加密SDK(Encryption SDK)是一個客戶端密碼庫,通過與密鑰管理服務KMS(Key Management Service)結合使用,幫助您快速實現數據的加解密、簽名驗簽功能。本文以Python3語言為例,為您介紹如何快速使用加密SDK進行數據加解密。
背景信息
您可以訪問alibabacloud-encryption-sdk-python,查看代碼示例。
說明
阿里云賬號AccessKey擁有所有OpenAPI的訪問權限,建議您使用RAM用戶進行API訪問或日常運維。強烈建議不要把AccessKey ID和AccessKey Secret保存到工程代碼里,否則可能導致AccessKey泄露,威脅您賬號下所有資源的安全。
本示例以將AccessKey配置在環境變量ALIBABA_CLOUD_ACCESS_KEY_ID和ALIBABA_CLOUD_ACCESS_KEY_SECRET的方式來實現身份驗證為例。
更多認證信息配置方式,請參見客戶端與憑證。
不同操作系統的環境變量配置方法不同,具體操作,請參見在Linux、macOS和Windows系統配置環境變量。
在本地安裝加密SDK
安裝加密SDK。
git clone https://github.com/aliyun/alibabacloud-encryption-sdk-python.git cd alibabacloud-encryption-sdk-python python setup.py install驗證加密SDK版本。
執行以下命令,進入Python語言環境。
python執行以下命令,驗證加密SDK版本。
import aliyun_encryption_sdk aliyun_encryption_sdk.__version__執行命令后,Python控制臺顯示版本號
'0.1.1'。
對字節數組類型的數據進行加解密
# -*- coding: UTF-8 -*-
"""Example showing basic encryption and decryption."""
import base64
import os
from aliyun_encryption_sdk.cache.local import LocalDataKeyMaterialCache
from aliyun_encryption_sdk.ckm.cache import CachingCryptoKeyManager
from aliyun_encryption_sdk.client import AliyunCrypto
from aliyun_encryption_sdk.kms import AliyunConfig
from aliyun_encryption_sdk.provider.default import DefaultDataKeyProvider
def build_aliyun_crypto(cache=False):
config = AliyunConfig(ACCESS_KEY_ID, ACCESS_KEY_SECRET)
client = AliyunCrypto(config)
if cache:
client.crypto_key_manager = CachingCryptoKeyManager(LocalDataKeyMaterialCache(), 5)
return client
def encrypt_sample():
print("原文: " + PLAIN_TEXT)
provider = DefaultDataKeyProvider(AES_KEY_ARN)
client = build_aliyun_crypto(False)
cipher_text, enc_material = client.encrypt(provider, PLAIN_TEXT.encode("utf-8"), ENCRYPTION_CONTEXT)
cipher_text_str = base64.standard_b64encode(cipher_text).decode("utf-8")
print(u"加密密文: " + cipher_text_str)
return cipher_text_str
def decrypt_sample(cipher_text):
cipher_text_bytes = base64.standard_b64decode(cipher_text.encode("utf-8"))
provider = DefaultDataKeyProvider(AES_KEY_ARN)
client = build_aliyun_crypto(False)
plain_text, dec_material = client.decrypt(provider, cipher_text_bytes)
print(u"解密結果: " + bytes.decode(plain_text))
return plain_text
if __name__ == '__main__':
PLAIN_TEXT = "some plaintext"
ACCESS_KEY_ID = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")
ACCESS_KEY_SECRET = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")
AES_KEY_ARN = os.getenv("AES_KEY_ARN")
ENCRYPTION_CONTEXT = {
"this": "context",
"can help you": "to confirm",
"this data": "is your original data"
}
cipherText = encrypt_sample()
decrypt_sample(cipherText)對字節流類型的數據進行加解密
# -*- coding: UTF-8 -*-
"""Example showing basic encryption and decryption."""
import os
from aliyun_encryption_sdk.cache.local import LocalDataKeyMaterialCache
from aliyun_encryption_sdk.ckm.cache import CachingCryptoKeyManager
from aliyun_encryption_sdk.client import AliyunCrypto
from aliyun_encryption_sdk.kms import AliyunConfig
from aliyun_encryption_sdk.provider.default import DefaultDataKeyProvider
def build_aliyun_crypto(cache=False):
config = AliyunConfig(ACCESS_KEY_ID, ACCESS_KEY_SECRET)
client = AliyunCrypto(config)
if cache:
client.crypto_key_manager = CachingCryptoKeyManager(LocalDataKeyMaterialCache(), 5)
return client
def file_stream_sample():
origin_file_path = r"some_file"
encrypted_file_path = r"enc_file"
decrypted_file_path = r"dec_file"
provider = DefaultDataKeyProvider(AES_KEY_ARN)
client = build_aliyun_crypto()
with open(origin_file_path, "rb") as f, open(encryped_file_path, "wb") as cipher_text:
encrypted_stream, _ = client.encrypt_stream(provider, f)
with encrypted_stream as stream:
for content in stream:
cipher_text.write(content)
with open(encryped_file_path, "rb") as f, open(decrypted_file_path, "wb") as plain_text:
decrypted_stream, _ = client.decrypt_stream(provider, f)
with decrypted_stream as stream:
for content in stream:
plain_text.write(content)
if __name__ == '__main__':
ACCESS_KEY_ID = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")
ACCESS_KEY_SECRET = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")
AES_KEY_ARN = os.getenv("AES_KEY_ARN")
file_stream_sample()文檔內容是否對您有幫助?