basic work

2026-01-21 01:36:18 -08:00
parent 7d7237d81d
commit 8045412d59
5 changed files with 85 additions and 0 deletions
--- a/core/sp_gateway_rsa.py
+++ b/core/sp_gateway_rsa.py
@@ -0,0 +1,85 @@
 from cryptography.hazmat.primitives.asymmetric import rsa, padding
 from cryptography.hazmat.primitives import serialization, hashes
 class SentinelSystemProvider:
    """系统级非对称加密提供者 (独立于用户)"""
    @staticmethod
    def generate_system_keys():
        """生成全新的系统公私钥对"""
        private_key = rsa.generate_private_key(
            public_exponent=65537,
            key_size=2048
        )
        public_key = private_key.public_key()
        # 序列化私钥 (用于保存到安全服务器)
        private_pem = private_key.private_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PrivateFormat.PKCS8,
            encryption_algorithm=serialization.NoEncryption()
        )
        # 序列化公钥 (用于下发或在线加密)
        public_pem = public_key.public_bytes(
            encoding=serialization.Encoding.PEM,
            format=serialization.PublicFormat.SubjectPublicKeyInfo
        )
        return private_pem, public_pem
    @staticmethod
    def encrypt_with_system_public(public_pem, data_bytes):
        """使用系统公钥进行二次加密"""
        public_key = serialization.load_pem_public_key(public_pem)
        ciphertext = public_key.encrypt(
            data_bytes,
            padding.OAEP(
                mgf=padding.MGF1(algorithm=hashes.SHA256()),
                algorithm=hashes.SHA256(),
                label=None
            )
        )
        return ciphertext
    @staticmethod
    def decrypt_with_system_private(private_pem, ciphertext):
        """使用系统私钥进行二次解密"""
        private_key = serialization.load_pem_private_key(private_pem, password=None)
        plaintext = private_key.decrypt(
            ciphertext,
            padding.OAEP(
                mgf=padding.MGF1(algorithm=hashes.SHA256()),
                algorithm=hashes.SHA256(),
                label=None
            )
        )
        return plaintext
 if __name__ == "__main__":
    # --- 演示流程 ---
    # 1. 初始化系统密钥 (这一步通常只在系统上线时执行一次)
    sys_provider = SentinelSystemProvider()
    private_pem, public_pem = sys_provider.generate_system_keys()
    print("【系统层】: 独立公私钥已生成。")
    print(f"  - 公钥 (PEM): {public_pem.decode('utf-8')[:50]}...")
    print(f"  - 私钥 (PEM): {private_pem.decode('utf-8')[:50]}...")
    # 2. 模拟用户已经加密过的数据 (这已经是用户那一层加密后的二进制数据)
    user_encrypted_data = b"User_Encrypted_Blob_v1.0_Data" 
    print(f"【输入数据】: {user_encrypted_data}")
    # 3. 系统二次加密 (外层锁)
    # 这一步发生在数据上传服务器时，或者存入信托池时
    double_locked_data = sys_provider.encrypt_with_system_public(public_pem, user_encrypted_data)
    print(f"【使用公钥加密完成 (密文)】: {double_locked_data.hex()[:50]}...")
    # 4. 系统二次解密 (判定传承触发后)
    # 只有在满足触发条件（如订阅失败）后，系统才调取私钥进行这第一层解密
    try:
        system_unlocked_data = sys_provider.decrypt_with_system_private(private_pem, double_locked_data)
        print(f"【使用私钥解密成功】: {system_unlocked_data}")
        print("【后续步骤】: 现在数据已回归用户初级加密态，可交给用户或者继承人进行最后解密。")
    except Exception as e:
        print(f"解密失败: {e}")
--- a/core/sp_trust_sharding.py
+++ b/core/sp_trust_sharding.py
--- a/core/sp_vault_aes.py
+++ b/core/sp_vault_aes.py
--- a/doc/protocol_whitepaper.md
+++ b/doc/protocol_whitepaper.md
--- a/main_demo.py
+++ b/main_demo.py