pykmip测试

开源路径:https://github.com/OpenKMIP

创建key并加解密

import ssl
from kmip.pie.client import ProxyKmipClient, enums
from kmip.pie import objects

client = ProxyKmipClient(
    hostname='127.0.0.1',
    port=5696,
    cert='/home/nxy/PyKMIP/bin/client_cert.pem',
    key='/home/nxy/PyKMIP/bin/client_private_key.pem',
    ca='/home/nxy/PyKMIP/bin/server_ca_cert.pem',
    username='example_username',
    password='example_password',
    config='client',
    config_file='/etc/pykmip/pykmip.conf'
)


with client:
	#创建密钥
	
	key_id = client.create(
        enums.CryptographicAlgorithm.AES,
        256,
        operation_policy_name='default',
        name='Test_256_AES_Symmetric_Key',
        cryptographic_usage_mask=[
            enums.CryptographicUsageMask.ENCRYPT,
            enums.CryptographicUsageMask.DECRYPT
        ]
    )
	
	print('key_id:',key_id)
	
	#activate激活key_id
	client.activate(key_id)
	
	#加密
	cipher,_ = client.encrypt(
        b'mytestmessage',
        uid=key_id,
        cryptographic_parameters={
            'cryptographic_algorithm':
                enums.CryptographicAlgorithm.AES,
            'block_cipher_mode': enums.BlockCipherMode.CBC,
            'padding_method': enums.PaddingMethod.PKCS5
        },
        iv_counter_nonce=(
            b'\x85\x1e\x87\x64\x77\x6e\x67\x96'
            b'\xaa\xb7\x22\xdb\xb6\x44\xac\xe8'
        )
    )
	print('cipher:',cipher,len(cipher))
	
	#解密
	plain = client.decrypt(
        data=cipher,
        uid=key_id,
        cryptographic_parameters={
            'cryptographic_algorithm':
                enums.CryptographicAlgorithm.AES,
            'block_cipher_mode': enums.BlockCipherMode.CBC,
            'padding_method': enums.PaddingMethod.PKCS5
        },
        iv_counter_nonce=(
            b'\x85\x1e\x87\x64\x77\x6e\x67\x96'
            b'\xaa\xb7\x22\xdb\xb6\x44\xac\xe8'
        )
    )
	print('plain:',plain)

运行结果：