kms.tencentcloudapi.com
,具体参考各产品说明。pip install tencentcloud-sdk-python
# -*- coding: utf-8 -*-import base64from Crypto.Cipher import AESfrom tencentcloud.common import credentialfrom tencentcloud.common.exception.tencent_cloud_sdk_exception import TencentCloudSDKExceptionfrom tencentcloud.common.profile.client_profile import ClientProfilefrom tencentcloud.common.profile.http_profile import HttpProfilefrom tencentcloud.kms.v20190118 import kms_client, modelsdef KmsInit(region="ap-guangzhou", secretId="", secretKey=""):try:credProfile = credential.Credential(secretId, secretKey)client = kms_client.KmsClient(credProfile, region)return clientexcept TencentCloudSDKException as err:print(err)return Nonedef GenerateDatakey(client, keyId, keyspec='AES_128'):try:req = models.GenerateDataKeyRequest()req.KeyId = keyIdreq.KeySpec = keyspec# 调用生成数据密钥接口generatedatakeyResp = client.GenerateDataKey(req)# 明文密钥需要在内存中使用,密文密钥用于持久化存储print "DEK cipher=", generatedatakeyResp.CiphertextBlobreturn generatedatakeyRespexcept TencentCloudSDKException as err:print(err)def AddTo16(value):while len(value) % 16 != 0:value += '\\0'return str.encode(value)# 用户自定义逻辑,此处仅作为参考def LocalEncrypt(dataKey="", plaintext=""):aes = AES.new(base64.b64decode(dataKey), AES.MODE_ECB)encryptedData = aes.encrypt(AddTo16(plaintext))ciphertext = base64.b64encode(encryptedData)print "plaintext=", plaintext, ", cipher=", ciphertextif __name__ == '__main__':# 用户自定义参数secretId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"secretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"region = "ap-guangzhou"keyId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"keySpec = "AES_256"plaintext = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"client = KmsInit(region, secretId, secretKey)rsp = GenerateDatakey(client, keyId, keySpec)LocalEncrypt(rsp.Plaintext, plaintext)
# -*- coding: utf-8 -*-import base64from Crypto.Cipher import AESfrom tencentcloud.common import credentialfrom tencentcloud.common.exception.tencent_cloud_sdk_exception import TencentCloudSDKExceptionfrom tencentcloud.common.profile.client_profile import ClientProfilefrom tencentcloud.common.profile.http_profile import HttpProfilefrom tencentcloud.kms.v20190118 import kms_client, modelsdef KmsInit(region="ap-guangzhou", secretId="", secretKey=""):try:credProfile = credential.Credential(secretId, secretKey)client = kms_client.KmsClient(credProfile, region)return clientexcept TencentCloudSDKException as err:print(err)return Nonedef DecryptDataKey(client, ciphertextBlob):try:req = models.DecryptRequest()req.CiphertextBlob = ciphertextBlobrsp = client.Decrypt(req) #调用解密接口对 DEK 解密return rspexcept TencentCloudSDKException as err:print(err)# 用户自定义逻辑,此处仅作为参考def LocalDecrypt(dataKey="", ciphertext=""):aes = AES.new(base64.b64decode(dataKey), AES.MODE_ECB)decryptedData = aes.decrypt(base64.b64decode(ciphertext))plaintext = str(decryptedData)print "plaintext=", plaintext, ", cipher=", ciphertextif __name__ == '__main__':# 用户自定义参数secretId = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"secretKey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"region = "ap-guangzhou"dekCipherBlob="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"ciphertext="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"client = KmsInit(region, secretId, secretKey)rsp = DecryptDataKey(client, dekCipherBlob)LocalDecrypt(rsp.Plaintext, ciphertext)
本页内容是否解决了您的问题?