def generate_data_key(acs_client, key_id): request = GenerateDataKeyRequest.GenerateDataKeyRequest() request.set_accept_format('JSON') request.set_KeyId(key_id) response = GenerateDataKeyResponse( acs_client.do_action_with_exception(request)) return response.get_plaintext(), response.get_cipher_text_blob()
def envelope_encrypt(cmk_id, plainText): request = GenerateDataKeyRequest.GenerateDataKeyRequest() # Set parameters for CMK ID, JSON format, connection over TLS and key specification request.set_KeyId(cmk_id) request.set_KeySpec('AES_256') request.set_accept_format('json') request.set_protocol_type('https') # Set the encryption context as a parameter. This does not need to be secret. # e.g. i'm using the author, publication year and publisher to create the encryption context context = '{"author":"lewis carrol", "year":"1865", "publisher":"project gutenberg"}' request.set_EncryptionContext(context) # Call the Alibaba Cloud GenerateDataKey API # Response stored in mutable object which can later be zero'd response = [CLIENT.do_action_with_exception(request)] # Parse the Alibaba Cloud API's JSON response and get the plaintext version of the Data Key # The Data Key also requires base64 decoding data_key = b64decode(json.loads(response[0])['Plaintext']) # Instantiate an AES cipher object and perform encryption of plaintext data. Base64 encode the result cipher = AES.new(data_key, AES.MODE_CBC) cipherText = b64encode(cipher.iv + cipher.encrypt(pad(plainText, AES.block_size))) # Parse the Alibaba Cloud API's JSON response and get the encryted version of the Data Key encrypted_data_key = json.loads(response[0])['CiphertextBlob'] # Clear the response variable response[0] = 0 return [cipherText, encrypted_data_key, context]
def kms_generate_data_key(client, key_alias): request = GenerateDataKeyRequest.GenerateDataKeyRequest() request.set_accept_format('JSON') request.set_KeyId(key_alias) request.set_NumberOfBytes(32) response = json.loads(client.do_action_with_exception(request)) plaintext = response.get('Plaintext') cipher_text = response.get('CiphertextBlob') return plaintext, cipher_text
def __generate_data_key(self): req = GenerateDataKeyRequest.GenerateDataKeyRequest() req.set_accept_format(format_type.JSON) req.set_method(method_type.POST) req.set_KeyId(self.custom_master_key_id) req.set_KeySpec('AES_256') req.set_NumberOfBytes(32) req.set_EncryptionContext(self.context) if self.sts_token: req.set_STSToken(self.sts_token) resp = self.__do(req) return b64decode_from_string(resp['Plaintext']), resp['CiphertextBlob']
from Crypto import Random import base64 def aes256pad(s): return s + (32 - len(s) % 32) * chr(32 - len(s) % 32) if __name__ == '__main__': #AccessKey情報を定義 accesskeyid = "<Your AccessKeyId>" accesssecret = "<Your AccessKeySecret>" #Clientを初期化 clt = client.AcsClient(accesskeyid, accesssecret, "ap-northeast-1") #KMS OpenAPI GenerateDataKeyを呼び出す genrequest = GenerateDataKeyRequest.GenerateDataKeyRequest() #keiidはKMSコンソールで作成したCMKのID keyid = '<Your keyid> ' genrequest.set_KeyId(keyid) genrequest.set_KeySpec("AES_256") #json形式を指定する genrequest.set_accept_format("json") #KMSはHTTPSのRequestのみサポートする genrequest.set_protocol_type("https") genresp = clt.do_action_with_exception(genrequest) #KMSから平文キーと暗号キー入手するためのキーワードを取得する datakeydict = json.loads(genresp) #KMSからのキーワードを利用して、平文キーを入手する datakey = base64.b64decode(datakeydict["Plaintext"]) #KMSからのキーワードを利用して、暗号キーを入手する cipherdatakey = datakeydict["CiphertextBlob"]