bk-crypto-python-sdk is a lightweight cryptography toolkit for Python applications based on Cryptodome / tongsuopy and other encryption libraries.
Project description
BlueKing crypto-python-sdk
Overview
️🔧 BlueKing crypto-python-sdk 是一个基于 pyCryptodome / tongsuopy 等加密库的轻量级密码学工具包,为 Python 应用统一的加解密实现, 便于项目在不同的加密方式之间进行无侵入切换
Features
- [Basic] 提供加密统一抽象层,对接 Cryptodome / tongsuopy 等加密库,提供统一的加解密实现
- [Basic] 支持国际主流密码学算法:AES、RSA
- [Basic] 支持中国商用密码学算法:SM2、SM4
- [Basic] 非对称加密支持 CBC、CTR、GCM、CFB 作为块密码模式
- [Contrib] Django Support,集成 Django settings、ModelField
Getting started
Installation
$ pip install bk-crypto-python-sdk
Usage
更多用法参考:使用文档
1. 基础用法
非对称加密
from bkcrypto import constants
from bkcrypto.asymmetric import options
from bkcrypto.asymmetric.ciphers import BaseAsymmetricCipher
from bkcrypto.contrib.basic.ciphers import get_asymmetric_cipher
asymmetric_cipher: BaseAsymmetricCipher = get_asymmetric_cipher(
cipher_type=constants.AsymmetricCipherType.SM2.value,
# 传入 None 将随机生成密钥,业务可以根据场景选择传入密钥或随机生成
cipher_options={
constants.AsymmetricCipherType.SM2.value: options.SM2AsymmetricOptions(
private_key_string=None
),
constants.AsymmetricCipherType.RSA.value: options.SM2AsymmetricOptions(
private_key_string=None
),
}
)
# 加解密
assert "123" == asymmetric_cipher.decrypt(asymmetric_cipher.encrypt("123"))
# 验签
assert asymmetric_cipher.verify(plaintext="123", signature=asymmetric_cipher.sign("123"))
对称加密
import os
from bkcrypto import constants
from bkcrypto.symmetric.ciphers import BaseSymmetricCipher
from bkcrypto.contrib.basic.ciphers import get_symmetric_cipher
symmetric_cipher: BaseSymmetricCipher = get_symmetric_cipher(
cipher_type=constants.SymmetricCipherType.SM4.value,
common={"key": os.urandom(16)},
)
assert "123" == symmetric_cipher.decrypt(symmetric_cipher.encrypt("123"))
2. 结合 Django 使用
在 Django Settings 中配置加密算法类型
from bkcrypto import constants
BKCRYPTO = {
# 声明项目所使用的非对称加密算法
"ASYMMETRIC_CIPHER_TYPE": constants.AsymmetricCipherType.SM2.value,
# 声明项目所使用的对称加密算法
"SYMMETRIC_CIPHER_TYPE": constants.SymmetricCipherType.SM4.value,
}
非对称加密
from bkcrypto.asymmetric.ciphers import BaseAsymmetricCipher
from bkcrypto.contrib.django.ciphers import get_asymmetric_cipher
asymmetric_cipher: BaseAsymmetricCipher = get_asymmetric_cipher()
# 加解密
assert "123" == asymmetric_cipher.decrypt(asymmetric_cipher.encrypt("123"))
# 验签
assert asymmetric_cipher.verify(plaintext="123", signature=asymmetric_cipher.sign("123"))
对称加密
from bkcrypto.symmetric.ciphers import BaseSymmetricCipher
from bkcrypto.contrib.django.ciphers import get_symmetric_cipher
symmetric_cipher: BaseSymmetricCipher = get_symmetric_cipher()
assert "123" == symmetric_cipher.decrypt(symmetric_cipher.encrypt("123"))
3. 使用 Django CipherManager
在 Django Settings 中配置加密算法类型
from bkcrypto import constants
from bkcrypto.symmetric.options import AESSymmetricOptions, SM4SymmetricOptions
from bkcrypto.asymmetric.options import RSAAsymmetricOptions, SM2AsymmetricOptions
BKCRYPTO = {
# 声明项目所使用的非对称加密算法
"ASYMMETRIC_CIPHER_TYPE": constants.AsymmetricCipherType.SM2.value,
# 声明项目所使用的对称加密算法
"SYMMETRIC_CIPHER_TYPE": constants.SymmetricCipherType.SM4.value,
"SYMMETRIC_CIPHERS": {
# default - 所配置的对称加密实例,根据项目需要可以配置多个
"default": {
