我是Google Cloud kms产品的新手,有没有关于如何使用python(从第三方服务器)认证kms的教程?目的是访问公共密钥,对数据进行加密(async)。另一台服务器将具有更多权限,并且能够解密。我不想使用gcloud shell客户端。
答案 0 :(得分:1)
我使用json文件解决了它。如果将来有帮助,我会发布代码。
def encrypt_rsa(plaintext, key_name):
# get the public key
credentials = service_account.Credentials.from_service_account_file(
'the_key_file_of_service_account.json')
scoped_credentials = credentials.with_scopes(
['https://www.googleapis.com/auth/cloud-platform'])
client = kms_v1.KeyManagementServiceClient(credentials=credentials)
response = client.get_public_key(key_name)
key_txt = response.pem.encode('ascii')
public_key = serialization.load_pem_public_key(key_txt, default_backend())
# encrypt plaintext
pad = padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None)
plaintext = base64.urlsafe_b64encode(plaintext.encode("ascii"))
return public_key.encrypt(plaintext, pad)