如何在Python中使用客户端加密

Question

我正在尝试使用客户端加密对敏感数据进行加密，然后再将其移动到S3上的云存储中，然后将其移至redshift。 我尝试使用AWS提供的示例代码，经过仔细检查后，它得以运行而没有返回错误，但是，它没有做任何我可以告诉的事情，因为没有任何内容可以打印。

def cycle_string(key_arn, source_plaintext, botocore_session=None):
    """Encrypts and then decrypts a string using a KMS customer master key (CMK)

    :param str key_arn: [encryption key]
    (http://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html)
    :param bytes source_plaintext: 
    :param botocore_session: Existing botocore session
    :type botocore_session: botocore.session.Session
    """

    # Create a KMS master key provider
    kms_kwargs = dict(key_ids=[key_arn])
    if botocore_session is not None:
        kms_kwargs['botocore_session'] = botocore_session
    master_key_provider = 
    aws_encryption_sdk.KMSMasterKeyProvider(**kms_kwargs)

    # Encrypt the plaintext source data
    ciphertext, encryptor_header = aws_encryption_sdk.encrypt(
        source=source_plaintext,
        key_provider=master_key_provider
    )
    print('Ciphertext: ', ciphertext)

    # Decrypt the ciphertext
    cycled_plaintext, decrypted_header = aws_encryption_sdk.decrypt(
        source=ciphertext,
        key_provider=master_key_provider
    )

    # Verify that the "cycled" (encrypted, then decrypted) plaintext is identical to the source
    # plaintext
    assert cycled_plaintext == source_plaintext

    # Verify that the encryption context used in the decrypt operation includes all key pairs from
    # the encrypt operation. (The SDK can add pairs, so don't require an exact match.)
    #
    # In production, always use a meaningful encryption context. In this sample, we omit the
    # encryption context (no key pairs).
    assert all(
        pair in decrypted_header.encryption_context.items()
        for pair in encryptor_header.encryption_context.items()
    )

    print('Decrypted: ', cycled_plaintext)

我是Python和加密的新手，所以我可能缺少某些语法，或者只是缺少有关其工作原理的知识。 这是在Python中与AWS结合使用客户端加密的最佳方法吗？ 如果是这样，为什么此代码不返回任何内容？

更新：我使用一种稍有不同的方法使它工作

session = botocore.session.get_session()
client = session.create_client('kms', 
                               region_name = 'us-east-1', 
                               aws_access_key_id = '[YOUR ACCESS KEY]', 
                               aws_secret_access_key = '[YOUR SECRET ACCESSKEY]')

key_id = '[KEY ID]'
plaintext='[FILEPATH\FILENAME.CSV]'


ciphertext = kms.encrypt(KeyId=key_id, Plaintext=plaintext)
#decrypt_ciphertext = kms.decrypt(CiphertextBlob = ciphertext['CiphertextBlob'])
print('Ciphertext: ', ciphertext)
#print('Decrypted Ciphertext: ', decrypt_ciphertext)

现在可以打印了，但我不确定如何确定数据是否已加密

Answer 1

该函数不返回任何内容，因为它不包含任何返回调用。

该功能的目的是演示如何使用该库对纯文本进行加密，然后解密所得的密文消息，从而证明该循环产生了相同的纯文本。

如果您在实践中使用此功能，则在任何给定时间都将需要该周期的一半（即：加密或解密，但不能同时使用两者）。

Answer 2

您可以使用pycrypto ：

#!/usr/bin/env python
# -*- coding: UTF-8 -*-

import hashlib
import base64
from Crypto import Random
from Crypto.Cipher import AES


BS = 16
pad = lambda s: s + (BS - len(s) % BS) * chr(BS - len(s) % BS)
unpad = lambda s : s[0:-ord(s[-1])]


class AESCipher:

    def __init__( self, key ):
        self.key = hashlib.sha256(key.encode('utf-8')).digest()

    def encrypt( self, raw ):
        raw = pad(raw)
        iv = Random.new().read( AES.block_size )
        cipher = AES.new( self.key, AES.MODE_CBC, iv )
        return base64.b64encode( iv + cipher.encrypt( raw ) )

    def decrypt( self, enc ):
        enc = base64.b64decode(enc)
        iv = enc[:16]
        cipher = AES.new(self.key, AES.MODE_CBC, iv )
        return unpad(cipher.decrypt( enc[16:] ))


#password
password="mypassword"

#content
global_report="Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum."

#generate cipher
cipher = AESCipher(bytes(password))

#encrypt
encrypted = cipher.encrypt(bytes(global_report))

#show encrypted
print encrypted

#decrypt
decrypted = cipher.decrypt(encrypted)

#show decrypted
print decrypted

哪个返回：

E6bbNzM3AaWv0AAntzUYYEufaBa7X+6D5grl1yRYMdUQ/YPoSE525YXUsvxpGoXA8PcYPYDmTd8oPPH2tSU1/XeSTAti+n1JvzG7SwfTxAWzbl/4KcRWNNaFBzr0WJQt0zG8UJyWHXVhTJfteovTB+xa8Ugqmg+2y3XAe7EhsVOKzXlxXzWNfNnDLS74k8BsXrsw7Pt3NK9YQpubDFdNFrF58gE+ukoOAWpllV1Ia4W4I4B3m6dWuBlSgIEDaSZSZliUIQvMW/xuf9R5VuD09dVUnHPhv1977bYOyRuxCT2qDKTnxXiwC0pkj7cFRoKFs5qsrsbvJhjEu0m24Onb3FDrQ+PT4rIqh4YOkt+dSDt5n7yn5t5MsqqAppS2dLwH/m961wS1gs8KAX2U6+7JxwfU0fzqy6EQWMAbdUQZRFtNPurk8Kb0kaUmB9tYpZaNfZ4GlVSYpnZ3IgAaXshBp2ZBfW0SSZMO5dmR0fFC0n662Ynv60hUxmjsRJqHNfHav7kkxtoXi+JEVfUsYmT+y9Z7PJaBRa0E/MCzswP+F4vx0kR5DCo3M4oT/gVBTBwYpts7xy7B/1Hg/DwOJq7GbSu1SS0EK3OdRwXz+rtXgykHutA1E8Dk+nIGIs/E0LiQ47sZKx+QXdN8DVgtXukso8MfeesBhnrGMuW19LZyczs2NyJX3jkryupqrdcFcs38bQa9xifLl3hPHS88hS6n648ZUyEaU+Im5xnWaUDHSuHSwCoUuvYj34p/9vhyhvtsq38SXFsjqppreLYEk7cY/w==
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.