即使令牌相同,加密令牌对象也会引发异常并且无法解密
问题描述:
代码概述:令牌是相同的,但是在加密和解密之间,加密对象存储在模块级字典中 - 仍然是加密令牌不会更改。即使令牌相同,加密令牌对象也会引发异常并且无法解密
为什么不能工作?我想在幕后有关于加密对象的事情使它变得独一无二,但我会假设它所需要的只是解密工作的正确密钥。
这里是最小的相关代码:
import sys
from cryptography.fernet import Fernet
import json
import os
key = Fernet.generate_key()
f = Fernet(key)
with open("storage.json", "a+") as file:
if os.stat("storage.json").st_size == 0:
file.write("{}")
file.seek(0)
storage = json.load(file)
def write(data):
with open("storage.json", "w") as file:
json.dump(data, file)
def encrypt(pw):
token = f.encrypt(bytes(pw, "utf-8"))
return token
def decrypt(token):
return f.decrypt(token)
if len(sys.argv) == 1:
to_encrypt = input("A key to encrypt: ")
storage[to_encrypt] = encrypt(to_encrypt).decode("utf-8")
print("encrypted:", storage[to_encrypt])
# print("storage:", storage)
try:
write(storage)
except Exception as e:
print("error:", e)
elif len(sys.argv) == 2:
to_decrypt = input("Key to decrypt: ")
# print(storage[to_d])
print("decrypted:", f.decrypt(bytes(storage[to_decrypt], "utf-8")))
要使其工作:不带参数运行程序 - 它会创建一个JSON文件,输入您的字符串,其加密到该文件,并退出。
然后,运行程序传递任何单个参数。尝试获取您之前输入的相同字符串。
应该发生这种回溯:
Traceback (most recent call last):
File "/Users/sjung/lib/python3.5/site-packages/cryptography/fernet.py", line 101, in decrypt
h.verify(data[-32:])
File "/Users/sjung/lib/python3.5/site-packages/cryptography/hazmat/primitives/hmac.py", line 69, in verify
ctx.verify(signature)
File "/Users/sjung/lib/python3.5/site-packages/cryptography/hazmat/backends/openssl/hmac.py", line 73, in verify
raise InvalidSignature("Signature did not match digest.")
cryptography.exceptions.InvalidSignature: Signature did not match digest.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "test_a.py", line 43, in <module>
print("decrypted:", f.decrypt(bytes(storage[to_decrypt], "utf-8")))
File "/Users/sjung/lib/python3.5/site-packages/cryptography/fernet.py", line 103, in decrypt
raise InvalidToken
cryptography.fernet.InvalidToken
编辑:注释掉elif
线试试,但不退出系统。 这确实能工作。
答
Fernet.generate_key()
生成的密钥在解密时也必须是相同的密钥。我的示例代码每次都创建一个新的密钥。
除了:深嵌套调用诸如'打印( “解密”,f.decrypt(字节(存储[to_decrypt], “UTF-8”)))'是难以调试,而是使用多个步骤和中间变量。然后在调试器中跟踪执行或为中间值添加打印语句。此外,错误消息中的行号将提供有关实际错误的更好的想法。 – zaph