如何通过Python3和ssl实现加密通信功能

LczPtr 2020-05-09

一、说明

1. python标准库ssl可实现加密通信

2. ssl库底层使用openssl,做了面向对像化改造和简化,但还是可以明显看出openssl的痕迹

3. 本文先给出python实现的socket通信,在此基础上再给出ssl通信以便读者更方便地看到socket和ssl在python编程中的区别

4. 说到ssl很多人都会想到https,但本质而言ssl是在传输层和应用层之间新插入的一个层,根据不同层无关原则ssl和https并没有任何绑定关系,ssl之上完全可以是其他任何应用层协议(比如pop/imap/telnet等等)

二、程序实现

2.1 socket通信实现

客户端代码:

import socket

class client_class:
 def send_hello(self):
  # 与服务端建立连接
  client_socket = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  client_socket.connect(('127.0.0.1',9999))

  # 向服务端发送消息
  msg = "do i connect with server ?".encode("utf-8")
  client_socket.send(msg)
  # 接收服务端返回的消息
  msg = client_socket.recv(1024).decode('utf-8')
  print(f"receive msg from server : {msg}")
  client_socket.close()

if __name__ == "__main__":
 client = client_class()
 client.send_hello()

服务端代码:

import socket

class server_class :
 def build_listen(self):
  # 监听端口
  server_socket = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  server_socket.bind(('127.0.0.1',9999))
  server_socket.listen(5)

  while True:
   # 接收客户端连接
   client_socket, addr = server_socket.accept()
   # 接收客户端信息
   msg = client_socket.recv(1024).decode("utf-8")
   print(f"receive msg from client {addr}:{msg}")
   # 向客户端发送信息
   msg = f"yes , you have client_socketect with server.\r\n".encode("utf-8")
   client_socket.send(msg)
   client_socket.close()

if __name__ == "__main__":
 server = server_class()
 server.build_listen()

2.2 ssl通信实现

客户端代码:

import socket
import ssl

class client_ssl:
 def send_hello(self,):
  # 生成SSL上下文
  context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
  # 加载信任根证书
  context.load_verify_locations('cert/ca.crt')

  # 与服务端建立socket连接
  with socket.create_connection(('127.0.0.1', 9443)) as sock:
   # 将socket打包成SSL socket
   # 一定要注意的是这里的server_hostname不是指服务端IP,而是指服务端证书中设置的CN,我这里正好设置成127.0.1而已
   with context.wrap_socket(sock, server_hostname='127.0.0.1') as ssock:
    # 向服务端发送信息
    msg = "do i connect with server ?".encode("utf-8")
    ssock.send(msg)
    # 接收服务端返回的信息
    msg = ssock.recv(1024).decode("utf-8")
    print(f"receive msg from server : {msg}")
    ssock.close()

if __name__ == "__main__":
 client = client_ssl()
 client.send_hello()

服务端代码:

import socket
import ssl

class server_ssl:
 def build_listen(self):
  # 生成SSL上下文
  context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
  # 加载服务器所用证书和私钥
  context.load_cert_chain('cert/server.crt', 'cert/server_rsa_private.pem.unsecure')

  # 监听端口
  with socket.socket(socket.AF_INET, socket.SOCK_STREAM, 0) as sock:
   sock.bind(('127.0.0.1', 9443))
   sock.listen(5)
   # 将socket打包成SSL socket
   with context.wrap_socket(sock, server_side=True) as ssock:
    while True:
     # 接收客户端连接
     client_socket, addr = ssock.accept()
     # 接收客户端信息
     msg = client_socket.recv(1024).decode("utf-8")
     print(f"receive msg from client {addr}:{msg}")
     # 向客户端发送信息
     msg = f"yes , you have client_socketect with server.\r\n".encode("utf-8")
     client_socket.send(msg)
     client_socket.close()

if __name__ == "__main__":
 server = server_ssl()
 server.build_listen()

三、运行结果

当前项目结构如图所示,证书生成可参考:openssl实现双向认证教程

如何通过Python3和ssl实现加密通信功能

3.1 socket通信运行结果

客户端:

如何通过Python3和ssl实现加密通信功能

服务端:

如何通过Python3和ssl实现加密通信功能

3.2 ssl通信运行结果

客户端:

如何通过Python3和ssl实现加密通信功能

服务端:

如何通过Python3和ssl实现加密通信功能

相关推荐