腾讯云国际站:如何通过密钥管理系统(KMS)加密数据?

阿里云腾讯云谷歌云亚马逊云服务器科普
112 阅读2分钟

创建密钥

登录 KMS 控制台,选择 “密钥管理” > “创建密钥”,设置密钥类型(对称加密或非对称加密),填写密钥描述等信息。

使用 API 或 SDK 加密数据

1. 使用API加密数据

  • 获取密钥ID:在KMS控制台找到创建的密钥,记录其密钥ID(KeyID)。
  • 调用Encrypt API:通过腾讯云API网关调用KMS的Encrypt API,传入待加密数据和KeyID等参数,API返回加密后的密文和相关信息。

示例代码(使用腾讯云SDK for Python)

Python

from tencentcloud.common import credential
from tencentcloud.common.profile.client_profile import ClientProfile
from tencentcloud.common.profile.http_profile import HttpProfile
from tencentcloud.kms.v20190118 import kms_client, models

# 配置账号信息
cred = credential.Credential("secret_id", "secret_key")
httpProfile = HttpProfile()
httpProfile.endpoint = "kms.tencentcloudapi.com"

clientProfile = ClientProfile()
clientProfile.httpProfile = httpProfile

# 初始化KMS客户端
client = kms_client.KmsClient(cred, "ap-guangzhou", clientProfile)

# 创建Encrypt请求
req = models.EncryptRequest()
params = {
    "KeyId": "key_id",
    "Plaintext": "data_to_encrypt",
    "EncryptionContext": {
        "key1": "value1",
        "key2": "value2"
    }
}
req.from_json_string(json.dumps(params))

# 调用Encrypt接口
resp = client.Encrypt(req)
print(resp.to_json_string())

2. 使用SDK加密数据

  • 安装SDK:根据开发语言,安装腾讯云SDK,如Python SDK可通过pip安装:pip install tencentcloud-sdk-python
  • 编写加密代码:使用SDK中KMS模块的加密方法,传入待加密数据和密钥ID,获取加密后的密文。

示例代码(使用腾讯云SDK for Python)

Python

from tencentcloud.common import credential
from tencentcloud.common.profile.client_profile import ClientProfile
from tencentcloud.common.profile.http_profile import HttpProfile
from tencentcloud.kms.v20190118 import kms_client, models
import json

# 配置账号信息和密钥ID
secret_id = "your_secret_id"
secret_key = "your_secret_key"
key_id = "your_key_id"
data_to_encrypt = "data_to_encrypt"

# 初始化SDK客户端
cred = credential.Credential(secret_id, secret_key)
http_profile = HttpProfile()
http_profile.endpoint = "kms.tencentcloudapi.com"
client_profile = ClientProfile()
client_profile.httpProfile = http_profile
client = kms_client.KmsClient(cred, "ap-guangzhou", client_profile)

# 调用Encrypt接口加密数据
req = models.EncryptRequest()
params = {
    "KeyId": key_id,
    "Plaintext": data_to_encrypt
}
req.from_json_string(json.dumps(params))
resp = client.Encrypt(req)
encrypted_data = resp.CiphertextBlob
print("Encrypted Data:", encrypted_data)

使用加密数据

在应用中使用加密后的密文进行密钥存储,如将其存入数据库。当需要解密时,调用KMS的Decrypt API或使用SDK的解密方法,传入密文和密钥ID,获取原始明文数据。

avatar
文章
阅读
粉丝