![[2021-10-30] 信息安全实验11](http://www.mshxw.com/aiimages/31/357553.png "[2021-10-30] 信息安全实验11")
- 一、实现数字签名基本原理
- 二、调试运行演示区块链基本原理的示例项目
- 三、CTF题目实操
将教材61页所示的数字签字的一般过程通过python编程实现,首先需要生成并保存2对密钥(1对给Alice,1对给Bob),然后把整个数字签名过程通过python程序(或其它语言)实现(完成8个步骤)。明文信息M为“你的完整学号+姓名拼音”,例如“201601010101zhangsan”。Hash算法为SHA1,非对称加解密算法为RSA。程序界面不做要求,可以用DOS窗口界面。程序运行过程中提供提示(告知用户目前是执行什么操作),代码写好注释。将程序代码和运行截图粘贴在下方。
程序代码:
# coding:utf-8
# Hash算法为SHA1,非对称加解密算法为RSA
from Crypto import Random
from Crypto.PublicKey import RSA
from Crypto.Hash import SHA
import hashlib
import base64
from Crypto.Signature import pkcs1_15
from Crypto.Cipher import PKCS1_v1_5 as PKCS1_cipher
# 生成私钥
def createSecretKey(key):
A = key.exportKey().decode('utf-8')
return A
# 生成公钥
def createPublicKey(key):
A = key.publickey().exportKey().decode('utf-8')
return A
"""计算摘要值M1"""
def GetSignNums(M):
# hexdigest是十六进制数据字符串值
M1 = hashlib.sha1(M.encode("utf-8")).hexdigest()
return M1
"""使用私钥生成数字签名"""
def signature(M1,key):
key = RSA.importKey(key)
h = SHA.new(M1.encode('utf-8'))
signer = pkcs1_15.new(key).sign(h)
sign = base64.b64encode(signer).decode("utf-8")
return sign
"""使用公钥验证数字签名"""
def Verify(M,key,sign):
h = SHA.new(M.encode('utf-8'))
key = RSA.importKey(key)
try:
pkcs1_15.new(key).verify(h, base64.b64decode(sign))
return "验证成功"
except:
return "验证失败"
"""使用公钥加密"""
"""
单次加密串的长度最大为 (key_size/8)-11
1024bit的证书用100, 2048bit的证书用 200
"""
def encrypt(M1,key):
key = RSA.importKey(key)
ciper = PKCS1_cipher.new(key)
encrypt_text = []
for i in range(0, len(M1), 100):
cont = M1[i:i + 100]
encrypt_text.append(ciper.encrypt(cont.encode()))
cipher_text = b''.join(encrypt_text)
result = base64.b64encode(cipher_text)
res = result.decode()
# print(res)
return res
"""使用私钥解密"""
def decrypt(text,key):
msg = base64.b64decode(text)
key = RSA.importKey(key)
cipher = PKCS1_cipher.new(key)
text = []
for i in range(0, len(msg), 128):
cont = msg[i:i + 128]
text.append(cipher.decrypt(cont, 1))
text = b''.join(text)
stext = text.decode()
# print(stext)
return stext
def main():
random_generator = Random.new().read
"""明文信息M"""
M = '201801080128xiadaiting'
print("明文信息M为:", M)
M1 = GetSignNums(M)
print("摘要值M1为", M1)
print("生成A的密钥对")
key_a = RSA.generate(1024, random_generator)
key_ap = createPublicKey(key_a)
key_as = createSecretKey(key_a)
# print("A的公钥为:", key_ap)
# print("A的私钥为:", key_as)
print("生成B的密钥对")
key_b = RSA.generate(1024, random_generator)
key_bp = createPublicKey(key_b)
key_bs = createSecretKey(key_b)
# print("B的公钥为:", key_bp)
# print("B的私钥为:", key_bs)
S = signature(M, key_as)
print("使用A的私钥对摘要值进行签名得到签名文本S:", S)
SS = encrypt(S,key_bp)
print("使用B的公钥对签名文本进行加密得到加密文本SS:", SS)
S1 = decrypt(SS, key_bs)
print("使用B的私钥对加密文本SS解密还原得到文本S:", S1)
print("使用A的公钥对签名文本解密验证签名:", Verify(M, key_ap, S))
input("输入任意键结束")
if __name__ == '__main__':
main()
运行截图:
