推荐的 Python 加密模块?

2022-01-10 00:00:00 python cryptography


我一直在探索 Python 可以使用哪些加密模块,我发现了 3 个:ezPyCrypt、yawPyCrypt 和 KeyCzar(它们实际上支持几种语言,但其中包括 Python).前两个依赖于 PyCrypto 模块.


我目前倾向于 KeyCzar,ezPyCrypt 紧随其后.


我正在使用 Python 3.x 并且可以访问 GPG.


如果你在一个包含 GnuPG 和 Python >= 2.4 的环境中,那么你也可以考虑一个工具,比如 python-gnupg.(免责声明:我是这个项目的维护者.)它将繁重的工作交给 gpg,并提供了一个相当简单的 API.

API 概览:

<上一页>>>> 导入 gnupg>>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')>>> gpg.list_keys()[{...'指纹': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2','keyid': '197D5DAC68F1AAB2',长度":1024",类型":酒吧",'uids': ['', 'Gary Gross (A test user)']},{...'指纹': '37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A','keyid': '0C5FEFA7A921FC4A',长度":1024",...'uids': ['', 'Danny Davis(测试用户)']}]>>> encrypted = gpg.encrypt("Hello, world!", ['0C5FEFA7A921FC4A'])>>> str(加密)'-----BEGIN PGP MESSAGE----- 版本:GnuPG v1.4.9 (GNU/Linux) hQIOA/6NHMDTXUwcEAf...-----结束 PGP 消息----- '>>> 解密 = gpg.decrypt(str(encrypted), passphrase='secret')>>> str(解密)'你好世界!'>>> signed = gpg.sign("再见,世界!", passphrase='secret')>>> 已验证 = 已验证 = gpg.verify(str(signed))>>> 如果已验证,则打印已验证",否则未验证"已验证"

I've been exploring what cryptographic modules are available to Python, and I've found 3: ezPyCrypt, yawPyCrypt and KeyCzar (which actually supports a few languages, but Python is included amongst them). The first two rely on the PyCrypto module.

Are there choices I am missing? Is there a clear front-runner for ease and features or does it simply come down to a manner of one's comfort level?

I'm currently leaning towards KeyCzar, with ezPyCrypt close behind.

I would be using the library for digital signature signing and verification, and potentially for key creation (although I won't cry if I have to make a call to something else for that functionality).

I am using Python 3.x and have access to GPG.


If you are in an environment which includes GnuPG and Python >= 2.4, then you could also consider a tool such as python-gnupg. (Disclaimer: I'm the maintainer of this project.) It leaves the heavy lifting to gpg and provides a fairly straightforward API.

Overview of API:

>>> import gnupg
>>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')
>>> gpg.list_keys()

  'fingerprint': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2',
  'keyid': '197D5DAC68F1AAB2',
  'length': '1024',
  'type': 'pub',
  'uids': ['', 'Gary Gross (A test user) ']},
  'fingerprint': '37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A',
  'keyid': '0C5FEFA7A921FC4A',
  'length': '1024',
  'uids': ['', 'Danny Davis (A test user) ']}]
>>> encrypted = gpg.encrypt("Hello, world!", ['0C5FEFA7A921FC4A'])
>>> str(encrypted)

Version: GnuPG v1.4.9 (GNU/Linux)

>>> decrypted = gpg.decrypt(str(encrypted), passphrase='secret')
>>> str(decrypted)
'Hello, world!'
>>> signed = gpg.sign("Goodbye, world!", passphrase='secret')
>>> verified = verified = gpg.verify(str(signed))
>>> print "Verified" if verified else "Not verified"

