初始化KMS執行個體SDK用戶端後,您可以通過用戶端調用Encrypt和Decrypt介面對資料進行加密解密。本文介紹使用對稱金鑰密碼編譯解密的程式碼範例。
完整程式碼範例
整合KMS進行對稱式加密解密包含三個步驟:
源碼github地址:AesEncryptDecryptSample.cs
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
using System.Threading.Tasks;
using Tea;
using Tea.Utils;
namespace AlibabaCloud.Dkms.Gcs.Sdk.Example
{
public class AesEncryptDecryptSample
{
public static AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config CreateKmsInstanceConfig(string clientKeyFile, string password, string endpoint, string caFilePath)
{
AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config config = new AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config();
config.ClientKeyFile = clientKeyFile;
config.Password = password;
config.Endpoint = endpoint;
config.CaFilePath = caFilePath;
return config;
}
public static async Task<AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config> CreateKmsInstanceConfigAsync(string clientKeyFile, string password, string endpoint, string caFilePath)
{
AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config config = new AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config();
config.ClientKeyFile = clientKeyFile;
config.Password = password;
config.Endpoint = endpoint;
config.CaFilePath = caFilePath;
return config;
}
public static AlibabaCloud.Dkms.Gcs.Sdk.Client CreateClient(AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config kmsInstanceConfig)
{
return new AlibabaCloud.Dkms.Gcs.Sdk.Client(kmsInstanceConfig);
}
public static async Task<AlibabaCloud.Dkms.Gcs.Sdk.Client> CreateClientAsync(AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config kmsInstanceConfig)
{
return new AlibabaCloud.Dkms.Gcs.Sdk.Client(kmsInstanceConfig);
}
public static AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptResponse Encrypt(AlibabaCloud.Dkms.Gcs.Sdk.Client client, byte[] plaintext, string keyId, byte[] aad)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptRequest
{
Plaintext = plaintext,
KeyId = keyId,
Aad = aad,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return client.EncryptWithOptions(request,runtime);
return client.Encrypt(request);
}
public static async Task<AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptResponse> EncryptAsync(AlibabaCloud.Dkms.Gcs.Sdk.Client client, byte[] plaintext, string keyId, byte[] aad)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptRequest
{
Plaintext = plaintext,
KeyId = keyId,
Aad = aad,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return await client.EncryptWithOptionsAsync(request,runtime);
return await client.EncryptAsync(request);
}
public static AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptResponse Decrypt(AlibabaCloud.Dkms.Gcs.Sdk.Client client, string keyId, byte[] ciphertextBlob, byte[] aad, string algorithm, byte[] iv)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptRequest
{
KeyId = keyId,
CiphertextBlob = ciphertextBlob,
Algorithm = algorithm,
Aad = aad,
Iv = iv,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return client.DecryptWithOptions(request,runtime);
return client.Decrypt(request);
}
public static async Task<AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptResponse> DecryptAsync(AlibabaCloud.Dkms.Gcs.Sdk.Client client, string keyId, byte[] ciphertextBlob, byte[] aad, string algorithm, byte[] iv)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptRequest
{
KeyId = keyId,
CiphertextBlob = ciphertextBlob,
Algorithm = algorithm,
Aad = aad,
Iv = iv,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return await client.DecryptWithOptionsAsync(request,runtime);
return await client.DecryptAsync(request);
}
public static void Main(string[] args)
{
string regionId = "your-regionId";
string caFilePath = "your-caFilePath";
string endpoint = "your-endpoint";
AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config kmsInstanceConfig = CreateKmsInstanceConfig(AlibabaCloud.DarabonbaEnv.Client.GetEnv("ClientKeyFile"), AlibabaCloud.DarabonbaEnv.Client.GetEnv("Password"), endpoint, caFilePath);
AlibabaCloud.Dkms.Gcs.Sdk.Client client = CreateClient(kmsInstanceConfig);
//encrypt
byte[] plaintext = AlibabaCloud.DarabonbaEncodeUtil.Encoder.Base64Decode("your-plaintext-base64");
string keyId = "your-keyId";
byte[] aad = AlibabaCloud.DarabonbaEncodeUtil.Encoder.Base64Decode("your-aad-base64");
AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptResponse encryptRes = Encrypt(client, plaintext, keyId, aad);
//decrypt
AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptResponse decryptRes = Decrypt(client, encryptRes.KeyId, encryptRes.CiphertextBlob, aad, encryptRes.Algorithm, encryptRes.Iv);
string decryptResJson = AlibabaCloud.TeaUtil.Common.ToJSONString(AlibabaCloud.TeaUtil.Common.ToMap(decryptRes));
AlibabaCloud.TeaConsole.Client.Log("decryptRes:" + decryptResJson);
}
}
}程式碼範例解析
初始化用戶端
關於初始化用戶端的詳細介紹,請參見初始化用戶端。
using System;
string regionId = "your-regionId";
// KMS執行個體的CA認證
string caFilePath = "your-caFilePath";
// 設定endpoint為<your KMS Instance Id>.cryptoservice.kms.aliyuncs.com。
string endpoint = "your-endpoint";
// 設定Client Key以及Client Key口令。
AlibabaCloud.Dkms.Gcs.OpenApi.Models.Config kmsInstanceConfig = CreateKmsInstanceConfig(AlibabaCloud.DarabonbaEnv.Client.GetEnv("ClientKeyFile"), AlibabaCloud.DarabonbaEnv.Client.GetEnv("Password"), endpoint, caFilePath);
AlibabaCloud.Dkms.Gcs.Sdk.Client client = CreateClient(kmsInstanceConfig);調用Encrypt介面使用對稱金鑰對資料加密
public static AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptResponse Encrypt(AlibabaCloud.Dkms.Gcs.Sdk.Client client, byte[] plaintext, string keyId, byte[] aad)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.EncryptRequest
{
Plaintext = plaintext,
KeyId = keyId,
Aad = aad,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return client.EncryptWithOptions(request,runtime);
return client.Encrypt(request);
}調用Decrypt介面使用對稱金鑰解密密文
public static AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptResponse Decrypt(AlibabaCloud.Dkms.Gcs.Sdk.Client client, string keyId, byte[] ciphertextBlob, byte[] aad, string algorithm, byte[] iv)
{
AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptRequest request = new AlibabaCloud.Dkms.Gcs.Sdk.Models.DecryptRequest
{
KeyId = keyId,
CiphertextBlob = ciphertextBlob,
Algorithm = algorithm,
Aad = aad,
Iv = iv,
};
//忽略ca認證認證
//AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions runtime = new AlibabaCloud.Dkms.Gcs.OpenApiUtil.Models.RuntimeOptions();
//runtime.IgnoreSSL = true;
//return client.DecryptWithOptions(request,runtime);
return client.Decrypt(request);
}