# 可选,用于在 settings 没法直接获取 key 的情况
# "get_key_config": "apps.utils.encrypt.key.get_key_config",
# 可选,用于 ModelField,加密时携带该前缀入库,解密时分析该前缀并选择相应的解密算法
# ⚠️ 前缀和 cipher type 必须一一对应,且不能有前缀匹配关系
# "db_prefix_map": {
# SymmetricCipherType.AES.value: "aes_str:::",
# SymmetricCipherType.SM4.value: "sm4_str:::"
# },
# 公共参数配置,不同 cipher 初始化时共用这部分参数
"common": {"key": "your key"},
"cipher_options": {
constants.SymmetricCipherType.AES.value: AESSymmetricOptions(key_size=16),
# 蓝鲸推荐配置
constants.SymmetricCipherType.SM4.value: SM4SymmetricOptions(mode=constants.SymmetricMode.CTR)
}
},
},
"ASYMMETRIC_CIPHERS": {
# 配置同 SYMMETRIC_CIPHERS
"default": {
"common": {"public_key_string": "your key"},
"cipher_options": {
constants.AsymmetricCipherType.RSA.value: RSAAsymmetricOptions(
padding=constants.RSACipherPadding.PKCS1_v1_5
),
constants.AsymmetricCipherType.SM2.value: SM2AsymmetricOptions()
},
},
}
}
非对称加密
使用 asymmetric_cipher_manager 获取 BKCRYPTO.ASYMMETRIC_CIPHERS 配置的 cipher
from bkcrypto.asymmetric.ciphers import BaseAsymmetricCipher
from bkcrypto.contrib.django.ciphers import asymmetric_cipher_manager
asymmetric_cipher: BaseAsymmetricCipher = asymmetric_cipher_manager.cipher(using="default")
# 加解密
assert "123" == asymmetric_cipher.decrypt(asymmetric_cipher.encrypt("123"))
# 验签
assert asymmetric_cipher.verify(plaintext="123", signature=asymmetric_cipher.sign("123"))
对称加密
使用 symmetric_cipher_manager 获取 BKCRYPTO.SYMMETRIC_CIPHERS 配置的 cipher
from bkcrypto.symmetric.ciphers import BaseSymmetricCipher
from bkcrypto.contrib.django.ciphers import symmetric_cipher_manager
# using - 指定对称加密实例,默认使用 `default`
symmetric_cipher: BaseSymmetricCipher = symmetric_cipher_manager.cipher(using="default")
assert "123" == symmetric_cipher.decrypt(symmetric_cipher.encrypt("123"))
Django ModelField
from django.db import models
from bkcrypto.contrib.django.fields import SymmetricTextField
class IdentityData(models.Model):
password = SymmetricTextField("密码", blank=True, null=True)
Roadmap
Support
BlueKing Community
- BK-CMDB:蓝鲸配置平台(蓝鲸 CMDB)是一个面向资产及应用的企业级配置管理平台。
- BK-CI:蓝鲸持续集成平台是一个开源的持续集成和持续交付系统,可以轻松将你的研发流程呈现到你面前。
- BK-BCS:蓝鲸容器管理平台是以容器技术为基础,为微服务业务提供编排管理的基础服务平台。
- BK-PaaS:蓝鲸 PaaS 平台是一个开放式的开发平台,让开发者可以方便快捷地创建、开发、部署和管理 SaaS 应用。
- BK-SOPS:标准运维(SOPS)是通过可视化的图形界面进行任务流程编排和执行的系统,是蓝鲸体系中一款轻量级的调度编排类 SaaS 产品。
- BK-JOB 蓝鲸作业平台(Job)是一套运维脚本管理系统,具备海量任务并发处理能力。
Contributing
如果你有好的意见或建议,欢迎给我们提 Issues 或 Pull Requests,为蓝鲸开源社区贡献力量。
腾讯开源激励计划 鼓励开发者的参与和贡献,期待你的加入。
License
基于 MIT 协议, 详细请参考 LICENSE
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file bk_crypto_python_sdk-2.0.0.tar.gz.
File metadata
- Download URL: bk_crypto_python_sdk-2.0.0.tar.gz
- Upload date:
- Size: 20.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.11.3 Linux/5.15.0-1073-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6d76c27678950fa6713b51a42e81063ff3074c2ce5c30057e4f83f10903b9060 |
|
| MD5 | c7838eaa66c0bd87aae52c075f1267d1 |
|
| BLAKE2b-256 | 935caf298c01fec73b0446a85be88583dd64556f0cf08609a0432765e90cd991 |
File details
Details for the file bk_crypto_python_sdk-2.0.0-py3-none-any.whl.
File metadata
- Download URL: bk_crypto_python_sdk-2.0.0-py3-none-any.whl
- Upload date:
- Size: 44.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.8.2 CPython/3.11.3 Linux/5.15.0-1073-azure
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 7ae6b83b9ffc708bb8f756e245e69cbc59cca3cb6b942c75a0bf3a9c9cb0918d |
|
| MD5 | 35ba0b59c479bf9693d52687159c8074 |
|
| BLAKE2b-256 | cad02f7510cdf28d5ee58de0529cae516df4e0e78f1a52a83c80103fd74acde2 |
