全部产品
Search

搜索本产品

    Key Management Service:Contoh kode untuk penandatanganan dan verifikasi

    文档中心

    Key Management Service:Contoh kode untuk penandatanganan dan verifikasi

    更新时间:Jul 02, 2025

    Setelah menginisialisasi SDK client instance KMS, Anda dapat menggunakannya untuk memanggil API Sign dan Verify dalam proses penandatanganan dan verifikasi. Topik ini menyediakan contoh kode untuk keperluan tersebut.

    Contoh lengkap

    # -*- coding: utf-8 -*-
import os

from openapi.models import Config
from openapi_util.models import RuntimeOptions
from sdk.client import Client
from sdk.models import SignRequest, VerifyRequest

config = Config()
# Atur protokol koneksi ke "https". Layanan instance KMS hanya mengizinkan akses melalui protokol HTTPS.
config.protocol = "https"
# Client Key.
config.client_key_file = "<CLIENT_KEY_FILE>"
# Kata sandi dekripsi Client Key.
config.password = os.getenv('CLIENT_KEY_PASSWORD')
# Atur endpoint ke <KMS_INSTANCE_ID>.cryptoservice.kms.aliyuncs.com.
config.endpoint = "<ENDPOINT>"
client = Client(config)


class SignContext(object):
    """Konteks penandatanganan mungkin disimpan."""

    def __init__(self, key_id, message_type, signature, algorithm):
        self.key_id = key_id
        self.message_type = message_type
        self.signature = signature
        # Jika algoritma tidak diatur, nilai default akan digunakan.
        self.algorithm = algorithm


def sign(key_id, message, message_type, algorithm):
    request = SignRequest()
    request.key_id = key_id
    request.message = message
    request.message_type = message_type
    request.algorithm = algorithm
    runtime_options = RuntimeOptions()
    # Abaikan sertifikat server.
    # runtime_options.ignore_ssl = True
    # verify menunjukkan jalur sertifikat CA instance.
    runtime_options.verify = "<CA_CERTIFICATE_FILE_PATH>"
    resp = client.sign_with_options(request, runtime_options)
    print(resp)
    return SignContext(resp.key_id, resp.message_type, resp.signature, resp.algorithm)


def verify(context, message):
    request = VerifyRequest()
    request.key_id = context.key_id
    request.message_type = context.message_type
    request.signature = context.signature
    request.algorithm = context.algorithm
    request.message = message
    runtime_options = RuntimeOptions()
    # Abaikan sertifikat server.
    # runtime_options.ignore_ssl = True
    # verify menunjukkan jalur sertifikat CA instance.
    runtime_options.verify = "<CA_CERTIFICATE_FILE_PATH>"
    resp = client.verify_with_options(request, runtime_options)
    print(resp)


key_id = "<KEY_ID>"
algorithm = "<ALGORITHM>"
message = "<MESSAGE>".encode("utf-8")
# RAW menunjukkan data mentah. DIGEST menunjukkan ringkasan dari data mentah.
message_type = "RAW"
context = sign(key_id, message, message_type, algorithm)
verify(context, message)

    Penjelasan contoh

    Inisialisasi client

    # -*- coding: utf-8 -*-
from openapi.models import Config
from sdk.client import Client

config = Config()
# Protokol koneksi. Atur nilainya menjadi https. Layanan instance KMS hanya mengizinkan akses melalui protokol HTTPS.
config.protocol = "https"

# Client Key.
config.client_key_file = "<CLIENT_KEY_FILE>"

# Kata sandi dekripsi Client Key.
config.password = os.getenv('CLIENT_KEY_PASSWORD')

# Endpoint instance KMS Anda. Atur nilainya dalam format berikut: <ID instance KMS Anda>.cryptoservice.kms.aliyuncs.com.
config.endpoint = "<ENDPOINT>"
client = Client(config)

    Panggil API Sign untuk melakukan penandatanganan digital menggunakan kunci asimetris

    def sign(key_id, message, message_type, algorithm):
    request = SignRequest()
    request.key_id = key_id
    request.message = message
    request.message_type = message_type
    request.algorithm = algorithm
    runtime_options = RuntimeOptions()
    # Abaikan sertifikat server.
    # runtime_options.ignore_ssl = True
    # verify menunjukkan jalur sertifikat CA instance.
    runtime_options.verify = "<CA_CERTIFICATE_FILE_PATH>"
    resp = client.sign_with_options(request, runtime_options)
    print(resp)
    return SignContext(resp.key_id, resp.message_type, resp.signature, resp.algorithm)

    Panggil API Verify untuk memverifikasi tanda tangan digital menggunakan kunci asimetris

    def verify(context, message):
    request = VerifyRequest()
    request.key_id = context.key_id
    request.message_type = context.message_type
    request.signature = context.signature
    request.algorithm = context.algorithm
    request.message = message
    runtime_options = RuntimeOptions()
    # Abaikan sertifikat server.
    # runtime_options.ignore_ssl = True
    # verify menunjukkan jalur sertifikat CA instance.
    runtime_options.verify = "<CA_CERTIFICATE_FILE_PATH>"
    resp = client.verify_with_options(request, runtime_options)
    print(resp)