automas_admin/AUTO-MAS-test
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main'

Browse Source
This commit is contained in:
DLmaster
2025-01-01 11:54:55 +08:00
parent 37ced2e535
commit ee40fdb3c3
9 changed files with 243 additions and 345 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
app/services/security.py
View File

@@ -47,32 +47,27 @@ class CryptoHandler:
"""配置管理密钥"""
# 生成目录
os.makedirs(os.path.normpath(f"{self.config.app_path}/data/key"), exist_ok=True)
self.config.key_path.mkdir(parents=True, exist_ok=True)
# 生成RSA密钥对
key = RSA.generate(2048)
public_key_local = key.publickey()
private_key = key
# 保存RSA公钥
with open(
os.path.normpath(f"{self.config.app_path}/data/key/public_key.pem"), "wb"
) as f:
f.write(public_key_local.exportKey())
(self.config.app_path / "data/key/public_key.pem").write_bytes(
public_key_local.exportKey()
)
# 生成密钥转换与校验随机盐
PASSWORD_salt = secrets.token_hex(random.randint(32, 1024))
with open(
os.path.normpath(f"{self.config.app_path}/data/key/PASSWORDsalt.txt"),
"w",
(self.config.app_path / "data/key/PASSWORDsalt.txt").write_text(
PASSWORD_salt,
encoding="utf-8",
) as f:
print(PASSWORD_salt, file=f)
)
verify_salt = secrets.token_hex(random.randint(32, 1024))
with open(
os.path.normpath(f"{self.config.app_path}/data/key/verifysalt.txt"),
"w",
(self.config.app_path / "data/key/verifysalt.txt").write_text(
verify_salt,
encoding="utf-8",
) as f:
print(verify_salt, file=f)
)
# 将管理密钥转化为AES-256密钥
AES_password = hashlib.sha256(
(PASSWORD + PASSWORD_salt).encode("utf-8")
@@ -81,29 +76,23 @@ class CryptoHandler:
AES_password_verify = hashlib.sha256(
AES_password + verify_salt.encode("utf-8")
).digest()
with open(
os.path.normpath(
f"{self.config.app_path}/data/key/AES_password_verify.bin"
),
"wb",
) as f:
f.write(AES_password_verify)
(self.config.app_path / "data/key/AES_password_verify.bin").write_bytes(
AES_password_verify
)
# AES-256加密RSA私钥并保存密文
AES_key = AES.new(AES_password, AES.MODE_ECB)
private_key_local = AES_key.encrypt(pad(private_key.exportKey(), 32))
with open(
os.path.normpath(f"{self.config.app_path}/data/key/private_key.bin"), "wb"
) as f:
f.write(private_key_local)
(self.config.app_path / "data/key/private_key.bin").write_bytes(
private_key_local
)
def encryptx(self, note: str) -> bytes:
"""加密数据"""
# 读取RSA公钥
with open(
os.path.normpath(f"{self.config.app_path}/data/key/public_key.pem"), "rb"
) as f:
public_key_local = RSA.import_key(f.read())
public_key_local = RSA.import_key(
(self.config.app_path / "data/key/public_key.pem").read_bytes()
)
# 使用RSA公钥对数据进行加密
cipher = PKCS1_OAEP.new(public_key_local)
encrypted = cipher.encrypt(note.encode("utf-8"))
@@ -113,29 +102,24 @@ class CryptoHandler:
"""解密数据"""
# 读入RSA私钥密文、盐与校验哈希值
with open(
os.path.normpath(f"{self.config.app_path}/data/key/private_key.bin"), "rb"
) as f:
private_key_local = f.read().strip()
with open(
os.path.normpath(f"{self.config.app_path}/data/key/PASSWORDsalt.txt"),
"r",
encoding="utf-8",
) as f:
PASSWORD_salt = f.read().strip()
with open(
os.path.normpath(f"{self.config.app_path}/data/key/verifysalt.txt"),
"r",
encoding="utf-8",
) as f:
verify_salt = f.read().strip()
with open(
os.path.normpath(
f"{self.config.app_path}/data/key/AES_password_verify.bin"
),
"rb",
) as f:
AES_password_verify = f.read().strip()
private_key_local = (
(self.config.app_path / "data/key/private_key.bin").read_bytes().strip()
)
PASSWORD_salt = (
(self.config.app_path / "data/key/PASSWORDsalt.txt")
.read_text(encoding="utf-8")
.strip()
)
verify_salt = (
(self.config.app_path / "data/key/verifysalt.txt")
.read_text(encoding="utf-8")
.strip()
)
AES_password_verify = (
(self.config.app_path / "data/key/AES_password_verify.bin")
.read_bytes()
.strip()
)
# 将管理密钥转化为AES-256密钥并验证
AES_password = hashlib.sha256(
(PASSWORD + PASSWORD_salt).encode("utf-8")