From 8045412d5914dc0be38a7caefed7c208dff25db8 Mon Sep 17 00:00:00 2001 From: godvmxi Date: Wed, 21 Jan 2026 01:36:18 -0800 Subject: [PATCH] basic work --- core/sp_gateway_rsa.py | 85 ++++++++++++++++++++++ key_engine.py => core/sp_trust_sharding.py | 0 slice_crypt.py => core/sp_vault_aes.py | 0 doc/protocol_whitepaper.md | 0 main_demo.py | 0 5 files changed, 85 insertions(+) create mode 100644 core/sp_gateway_rsa.py rename key_engine.py => core/sp_trust_sharding.py (100%) rename slice_crypt.py => core/sp_vault_aes.py (100%) create mode 100644 doc/protocol_whitepaper.md create mode 100644 main_demo.py diff --git a/core/sp_gateway_rsa.py b/core/sp_gateway_rsa.py new file mode 100644 index 0000000..40438c3 --- /dev/null +++ b/core/sp_gateway_rsa.py @@ -0,0 +1,85 @@ +from cryptography.hazmat.primitives.asymmetric import rsa, padding +from cryptography.hazmat.primitives import serialization, hashes + +class SentinelSystemProvider: + """系统级非对称加密提供者 (独立于用户)""" + + @staticmethod + def generate_system_keys(): + """生成全新的系统公私钥对""" + private_key = rsa.generate_private_key( + public_exponent=65537, + key_size=2048 + ) + public_key = private_key.public_key() + + # 序列化私钥 (用于保存到安全服务器) + private_pem = private_key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.PKCS8, + encryption_algorithm=serialization.NoEncryption() + ) + + # 序列化公钥 (用于下发或在线加密) + public_pem = public_key.public_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PublicFormat.SubjectPublicKeyInfo + ) + + return private_pem, public_pem + + @staticmethod + def encrypt_with_system_public(public_pem, data_bytes): + """使用系统公钥进行二次加密""" + public_key = serialization.load_pem_public_key(public_pem) + ciphertext = public_key.encrypt( + data_bytes, + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA256(), + label=None + ) + ) + return ciphertext + + @staticmethod + def decrypt_with_system_private(private_pem, ciphertext): + """使用系统私钥进行二次解密""" + private_key = serialization.load_pem_private_key(private_pem, password=None) + plaintext = private_key.decrypt( + ciphertext, + padding.OAEP( + mgf=padding.MGF1(algorithm=hashes.SHA256()), + algorithm=hashes.SHA256(), + label=None + ) + ) + return plaintext +if __name__ == "__main__": + # --- 演示流程 --- + + # 1. 初始化系统密钥 (这一步通常只在系统上线时执行一次) + sys_provider = SentinelSystemProvider() + private_pem, public_pem = sys_provider.generate_system_keys() + + print("【系统层】: 独立公私钥已生成。") + print(f" - 公钥 (PEM): {public_pem.decode('utf-8')[:50]}...") + print(f" - 私钥 (PEM): {private_pem.decode('utf-8')[:50]}...") + + # 2. 模拟用户已经加密过的数据 (这已经是用户那一层加密后的二进制数据) + user_encrypted_data = b"User_Encrypted_Blob_v1.0_Data" + print(f"【输入数据】: {user_encrypted_data}") + + # 3. 系统二次加密 (外层锁) + # 这一步发生在数据上传服务器时,或者存入信托池时 + double_locked_data = sys_provider.encrypt_with_system_public(public_pem, user_encrypted_data) + print(f"【使用公钥加密完成 (密文)】: {double_locked_data.hex()[:50]}...") + + # 4. 系统二次解密 (判定传承触发后) + # 只有在满足触发条件(如订阅失败)后,系统才调取私钥进行这第一层解密 + try: + system_unlocked_data = sys_provider.decrypt_with_system_private(private_pem, double_locked_data) + print(f"【使用私钥解密成功】: {system_unlocked_data}") + print("【后续步骤】: 现在数据已回归用户初级加密态,可交给用户或者继承人进行最后解密。") + except Exception as e: + print(f"解密失败: {e}") \ No newline at end of file diff --git a/key_engine.py b/core/sp_trust_sharding.py similarity index 100% rename from key_engine.py rename to core/sp_trust_sharding.py diff --git a/slice_crypt.py b/core/sp_vault_aes.py similarity index 100% rename from slice_crypt.py rename to core/sp_vault_aes.py diff --git a/doc/protocol_whitepaper.md b/doc/protocol_whitepaper.md new file mode 100644 index 0000000..e69de29 diff --git a/main_demo.py b/main_demo.py new file mode 100644 index 0000000..e69de29