python有证书的加密解密实现方法(3)

def geekso_encrypt_with_certificate(message, cert_loc):
    """
    cert证书加密，可以用私钥文件解密.
    Parameters:
        message = 要加密的串
        cert_loc = cert证书路径
    Return:
        加密串 or 异常串
    """
    cert = X509.load_cert(cert_loc)
    puk = cert.get_pubkey().get_rsa() # get RSA for encryption
    message = base64.b64encode(message)
    try:
        encrypted = puk.public_encrypt(message, RSA.pkcs1_padding)
    except RSA.RSAError as e:
        return "ERROR encrypting " + e.message
    return encrypted
encrypted = geekso_encrypt_with_certificate('www.jb51.net','jb51.net-cret.pem')
print '加密串',encrypted
def geekso_decrypt_with_private_key(message, pk_loc):
    """
    私钥解密证书生成的加密串
    Parameters:
        message = 加密的串
        pk_loc = 私钥路径
    Return:
        解密串 or 异常串
    """
    pk = RSA.load_key(pk_loc) # load RSA for decryption
    try:
        decrypted = pk.private_decrypt(message, RSA.pkcs1_padding)
        decrypted = base64.b64decode(decrypted)
    except RSA.RSAError as e:
        return "ERROR decrypting " + e.message
    return decrypted
print '解密串',geekso_decrypt_with_private_key(encrypted, 'jb51.net-private.pem')

def geekso_encrypt_with_private_key(message,pk_loc):
    """
    私钥加密
    Parameters:
        message = 加密的串
        pk_loc = 私钥路径
    Return:
        加密串 or 异常串
    """
    ReadRSA = RSA.load_key(pk_loc);
    message = base64.b64encode(message)
    try:
        encrypted = ReadRSA.private_encrypt(message,RSA.pkcs1_padding)
    except RSA.RSAError as e:
        return "ERROR encrypting " + e.message
    return encrypted
encrypted = geekso_encrypt_with_private_key('www.jb51.net', 'jb51.net-private.pem')
print encrypted
def geekso_decrypt_with_certificate(message, cert_loc):
    """
    cert证书解密.
    Parameters:
        message = 要解密的串
        cert_loc = cert证书路径
    Return:
        解密后的串 or 异常串
    """
    cert = X509.load_cert(cert_loc)
    puk = cert.get_pubkey().get_rsa()
    try:
        decrypting = puk.public_decrypt(message, RSA.pkcs1_padding)
        decrypting = base64.b64decode(decrypting)
    except RSA.RSAError as e:
        return "ERROR decrypting " + e.message
    return decrypting
decrypting = geekso_decrypt_with_certificate(encrypted, 'jb51.net-cret.pem')
print decrypting

def geekso_sign_with_private_key(message, pk_loc, base64 = True):
    """
    私钥签名
    Parameters:
        message = 待签名的串
        pk_loc = 私钥路径
        base64 = True(bease64处理) False(16进制处理)
    Return:
        签名后的串 or 异常串
    """
    pk = EVP.load_key(pk_loc)
    pk.sign_init()
    try:
        pk.sign_update(message)
        signature = pk.sign_final()
    except EVP.EVPError as e:
        return "ERROR signature " + e.message
    return signature.encode('base64') if base64 is True else signature.encode('hex')
signature = geekso_sign_with_private_key('www.jb51.net','jb51.net-private.pem')
print signature
def geekso_verifysign_with_certificate(message, signature, cert_loc, base64 = True):
    """
    证书验证签名
    Parameters:
        message = 原来签名的串
        signature = 签名后的串
        cert_loc = 证书路径文件
        base64 = True(bease64处理) False(16进制处理)
    Return:
        成功or失败串 or 异常串
    """
    signature = signature.decode('base64') if base64 is True else signature.decode('hex')
    cert = X509.load_cert(cert_loc)
    puk = cert.get_pubkey().get_rsa()
    try:
        verifyEVP = EVP.PKey()
        verifyEVP.assign_rsa(puk)
        verifyEVP.verify_init()
        verifyEVP.verify_update(message)
        verifysign = verifyEVP.verify_final(signature)
        if verifysign == 1 :
            return '成功'
        else :
            return '失败'
    except EVP.EVPError as e:
        return "ERROR Verify Sign " + e.message
   
print geekso_verifysign_with_certificate('www.jb51.net', signature, 'jb51.net-cret.pem')