python-3.x - 使用 Python3 OpenSSL 库解密 S/MIME
问题描述
我有以下问题。我需要创建一个 Python 程序,我可以在其中从主机下载任何邮件并使用给定的.pfx文件和密码对其进行解密。我正在尝试各种解决方案,但现在我被困在试图强制 OpenSSL.crypto 用给定的私钥和证书简单地破译任何东西。Google 上的文档和提供的解决方案也很少。有任何想法吗?
这是我的代码:
import pickle, email
file = open('cipher.pickle', 'rb')
msg_data = pickle.load(file)
file.close()
data = msg_data[0]
response = tuple(data)[1]
msg = email.message_from_bytes(response)
message = msg.get_payload()
# message = bytes(message, encoding='utf-8)
print(message)
#gives encrypted message: 'MIAGCSqGSIb3DQEHA6CAMIACA...14g/EwQIyhd0YOdnRR0AAAAAAAAAAAAA'
from OpenSSL import crypto
ssl_pass1 = "7F63CfcUauAf"
#generated certificate from https://extrassl.actalis.it/portal/uapub/freemail?lang=en for yahoo testmail
#together with password for this certificate
with open('testmail1_yahoo.pfx', 'rb') as f:
pfx_data = f.read()
pfx = crypto.load_pkcs12(pfx_data, bytes(ssl_pass1, encoding='utf-8'))
pem = crypto.dump_privatekey(crypto.FILETYPE_PEM, pfx.get_privatekey())
cert = crypto.dump_certificate(crypto.FILETYPE_PEM, pfx.get_certificate())
#private key and certificate extracted from pfx so far
解决方案
找到了。
from M2Crypto import BIO, Rand, SMIME, X509, EVP
from OpenSSL import crypto
def get_pfx(fname, password):
f = open(fname, 'rb')
pfx_data = f.read()
f.close()
pfx = crypto.load_pkcs12(pfx_data, bytes(password, encoding='utf-8'))
return pfx
def get_cert(pfx):
cert = pfx.get_certificate()
fx509 = crypto.dump_certificate(crypto.FILETYPE_PEM, cert)
x509 = X509.load_cert_string(fx509)
return x509
def get_pkey(pfx):
pkey = pfx.get_privatekey()
fkey = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey)
pkey = EVP.load_key_string(fkey)
return pkey
def encrypt(message, x509):
data = bytes(message, encoding='utf-8')
buf = BIO.MemoryBuffer(data)
sk = X509.X509_Stack()
sk.push(x509)
s = SMIME.SMIME()
s.set_x509_stack(sk)
s.set_cipher(SMIME.Cipher('aes_256_cbc'))
p7 = s.encrypt(buf)
return p7
def decrypt(p7, pkey, x509):
s = SMIME.SMIME()
s.pkey = pkey
s.x509 = x509
out = s.decrypt(p7)
return_message = str(out, encoding='utf-8')
return return_message
def decrypt_str(message, pkey, x509):
header='Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"\n\n'
full_message = bytes(header + message, encoding='utf-8')
b2 = BIO.MemoryBuffer(full_message)
p7 = SMIME.smime_load_pkcs7_bio(b2)[0]
out_message = decrypt(p7, pkey, x509)
return out_message
pfx = get_pfx('testmail1_yahoo.pfx', '7F63CfcUauAf')
pkey = get_pkey(pfx)
x509 = get_cert(pfx)
ciphered_message = '''
MIICLAYJKoZIhvcNAQcDoIICHTCCAhkCAQAxggG0MIIBsAIBADCBlzCBgjELMAkG
A1UEBhMCSVQxDzANBgNVBAgMBk1pbGFubzEPMA0GA1UEBwwGTWlsYW5vMSMwIQYD
VQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEsMCoGA1UEAwwjQWN0YWxp
cyBDbGllbnQgQXV0aGVudGljYXRpb24gQ0EgRzECEHJro0Uga08DJzs4igZ0Dk8w
DQYJKoZIhvcNAQEBBQAEggEARbBrrzChxi5e+ZX2tLNjdwJDj+GL5OFTX1/pHAAO
T3tWhZcX+xSmvGA6vEjMw9vaIYOaQJ6qdRMR6gC0OEUFeM/7LwfFezo4wsoKzykI
E96UUPg5bPZBAyprIljJOsTNkD4PjTT+VMKtWKh/V1x1nq58NGFn6fgNm4Rmcc2r
eNk1yEnZ1i4fMOVHnd3XwwTglilCOA7YB3BbOZ7AFNKdh6lW3jv9VrLismiU7AxF
LTF/lAcVCulynwKlxZNE3Zxvuig6KorMuQPmu3LBd1vOYzVMSC/3yYlFkVB7t0Bw
Yl0Ewf/lZB8l9qEdC0z9+ZgOb9aEQEAfsrcJDGN/ZfgRVTBcBgkqhkiG9w0BBwEw
HQYJYIZIAWUDBAEqBBDtwdanJzTnMlDtAZGw6d7TgDAyJUCfqV57Nfh1N1DRHQqj
RIbEO6ie8Cl3r53gHECJd5gTeQ0TmNI8+g9mcu01cmk=
'''
deciphered_message = decrypt_str(msg, pkey, x509)
print(deciphered_message)
推荐阅读
- design-patterns - 度量收集在哪一层被认为适合领域驱动设计?
- python - “No package 'coinhsl' found”:IPOPT 编译并通过测试,但 pyomo 找不到?
- c# - 绑定字典值 C#
- ios - iOS 通用链接 - NSUserActivity 为零
- c# - 为 HttpClient 使用 GetStringAsync 与 GetString 有什么缺点吗?
- git - 当特定用户选择旧提交时,Git 推送新分支
- c - 程序收到信号 SIGABRT,已中止。如何消除此错误?
- cobol - 如何在 COBOL 中打印星形图案?
- angular - 如何在 rxjs 中的订阅中重构订阅
- python - Python BeautifulSoup - 在 Div Select 选项中获取值