Python GCP DLP（数据丢失预防）获取“；解密失败：密文无效-400错误_Python_Security_Google Cloud Platform_Google Cloud Dlp

Python GCP DLP（数据丢失预防）获取“；解密失败：密文无效-400错误

python security google-cloud-platform

Python GCP DLP（数据丢失预防）获取“；解密失败：密文无效-400错误,python,security,google-cloud-platform,google-cloud-dlp,Python,Security,Google Cloud Platform,Google Cloud Dlp,我先创建了一个密钥环，然后创建了一个密钥。然后使用导入作业创建了一个打包的密钥。然后使用下面的代码对普通文本进行解密。但我得到了以下错误： .InvalidArgument:400在解包KmsWrappedCryptoKey“projects/xxxxxxxxxxx/location”时从云KMS收到以下错误消息 s/global/keyRings/demo keyring/cryptoKeys/demo_v1”：解密失败：密文无效代码如下： # Import the client libra

我先创建了一个密钥环，然后创建了一个密钥。然后使用导入作业创建了一个打包的密钥。然后使用下面的代码对普通文本进行解密。但我得到了以下错误：

.InvalidArgument:400在解包KmsWrappedCryptoKey“projects/xxxxxxxxxxx/location”时从云KMS收到以下错误消息 s/global/keyRings/demo keyring/cryptoKeys/demo_v1”：解密失败：密文无效

代码如下：

# Import the client library
import google.cloud.dlp

# Instantiate a client
dlp = google.cloud.dlp_v2.DlpServiceClient()
project = 'XXXXXX'
stringVal = 'My name is Sonal Singh and my email id is : sonalsingh@gmail.com'
alphabet='ALPHA_NUMERIC'
surrogate_type='EMAIL_ADDRESS'
wrapped_key=('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+gr'
'l+XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+'
'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX+/+'
'//xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=')

#key_name = ('projects/XXXXXXXXXXXXX/locations/global/keyRings/demo-keyring/cryptoKeys/demo_key')


parent = dlp.project_path(project)
# The wrapped key is base64-encoded, but the library expects a binary
# string, so decode it here.
import base64

wrapped_key = base64.b64decode(wrapped_key)

# Construct FPE configuration dictionary
crypto_replace_ffx_fpe_config = {
        "crypto_key": {
            "kms_wrapped": {
                "wrapped_key": wrapped_key,
                "crypto_key_name": key_name,
            }
        },
        "common_alphabet": alphabet,
}

# Add surrogate type
if surrogate_type:
        crypto_replace_ffx_fpe_config["surrogate_info_type"] = {
            "name": surrogate_type
        }

# Construct inspect configuration dictionary
inspect_config = {
        "info_types": [{"name": info_type} for info_type in ["FIRST_NAME", "LAST_NAME", "EMAIL_ADDRESS"]]
        }

# Construct deidentify configuration dictionary
deidentify_config = {
        "info_type_transformations": {
            "transformations": [
                {
                    "primitive_transformation": {
                        "crypto_replace_ffx_fpe_config": crypto_replace_ffx_fpe_config
                    }
                }
            ]
        }
    }

# Convert string to item
item = {"value": stringVal}

# Call the API
response = dlp.deidentify_content(
        parent,
        inspect_config=inspect_config,
        deidentify_config=deidentify_config,
        item=item
    )

# Print results
print(response.item.value)

我可以看到另一个具有相同问题的堆栈溢出帖子：但不确定这一步意味着什么：在您对Google Cloud DLP API的请求中使用此生成的值

如何在上面的代码中使用此值？

是的，我认为可以在这里帮助我们

我对python不是很精通，但我看到了一些我想指出的东西。我认为您正确地执行了另一篇StackOverflow文章中的步骤1和3，但是您缺少了使用Cloud KMS加密的步骤2（对您的案例进行解密）

您是否有机会浏览：

另外，请知道您已经在代码上发布了您的电子邮件，您可能希望对其进行编辑