yop-mcp

Instructions

Implementation Reference

• yop_mcp/main.py:198-213 (handler)

  The MCP tool handler for 'yeepay_yop_gen_key_pair', decorated with @mcp.tool(). It defines the input schema via type hints and docstring, registers the tool, and delegates to the gen_key_pair helper function.
  @mcp.tool() def yeepay_yop_gen_key_pair( algorithm: str = "RSA", key_format: str = "pkcs8", storage_type: str = "file" ) -> Dict[str, Any]: """ 根据密钥算法生成非对称加密的密钥对（公钥和私钥），并保存到本地路径 参数: algorithm: 密钥算法，可选值为 "RSA" 或 "SM2"，默认为 "RSA" key_format: 密钥格式，可选值为 "pkcs8"或"pkcs1"，默认为 "pkcs8" storage_type: 密钥存储类型，"file"或"string"，默认为 "file" """ return gen_key_pair( algorithm=algorithm, format=key_format, storage_type=storage_type )
• tools/cert_utils.py:550-660 (helper)

  Core helper function implementing the key pair generation logic for RSA (using cryptography library) and SM2 algorithms, including formatting (PKCS8/PKCS1), Base64 encoding, and optional file storage.
  def gen_key_pair( # pylint: disable=too-many-arguments,too-many-positional-arguments,redefined-builtin algorithm: str = "RSA", format: str = "pkcs8", storage_type: str = "file" ) -> Dict[str, Any]: try: private_key_str = None public_key_str = None if algorithm.upper() == "RSA": # 生成RSA密钥对，使用2048位密钥长度 private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend() ) public_key = private_key.public_key() # 处理私钥格式 if format.lower() == "pkcs8": private_key_bytes = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption(), ) else: # pkcs1 private_key_bytes = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), ) # 处理公钥格式 public_key_bytes = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) # 去除PEM头尾并转为Base64字符串 private_key_str = private_key_bytes.decode("utf-8") private_key_str = private_key_str.replace( "-----BEGIN PRIVATE KEY-----\n", "" ) private_key_str = private_key_str.replace("-----END PRIVATE KEY-----\n", "") private_key_str = private_key_str.replace( "-----BEGIN RSA PRIVATE KEY-----\n", "" ) private_key_str = private_key_str.replace( "-----END RSA PRIVATE KEY-----\n", "" ) private_key_str = private_key_str.replace("\n", "") public_key_str = public_key_bytes.decode("utf-8") public_key_str = public_key_str.replace("-----BEGIN PUBLIC KEY-----\n", "") public_key_str = public_key_str.replace("-----END PUBLIC KEY-----\n", "") public_key_str = public_key_str.replace("\n", "") elif algorithm.upper() == "SM2": if format.lower() != "pkcs8": return { "message": "SM2密钥只支持生成PKCS8格式", "privateKey": None, "publicKey": None, "privateCert": None, "publicCert": None, } private_key_str, public_key_str = CertUtils.generate_sm2_key_pair() else: return { "message": f"不支持的密钥算法: {algorithm}", "privateKey": None, "publicKey": None, "privateCert": None, "publicCert": None, } # 如果需要保存到文件 private_cert_path = None public_cert_path = None if storage_type.lower() == "file": # 创建目录 key_dir = "./keys/" os.makedirs(key_dir, exist_ok=True) algorithm_name = "RSA2048" if algorithm.upper() == "RSA" else "SM2" # 保存私钥 private_cert_path = os.path.join(key_dir, f"应用私钥{algorithm_name}.txt") with open(private_cert_path, "w", encoding="utf-8") as f: f.write(private_key_str) # 保存公钥 public_cert_path = os.path.join(key_dir, f"应用公钥{algorithm_name}.txt") with open(public_cert_path, "w", encoding="utf-8") as f: f.write(public_key_str) return { "message": "密钥对生成成功" + ("，并已保存到文件" if storage_type.lower() == "file" else ""), "privateKey": private_key_str, "publicKey": public_key_str, "privateCert": private_cert_path, "publicCert": public_cert_path, } except Exception as e: return { "message": f"生成密钥对失败: {str(e)}", "privateKey": None, "publicKey": None, "privateCert": None, "publicCert": None, }