我先创建了一个密钥环,然后创建了一个密钥。然后使用导入作业创建了一个打包的密钥。然后使用下面的代码对普通文本进行解密。但我得到了以下错误:
.InvalidArgument: 400 Received the following error message from Cloud KMS when unwrapping KmsWrappedCryptoKey "projects/XXXXXXXXXXXX/location s/global/keyRings/demo-keyring/cryptoKeys/demo_v1": Decryption failed: the ciphertext is invalid.
代码如下:
# Import the client library
import google.cloud.dlp
# Instantiate a client
dlp = google.cloud.dlp_v2.DlpServiceClient()
project = 'XXXXXX'
stringVal = 'My name is Sonal Singh and my email id is : sonalsingh@gmail.com'
alphabet='ALPHA_NUMERIC'
surrogate_type='EMAIL_ADDRESS'
wrapped_key=('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+gr'
'l+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+/+'
'//xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=')
#key_name = ('projects/XXXXXXXXXXXXX/locations/global/keyRings/demo-keyring/cryptoKeys/demo_key')
parent = dlp.project_path(project)
# The wrapped key is base64-encoded, but the library expects a binary
# string, so decode it here.
import base64
wrapped_key = base64.b64decode(wrapped_key)
# Construct FPE configuration dictionary
crypto_replace_ffx_fpe_config = {
"crypto_key": {
"kms_wrapped": {
"wrapped_key": wrapped_key,
"crypto_key_name": key_name,
}
},
"common_alphabet": alphabet,
}
# Add surrogate type
if surrogate_type:
crypto_replace_ffx_fpe_config["surrogate_info_type"] = {
"name": surrogate_type
}
# Construct inspect configuration dictionary
inspect_config = {
"info_types": [{"name": info_type} for info_type in ["FIRST_NAME", "LAST_NAME", "EMAIL_ADDRESS"]]
}
# Construct deidentify configuration dictionary
deidentify_config = {
"info_type_transformations": {
"transformations": [
{
"primitive_transformation": {
"crypto_replace_ffx_fpe_config": crypto_replace_ffx_fpe_config
}
}
]
}
}
# Convert string to item
item = {"value": stringVal}
# Call the API
response = dlp.deidentify_content(
parent,
inspect_config=inspect_config,
deidentify_config=deidentify_config,
item=item
)
# Print results
print(response.item.value)
我可以看到另一个具有相同问题的堆栈溢出帖子: GCP DLP(Data Loss prevention) getting "Decryption failed: the ciphertext is invalid." 但不确定这一步意味着什么: 在您对Google Cloud DLP API的请求中使用此生成的值
如何在上述代码中使用此值
是的,我认为other StackOverflow question you found可以在这里帮助我们
我对python不是很精通,但我看到了一些我想指出的东西。我认为您正在执行步骤1&;3从另一个StackOverflow post1正确,但是您缺少使用Cloud KMS进行加密的步骤2(对您的案例进行解密)
您是否有机会浏览:
https://cloud.google.com/kms/docs/reference/libraries#client-libraries-usage-pythonhttps://cloud.google.com/kms/docs/encrypt-decrypt#kms-howto-encrypt-python
另外,请知道您已经在代码上发布了您的电子邮件,您可能希望对其进行编辑
相关问题 更多 >
编程相关推荐