Simple use of its dangerous

Posted by very_new_user on Sat, 26 Oct 2019 19:02:28 +0200

Why use itsdangerous is to ensure that your encrypted data has not been modified, because the original data cannot be re solved after modification, and the content cannot be solved after timeout. Activate the application scenario and send an activated website to you. If you fail to activate within a certain period of time, the activation will timeout.

First of all, it introduces the installation in pycharm s.

Install command: pip install itsdangerous

Sometimes you want to send some data to an untrusted environment. How to ensure the security? The answer is to sign. Use a secret key (private key) that only you know to encrypt and sign your data, and send the encrypted data to others. When others retrieve the data, you can be sure that no one has changed the data.
He can decipher your content, but he can't modify the content of your package unless they also have your secret key, as long as you keep your private key.
By default, it uses HMAC, SHA1 and other encryption algorithms to sign its signature, which is based on Django signature module. It also supports JSON Web signing (JWS).
The application scenario can be used for that activation.
The example code is as follows:

#Import the module, and then create the object to set your private key and expiration time

from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
#Create a serialized object
#The first parameter is the private key. The second parameter is the validity period def init (self, secret key, expires in = none, * * kwargs): 3600 by default
#Note the private key can't be disclosed, or others will imitate your private key to encrypt and send information to others, which is very dangerous
serlizer = Serializer("Wu Yong come on",36000)
#Data is encrypted data.
data = serlizer.dumps({"openid":"123456"})

print(data)
data = data.decode('utf-8')
data = data+'d'
data = data.encode('utf-8')
print(serlizer.loads(data))
#It can be used to verify the URL. You can only click this URL, but you can't modify the data.

Over reporting error:

Code:
#Import the module, and then create the object to set your private key and expiration time

from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
#Create a serialized object
#The first parameter is the private key. The second parameter is the validity period def init (self, secret key, expires in = none, * * kwargs): 3600 by default
#Note the private key can't be disclosed, or others will imitate your private key to encrypt and send information to others, which is very dangerous
serlizer = Serializer("Wu Yong come on",1)
#Data is encrypted data.
data = serlizer.dumps({"openid":"123456"})

print(serlizer.loads(data))
#It can be used to verify the URL. You can only click this URL, but you can't modify the data.
serlizer = Serializer("Wu Yong come on",1)
import time
time.sleep(2)
print(serlizer.loads(data))



//Wrong information
Traceback (most recent call last):
  File "D:/ptest/smtp/dangerous.py", line 20, in <module>
    print(serlizer.loads(data))
  File "C:\Users\dell\AppData\Local\Programs\Python\Python36\lib\site-packages\itsdangerous\jws.py", line 205, in loads
    date_signed=self.get_issue_date(header),
itsdangerous.exc.SignatureExpired: Signature expired

Topics: Pycharm pip SHA1 Django