擅长:python、mysql、java
<p>您正在生成一个单独用于加密和解密的新IV,这就产生了这样的问题。我建议您这样做:</p>
<pre><code>def encrypt(inpath, outpath, password):
iv = Random.new().read(AES.block_size)
with open(inpath, "rb") as f:
contents = f.read()
# A context manager automatically calls f.close()
key = pbkdf2.crypt(password, "")
# See notes
aes = AES.new(key, AES.Mode_CFB, iv)
encrypted = aes.encrypt(contents)
with open(outpath, "wb") as f:
f.write(iv + b":")
f.write(encrypted)
print("Encryption successful")
def decrypt(inpath, outpath, password):
with open(inpath, "rb") as f:
contents = f.read()
iv, encrypted = contents.split(b":")
key = pbkdf2.crypt(password, "")
aes = AES.new(key, AES.Mode_CFB, iv)
decrypted = aes.decrypt(contents)
with open(outpath, "wb") as f:
f.write(decrypted)
print("Decryption successful")
</code></pre>
<p>注意事项:</p>
<ul>
<li><p>一个IV并不意味着是秘密的,所以它可以随机生成一次,然后写入一个文件,以便以后用于解密(如本例所示)</p></li>
<li><p>哈希算法对于派生密钥来说不够强大,这就是为什么有称为密钥派生算法(如python中的PBKDF2)的特殊工具。用那些代替!</p></li>
</ul>
<p><em>我自己没有测试过这段代码,所以它可能无法正常工作。</em></p>