Menu
I'm struggling to fully understand how encryption works and is coded, particularly with python. I'm just trying to get the basics down and create code in the simplest form.
I'm going to be passing a userID between two different sites, but obviously I need this to be encrypted with a private key so Website2 knows it came from Website1. This seems to be the code for me: http://docs.python.org/library/hashlib.html#module-hashlib, but it doesn't have very good examples (or maybe I'm in the wrong spot).
The problem I'm having is fully understanding how to encode and decode.
So lets say the shared private key which each website will know is:
shared_private_key = "ABCDEF"
And I want Website1 to pass to Website2 the userID of:
userID = "123456"
How would Website1 encrypt my userID with the private key in a fashion that the encryption can be sent via HTTP headers, and then have Website2 decrypt and be able to read the userID using the shared private key?
I apologize for asking such a basic question, but I'm failing to grasp how this should be done. Thanks.
470
SHA, ( Secure Hash Algorithms ) are set of cryptographic hash functions defined by the language to be used for various applications such as password security etc. Some variants of it are supported by Python in the “hashlib” library. These can be found using “algorithms_guaranteed” function of hashlib.
This module implements a common interface to many different secure hash and message digest algorithms. Included are the FIPS secure hash algorithms SHA1, SHA224, SHA256, SHA384, and SHA512 (defined in FIPS 180-2) as well as RSA's MD5 algorithm (defined in internet RFC 1321).
Using update() In the earlier examples we have created the hash object initialized with the encoded string or byte string. There is another way to append the byte string to the sha1 hash object using update() method. You can use the update() multiple times to append the byte string or any other byte date.
Python has a built-in library, hashlib , that is designed to provide a common interface to different secure hashing algorithms. The module provides constructor methods for each type of hash. For example, the . sha256() constructor is used to create a SHA256 hash.
The hashlib module provides hashing functions. While there is some relation to encryption, once you hash some data you can not go back to get the original data from the hash result.
Instead of encripting the data you can take a different approach: creating a unique signature using a hash of the data and some secret.
shared_private_key = "ABCDEF"
def create_signature(data):
return hashlib.sha1(repr(data) + "," + shared_private_key).hexdigest()
def verify_signature(data, signature):
return signature == create_signature(data)
Finally, you send to the Website 2 the data plus the signature. That way you can be (mostly) sure that no unauthorized person tampered the data.
122
What you want is an encryption library not one that just provides hash algorithms. With python's hashlib library:
import hashlib
m = hashlib.sha1()
m.update("The quick brown fox jumps over the lazy dog")
print(m.hexdigest())
Returns: 2fd4e1c67a2d28fced849ee1bb76e7391b93eb12
Given this hash, it is extremely difficult impossible(in general) to recover the original message. What you want is a encryption library, which the Python standard library doesn't have. There are plenty of questions related to python cryptography libraries on SO that might be helpful.
28
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
