用于aws的加密原语
murmuration的Python项目详细描述
杂音
用于AWS KMS的加密原语
AES+Galois计数器模式加密
frommurmurationimportgcmkey='this is my secret encryption key'plaintext='the quick brown fox jumps over the lazy dog'ciphertext=gcm.encrypt(plaintext,key,'header')decrypted=gcm.decrypt(ciphertext,key)assertdecrypted==plaintext
使用KMS加密(用于AWS)
您还可以将kms用作加密/解密服务。这是真的
产生KMS成本并要求设置KMS。region和profile参数
不必指定。如果未指定这些值,则
推断出in the order specified by boto3:
- Passing credentials as parameters in the
boto.client()method- Passing credentials as parameters when creating a
Sessionobject- Environment variables
- Shared credential file (
~/.aws/credentials)- AWS config file (
~/.aws/config)- Assume Role provider
- Boto2 config file (
/etc/boto.cfgand~/.boto)- Instance metadata service on an Amazon EC2 instance that has an IAM role configured.
frommurmurationimportkmsplaintext='the quick brown fox jumps over the lazy dog'key_alias='my kms key alias'ciphertext=kms.encrypt(plaintext,key_alias,region='us-west-1',profile='company')decrypted=kms.decrypt(ciphertext,region='us-west-1',profile='company')assertdecrypted==plaintext
使用KMS包装加密(用于AWS)
您还可以使用包装的KMS数据密钥进行加密,以保护底层
KMS键。使用此Does功能将产生KMS成本并需要KMS
设置。无需指定region和profile参数。
如果未指定这些值,则
推断出in the order specified by boto3:
- Passing credentials as parameters in the
boto.client()method- Passing credentials as parameters when creating a
Sessionobject- Environment variables
- Shared credential file (
~/.aws/credentials)- AWS config file (
~/.aws/config)- Assume Role provider
- Boto2 config file (
/etc/boto.cfgand~/.boto)- Instance metadata service on an Amazon EC2 instance that has an IAM role configured.
frommurmurationimportkms_wrappedplaintext='the quick brown fox jumps over the lazy dog'key_alias='my kms key alias'ciphertext=kms_wrapped.encrypt(plaintext,key_alias,region='us-west-1',profile='company')decrypted=kms_wrapped.decrypt(ciphertext,region='us-west-1',profile='company')assertdecrypted==plaintext
欢迎加入QQ群-->: 979659372
