加密SDK(Encryption SDK)是一個用戶端密碼庫,通過與Key Management Service(Key Management Service)結合使用,協助您快速實現資料的加解密、簽名驗簽功能。本文以Python3語言為例,為您介紹如何快速使用加密SDK進行資料加解密。
背景資訊
您可以訪問alibabacloud-encryption-sdk-python,查看程式碼範例。
說明
阿里雲帳號AccessKey擁有所有OpenAPI的存取權限,建議您使用RAM使用者進行API訪問或日常營運。強烈建議不要把AccessKey ID和AccessKey Secret儲存到工程代碼裡,否則可能導致AccessKey泄露,威脅您帳號下所有資源的安全。
本樣本以將AccessKey配置在環境變數ALIBABA_CLOUD_ACCESS_KEY_ID和ALIBABA_CLOUD_ACCESS_KEY_SECRET的方式來實現身分識別驗證為例。
更多認證資訊配置方式,請參見管理訪問憑據。
不同作業系統的環境變數配置方法不同,具體操作,請參見在Linux、macOS和Windows系統配置環境變數。
在本地安裝加密SDK
安裝加密SDK。
git clone https://github.com/aliyun/alibabacloud-encryption-sdk-python.git cd alibabacloud-encryption-sdk-python python setup.py install驗證加密SDK版本。
執行以下命令,進入Python語言環境。
python執行以下命令,驗證加密SDK版本。
import aliyun_encryption_sdk aliyun_encryption_sdk.__version__執行命令後,Python控制台顯示版本號碼
'0.1.1'。
對位元組數群組類型的資料進行加解密
# -*- coding: UTF-8 -*-
"""Example showing basic encryption and decryption."""
import base64
import os
from aliyun_encryption_sdk.cache.local import LocalDataKeyMaterialCache
from aliyun_encryption_sdk.ckm.cache import CachingCryptoKeyManager
from aliyun_encryption_sdk.client import AliyunCrypto
from aliyun_encryption_sdk.kms import AliyunConfig
from aliyun_encryption_sdk.provider.default import DefaultDataKeyProvider
def build_aliyun_crypto(cache=False):
config = AliyunConfig(ACCESS_KEY_ID, ACCESS_KEY_SECRET)
client = AliyunCrypto(config)
if cache:
client.crypto_key_manager = CachingCryptoKeyManager(LocalDataKeyMaterialCache(), 5)
return client
def encrypt_sample():
print("原文: " + PLAIN_TEXT)
provider = DefaultDataKeyProvider(AES_KEY_ARN)
client = build_aliyun_crypto(False)
cipher_text, enc_material = client.encrypt(provider, PLAIN_TEXT.encode("utf-8"), ENCRYPTION_CONTEXT)
cipher_text_str = base64.standard_b64encode(cipher_text).decode("utf-8")
print(u"加密密文: " + cipher_text_str)
return cipher_text_str
def decrypt_sample(cipher_text):
cipher_text_bytes = base64.standard_b64decode(cipher_text.encode("utf-8"))
provider = DefaultDataKeyProvider(AES_KEY_ARN)
client = build_aliyun_crypto(False)
plain_text, dec_material = client.decrypt(provider, cipher_text_bytes)
print(u"解密結果: " + bytes.decode(plain_text))
return plain_text
if __name__ == '__main__':
PLAIN_TEXT = "some plaintext"
ACCESS_KEY_ID = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")
ACCESS_KEY_SECRET = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")
AES_KEY_ARN = os.getenv("AES_KEY_ARN")
ENCRYPTION_CONTEXT = {
"this": "context",
"can help you": "to confirm",
"this data": "is your original data"
}
cipherText = encrypt_sample()
decrypt_sample(cipherText)對位元組流類型的資料進行加解密
# -*- coding: UTF-8 -*-
"""Example showing basic encryption and decryption."""
import os
from aliyun_encryption_sdk.cache.local import LocalDataKeyMaterialCache
from aliyun_encryption_sdk.ckm.cache import CachingCryptoKeyManager
from aliyun_encryption_sdk.client import AliyunCrypto
from aliyun_encryption_sdk.kms import AliyunConfig
from aliyun_encryption_sdk.provider.default import DefaultDataKeyProvider
def build_aliyun_crypto(cache=False):
config = AliyunConfig(ACCESS_KEY_ID, ACCESS_KEY_SECRET)
client = AliyunCrypto(config)
if cache:
client.crypto_key_manager = CachingCryptoKeyManager(LocalDataKeyMaterialCache(), 5)
return client
def file_stream_sample():
origin_file_path = r"some_file"
encrypted_file_path = r"enc_file"
decrypted_file_path = r"dec_file"
provider = DefaultDataKeyProvider(AES_KEY_ARN)
client = build_aliyun_crypto()
with open(origin_file_path, "rb") as f, open(encryped_file_path, "wb") as cipher_text:
encrypted_stream, _ = client.encrypt_stream(provider, f)
with encrypted_stream as stream:
for content in stream:
cipher_text.write(content)
with open(encryped_file_path, "rb") as f, open(decrypted_file_path, "wb") as plain_text:
decrypted_stream, _ = client.decrypt_stream(provider, f)
with decrypted_stream as stream:
for content in stream:
plain_text.write(content)
if __name__ == '__main__':
ACCESS_KEY_ID = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_ID")
ACCESS_KEY_SECRET = os.getenv("ALIBABA_CLOUD_ACCESS_KEY_SECRET")
AES_KEY_ARN = os.getenv("AES_KEY_ARN")
file_stream_sample()