すべてのプロダクト
Search

このプロダクト

    Key Management Service:署名検証の例

    ドキュメントセンター

    Key Management Service:署名検証の例

    最終更新日:Jan 20, 2025

    KMSインスタンスSDKクライアントが初期化されると、これを使用して、デジタル署名および署名検証用にそれぞれSignおよびVerifyインターフェイスを呼び出すことができます。 このトピックでは、両方のプロセスのコードサンプルを示します。

    完全なコード例

    Signインターフェイスを呼び出して非対称キーでデジタル署名を実行し、Verifyインターフェイスを呼び出して非対称キーで署名検証を実行します。

    Python 2バージョンのソースコードGitHubアドレス: sign_verify_sample.py

    Python 3バージョンのソースコードGitHubアドレス: sign_verify_sample.py

    このトピックの例は、Python 3バージョンに基づいています。

    署名と署名検証の完全なコード例

    # -*- coding: utf-8 -*-
import os

from openapi.models import Config
from openapi_util.models import RuntimeOptions
from sdk.client import Client
from sdk.models import SignRequest, VerifyRequest

config = Config()
# Set the connection protocol to "https". The KMS instance service only allows access through the HTTPS protocol.
config.protocol = "https"
# Client Key.
config.client_key_file = "<CLIENT_KEY_FILE>"
# Client Key decryption password.
config.password = os.getenv('CLIENT_KEY_PASSWORD')
# Set the endpoint to <your KMS Instance Id>.cryptoservice.kms.aliyuncs.com.
config.endpoint = "<ENDPOINT>"
client = Client(config)


class SignContext(object):
    """The sign context may be stored."""

    def __init__(self, key_id, message_type, signature, algorithm):
        self.key_id = key_id
        self.message_type = message_type
        self.signature = signature
        # If the algorithm is not set, the default value will be used.
        self.algorithm = algorithm


def sign(key_id, message, message_type, algorithm):
    request = SignRequest()
    request.key_id = key_id
    request.message = message
    request.message_type = message_type
    request.algorithm = algorithm
    runtime_options = RuntimeOptions()
    # Ignore server certificate
    # runtime_options.ignore_ssl = True
    # verify indicates the path of the instance CA certificate
    runtime_options.verify = "<CA_CERTIFICATE_FILE_PATH>"
    resp = client.sign_with_options(request, runtime_options)
    print(resp)
    return SignContext(resp.key_id, resp.message_type, resp.signature, resp.algorithm)


def verify(context, message):
    request = VerifyRequest()
    request.key_id = context.key_id
    request.message_type = context.message_type
    request.signature = context.signature
    request.algorithm = context.algorithm
    request.message = message
    runtime_options = RuntimeOptions()
    # Ignore server certificate
    # runtime_options.ignore_ssl = True
    # verify indicates the path of the instance CA certificate
    runtime_options.verify = "<CA_CERTIFICATE_FILE_PATH>"
    resp = client.verify_with_options(request, runtime_options)
    print(resp)


key_id = "<KEY_ID>"
algorithm = "<ALGORITHM>"
message = "<MESSAGE>".encode("utf-8")
# RAW indicates raw data. DIGEST indicates the digest of the raw data.
message_type = "RAW"
context = sign(key_id, message, message_type, algorithm)
verify(context, message)

    コード例分析

    クライアントを初期化

    クライアントの初期化の詳細については、「クライアントの初期化」をご参照ください。

    # -*- coding: utf-8 -*-
from openapi.models import Config
from sdk.client import Client

config = Config()
# The connection protocol. Set the value to https. The KMS instance service only allows access through the HTTPS protocol.
config.protocol = "https"

# Client Key.
config.client_key_file = "<CLIENT_KEY_FILE>"

# Client Key decryption password.
config.password = os.getenv('CLIENT_KEY_PASSWORD')

# The endpoint of your KMS instance. Set the value in the following format: <ID of your KMS instance>.cryptoservice.kms.aliyuncs.com.
config.endpoint = "<ENDPOINT>"
client = Client(config)

    Signインターフェイスを呼び出して、非対称キーを使用してデジタル署名を実行します。

    def sign(key_id, message, message_type, algorithm):
    request = SignRequest()
    request.key_id = key_id
    request.message = message
    request.message_type = message_type
    request.algorithm = algorithm
    runtime_options = RuntimeOptions()
    # Ignore server certificate
    # runtime_options.ignore_ssl = True
    # verify indicates the path of the instance CA certificate
    runtime_options.verify = "<CA_CERTIFICATE_FILE_PATH>"
    resp = client.sign_with_options(request, runtime_options)
    print(resp)
    return SignContext(resp.key_id, resp.message_type, resp.signature, resp.algorithm)

    Verifyインターフェイスを呼び出して、非対称キーを使用してデジタル署名を検証します。

    def verify(context, message):
    request = VerifyRequest()
    request.key_id = context.key_id
    request.message_type = context.message_type
    request.signature = context.signature
    request.algorithm = context.algorithm
    request.message = message
    runtime_options = RuntimeOptions()
    # Ignore server certificate
    # runtime_options.ignore_ssl = True
    # verify indicates the path of the instance CA certificate
    runtime_options.verify = "<CA_CERTIFICATE_FILE_PATH>"
    resp = client.verify_with_options(request, runtime_options)
    print(resp)