Django加密密钥完整性
问题描述:
我正在实现一个Django网站,其中上传的文件使用用户提供的密钥进行加密,然后将其保存在服务器(/ media)上。当用户希望查看它们时,会提示他们输入密钥,解密加密文件,然后显示它们。这里是我的加密/解密文件代码:Django加密密钥完整性
from Crypto import Random
from Crypto.Cipher import AES
from Crypto.Hash import SHA256
def encryption_pad(string):
pad = b"\0" * (AES.block_size - len(string) % AES.block_size)
padded_string = string + pad
return padded_string
def encrypt_file(key, file):
with open(file, 'rb') as out:
byte_output = out.read()
hash = SHA256.new()
hash.update(key)
byte_output = encryption_pad(byte_output)
initialization_vector = Random.new().read(AES.block_size)
cipher = AES.new(hash.digest(), AES.MODE_CBC, initialization_vector)
encrypted_output = initialization_vector + cipher.encrypt(byte_output)
with open(file + ".enc", 'wb') as out:
out.write(encrypted_output)
def decrypt_file(file, key):
with open(file, 'rb') as input:
ciphertext = input.read()
hash = SHA256.new()
hash.update(key)
initialization_vector = ciphertext[:AES.block_size]
cipher = AES.new(hash.digest(), AES.MODE_CBC, initialization_vector)
decrypted_output = cipher.decrypt(ciphertext[AES.block_size:])
decrypted_output = decrypted_output.rstrip(b"\0")
with open(file[:-4], 'wb') as output:
output.write(decrypted_output)
我是比较新的安全,所以我的问题是:对于此设置必须在服务器的内存中存在的时间有些长的钥匙,那么什么是正确的方法我的views.py函数将它们传递给这个模块,然后妥善处理它们?
感谢您的解释和参考,大的帮助 – Kdawg 2014-12-02 22:00:23