二、调试运行演示区块链基本原理的示例项目查阅文档“如何用 Python 快速开发一个区块链数据结构?”(其实,用Python实现区块链的小型示范项目有很多,你也可以调试运行其它项目,选一个即可,用其它语言实现也可以),调试程序。将程序代码和运行截图粘贴在下方。其它类似项目:
40多行python代码开发一个区块链。_慕课手记
https://www.imooc.com/article/details/id/29636
python从零开始实现区块链(区块链数据结构、挖矿、交易、分布性一致性解决方案源码)
http://www.pianshen.com/article/6973402760/
手把手叫你用Python创建区块链包括链流程,代码实现等
https://www.aboutyun.com/forum.php?mod=viewthread&tid=24001
用Python实现简单的区块链系统 - 简书
https://www.jianshu.com/p/03844ab5af12
程序代码:
import hashlib, json
block_genesis ={
'prev_hash': None,
'transactions': [1,3,4,2]
}
block_2 = {
'prev_hash': None,
'transactions': [3, 3, 8, 7, 12]
}
block_3 = {
'prev_hash': None,
'transactions': [3, 4, 4, 8, 34]
}
def hash_blocks(blocks):
prev_hash = None
for block in blocks:
block['prev_hash'] = prev_hash
block_serialized = json.dumps(block,sort_keys=True).encode('utf-8')
block_hash = hashlib.sha256(block_serialized).hexdigest()
prev_hash = block_hash
return prev_hash
print("Original hash")
print(hash_blocks([block_genesis,block_2,block_3]))
print("Tampering the data")
block_genesis['transactions'][0]=3
print("After being tampered")
print(hash_blocks([block_genesis,block_2,block_3]))
input("输入任意键结束")
运行截图:
三、CTF题目实操每位同学自选一个CTF题目,完成该题目的解题,并提交。
我的答案:
(1)题目网址:抄错的字符 - Bugku CTF(https://ctf.bugku.com/challenges/detail/id/186.html)
(2)题目文件或地址(文件过大则可以传网盘,粘贴地址):
字符:QWIHBLGZZXJSXZNVBZW
(3)完整解题过程(图文):
编程,将题中的字符串复制粘贴进代码中,字符串后一定要加上**=**,运行程序,得到flag的值
import base64
s = "QWIHBLGZZXJSXZNVBZW="
dic = {'I': '1', 'B': '6', 'S': '5', 'G': '9', 'Z': '2'}
res = ''
def check(s):
f = True
s = str(s)
for i in range(len(s)):
if ((s[i] in list('_+=')) or s[i].isdigit() or s[i].isalpha()):
continue
else:
f = False
break
return f
def strcon_decode(s, i):
global res
if (i == 4):
ss = ''.join(s)
sss = base64.b64decode(ss)
sss = str(sss)[2:-1]
if check(sss):
# print(ss+' decode: ' + sss)
ss = res + sss
res = ss
return True
else:
return False
else:
if s[i] in dic.keys():
ss = s[i]
s[i] = dic[s[i]]
f = strcon_decode(s, i + 1)
s[i] = ss
if f:
return True
s[i] = s[i].lower()
f = strcon_decode(s, i + 1)
s[i] = s[i].upper()
if f:
return f
return strcon_decode(s, i + 1)
for i in range((len(s) // 4)):
ss = s[i * 4:(i + 1) * 4]
# print(ss+' decode: ')
ss = list(ss)
strcon_decode(ss, 0)
print(res)
将flag填写到题目的输入框,一定要带上flag{}
提交正确,成功
(4)完整解题视频(文件过大则可以传网盘,粘贴地址):
链接:https://pan.baidu.com/s/1XBR2gk-rGN26rptShJQnBg
提取码:ncvg
CTF实验平台推荐:
-
攻防世界https://adworld.xctf.org.cn/
-
封神台演练平台https://hack.zkaq.cn/
-
CTFwiki(入门必看wiki): https://ctf-wiki.github.io/ctf-wiki/#/introduction
-
XCTF社区: https://time.xctf.org.cn
-
看雪学院CTF:https://ctf.pediy.com/
-
i春秋: https://www.ichunqiu.com/competition
-
CTFrank: https://ctfrank.org/
-
CTFtime(基本都是国外的): https://ctftime.org
-
实验吧: http://www.shiyanbar.com
-
XCTF 实训平台: http://oj.xctf.org.cn
-
安恒周周练:https://www.linkedbyx.com/home
-
XSS专练:https://xss.haozi.me/tools/xss-encode/
-
南京邮电大学CTF/网络攻防训练平台: http://ctf.nuptzj.cn/
-
BugkuCTF: https://ctf.bugku.com/
