开源路径:https://github.com/OpenKMIP

创建key并加解密

import ssl
from kmip.pie.client import ProxyKmipClient, enums
from kmip.pie import objectsclient = ProxyKmipClient(hostname='127.0.0.1',port=5696,cert='/home/nxy/PyKMIP/bin/client_cert.pem',key='/home/nxy/PyKMIP/bin/client_private_key.pem',ca='/home/nxy/PyKMIP/bin/server_ca_cert.pem',username='example_username',password='example_password',config='client',config_file='/etc/pykmip/pykmip.conf'
)with client:#创建密钥key_id = client.create(enums.CryptographicAlgorithm.AES,256,operation_policy_name='default',name='Test_256_AES_Symmetric_Key',cryptographic_usage_mask=[enums.CryptographicUsageMask.ENCRYPT,enums.CryptographicUsageMask.DECRYPT])print('key_id:',key_id)#activate激活key_idclient.activate(key_id)#加密cipher,_ = client.encrypt(b'mytestmessage',uid=key_id,cryptographic_parameters={'cryptographic_algorithm':enums.CryptographicAlgorithm.AES,'block_cipher_mode': enums.BlockCipherMode.CBC,'padding_method': enums.PaddingMethod.PKCS5},iv_counter_nonce=(b'\x85\x1e\x87\x64\x77\x6e\x67\x96'b'\xaa\xb7\x22\xdb\xb6\x44\xac\xe8'))print('cipher:',cipher,len(cipher))#解密plain = client.decrypt(data=cipher,uid=key_id,cryptographic_parameters={'cryptographic_algorithm':enums.CryptographicAlgorithm.AES,'block_cipher_mode': enums.BlockCipherMode.CBC,'padding_method': enums.PaddingMethod.PKCS5},iv_counter_nonce=(b'\x85\x1e\x87\x64\x77\x6e\x67\x96'b'\xaa\xb7\x22\xdb\xb6\x44\xac\xe8'))print('plain:',plain)

运行结果：