e, urlsafe_b64decode as b64d

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend

backend = default_backend()

def aes_cfb_encrypt(message, key):
    algorithm = algorithms.AES(key)
    iv = secrets.token_bytes(algorithm.block_size // 8)
    cipher = Cipher(algorithm, modes.CFB(iv), backend=backend)
    encryptor = cipher.encryptor()
    return b64e(iv + encryptor.update(message) + encryptor.finalize())

def aes_cfb_decrypt(ciphertext, key):
    iv_ciphertext = b64d(ciphertext)
    algorithm = algorithms.AES(key)
    size = algorithm.block_size // 8
    iv, encrypted = iv_ciphertext[:size], iv_ciphertext[size:]
    cipher = Cipher(algorithm, modes.CFB(iv), backend=backend)
    decryptor = cipher.decryptor()
    return decryptor.update(encrypted) + decryptor.finalize()</code>

AES ECB:

<code class="python">from base64 import urlsafe_b64encode as b64e, urlsafe_b64decode as b64d

from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives import padding
from cryptography.hazmat.backends import default_backend

backend = default_backend()

def aes_ecb_encrypt(message, key):
    cipher = Cipher(algorithms.AES(key), modes.ECB(), backend=backend)
    encryptor = cipher.encryptor()
    padder = padding.PKCS7(cipher.algorithm.block_size).padder()
    padded_message = padder.update(message.encode()) + padder.finalize()
    return b64e(encryptor.update(padded_message) + encryptor.finalize())

def aes_ecb_decrypt(ciphertext, key):
    cipher = Cipher(algorithms.AES(key), modes.ECB(), backend=backend)
    decryptor = cipher.decryptor()
    unpadder = padding.PKCS7(cipher.algorithm.block_size).unpadder()
    padded_message = decryptor.update(b64d(ciphertext)) + decryptor.finalize()
    return unpadder.update(padded_message) + unpadder.finalize()</code>

注意： AES ECB 不是建議用於安全加密。

以上是如何確保Python中的安全加密？的詳細內容。更多資訊請關注PHP中文網其他相關文章！