0

我正在开发一种使用十六进制 API 密钥将用户登录到远程托管工具的工具。出于安全考虑,我使用 Fernet 在本地加密密钥并将它们存储在文本文件中,这样用户就不必每次都输入它们。我们需要解密 API 密钥,以便用户可以登录。问题是我正在从文本文件中加载密钥,并且在将字符串数据传递回 Fernet 时出现以下错误:

ValueError: Fernet key must be 32 url-safe base64-encoded bytes.

知道我做错了什么吗?这是我的功能:

# This function generates the local key file
def key_gen(access_key, secret_key):
    from os import getcwd
    from cryptography.fernet import Fernet
    file_data = []
    key = Fernet.generate_key()
    encrypted_ak = encrypt_data(access_key, key)
    encrypted_sk = encrypt_data(secret_key, key)
    current_dir = getcwd()
    key_file = current_dir + "\\tenableauth.txt"
    file_data.append(key)
    file_data.append(encrypted_ak)
    file_data.append(encrypted_sk)
    with open(key_file, 'w') as authentication_file:
        for line in file_data:
            authentication_file.writelines(str(line) + "\n")
    return key_file

# This function reads the local key file, and is where I'm hitting problems. Lots of test code here.
def read_keys(file):
    file_lines = []
    with open(file, 'r') as authentication_file:
        for line in authentication_file:
            file_lines.append(line)
    encryption_key = file_lines[0]
    encryption_key = encryption_key.rstrip()
    print(encryption_key)
    print(repr(encryption_key))
    decrypted_ak = decrypt_data(file_lines[1], encryption_key)
    print(decrypted_ak)

def encrypt_data(data, key):
    from cryptography.fernet import Fernet
    data = data.encode()
    encrypted_string = Fernet(key).encrypt(data)
    return encrypted_string

def decrypt_data(data, key):
    from cryptography.fernet import Fernet
    decrypted_string = Fernet(key).decrypt(data)
    return decrypted_string
4

1 回答 1

0

像这样的错误意味着您正在混合和匹配str类型bytes object,一路上在类型之间错误地编码/解码

我更新了strbytes object类型之间的代码处理,如下所示

# This function generates the local key file
def key_gen(access_key, secret_key):
    from os import getcwd
    from cryptography.fernet import Fernet
    file_data = []
    key = Fernet.generate_key()
    encrypted_ak = encrypt_data(access_key, key)
    encrypted_sk = encrypt_data(secret_key, key)
    print(f"key {key}")
    print(f"encrypted_sk {encrypted_sk}")
    print(f"encrypted_ak {encrypted_ak}")
    key_file = "tenableauth.txt"
    file_data.append(key.decode('utf-8'))
    file_data.append(encrypted_ak.decode('utf-8'))
    file_data.append(encrypted_sk.decode('utf-8'))
    with open(key_file, 'w') as authentication_file:
        for line in file_data:
            authentication_file.write(line + '\n')
    return key_file

# This function reads the local key file, and is where I'm hitting problems. Lots of test code here.
def read_keys(file):
    file_lines = []
    with open(file, 'r') as authentication_file:
        for line in authentication_file:
            file_lines.append(line.encode('utf-8').rstrip())
    key = file_lines[0]
    encrypted_ak = file_lines[1]
    encrypted_sk = file_lines[2]
    print(f"key {key}")
    print(f"encrypted_sk {encrypted_sk}")
    print(f"encrypted_ak {encrypted_ak}")
    decrypted_ak = decrypt_data(encrypted_ak, key)
    print(decrypted_ak)

def encrypt_data(data, key):
    from cryptography.fernet import Fernet
    data = data.encode()
    encrypted_string = Fernet(key).encrypt(data)
    return encrypted_string

def decrypt_data(data, key):
    from cryptography.fernet import Fernet
    decrypted_string = Fernet(key).decrypt(data)
    return decrypted_string

使用我添加的打印语句,调用key_gen("yadayada", "hoho!!")打印

key b'BtP8iJwhWqfxX6i_HwSbRASh04w3V0Ypp-M2Ic23Xlc='
encrypted_sk b'gAAAAABf67lG1a_zotxaxeG3mR6sXIgQF6jtsS6Nt8FWP7EI2f73dtBLCwWBE9fTGvEHml_ivcKxSMUjMOgOWjGSOM0uTLSDCw=='
encrypted_ak b'gAAAAABf67lGphAR1gq65o_RB2cg-o5dCLICW7o8LceKAiTEP1N4nSqlqW9pSaLumxm6CeI4bwfirSZvPDPtUtlVMeCREttvTg=='

并反向调用read_keys('tenableauth.txt')打印

key b'BtP8iJwhWqfxX6i_HwSbRASh04w3V0Ypp-M2Ic23Xlc='
encrypted_sk b'gAAAAABf67lG1a_zotxaxeG3mR6sXIgQF6jtsS6Nt8FWP7EI2f73dtBLCwWBE9fTGvEHml_ivcKxSMUjMOgOWjGSOM0uTLSDCw=='
encrypted_ak b'gAAAAABf67lGphAR1gq65o_RB2cg-o5dCLICW7o8LceKAiTEP1N4nSqlqW9pSaLumxm6CeI4bwfirSZvPDPtUtlVMeCREttvTg=='
b'yadayada'

输出的最后一行b'yadayada'是传入的密钥。

于 2020-12-29T23:20:27.827 回答