yeepay_yop_gen_key_pair
Generate asymmetric encryption key pairs (public and private keys) for YOP platform integration, supporting RSA and SM2 algorithms with configurable formats and storage options.
Instructions
根据密钥算法生成非对称加密的密钥对(公钥和私钥),并保存到本地路径
参数: algorithm: 密钥算法,可选值为 "RSA" 或 "SM2",默认为 "RSA" key_format: 密钥格式,可选值为 "pkcs8"或"pkcs1",默认为 "pkcs8" storage_type: 密钥存储类型,"file"或"string",默认为 "file"
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| algorithm | No | RSA | |
| key_format | No | pkcs8 | |
| storage_type | No | file |
Implementation Reference
- yop_mcp/main.py:198-213 (handler)The MCP tool handler function for 'yeepay_yop_gen_key_pair', decorated with @mcp.tool(). It calls the gen_key_pair helper from tools.cert_utils.
@mcp.tool() def yeepay_yop_gen_key_pair( algorithm: str = "RSA", key_format: str = "pkcs8", storage_type: str = "file" ) -> Dict[str, Any]: """ 根据密钥算法生成非对称加密的密钥对(公钥和私钥),并保存到本地路径 参数: algorithm: 密钥算法,可选值为 "RSA" 或 "SM2",默认为 "RSA" key_format: 密钥格式,可选值为 "pkcs8"或"pkcs1",默认为 "pkcs8" storage_type: 密钥存储类型,"file"或"string",默认为 "file" """ return gen_key_pair( algorithm=algorithm, format=key_format, storage_type=storage_type ) - tools/cert_utils.py:550-660 (helper)The primary helper function implementing the key pair generation for both RSA and SM2 algorithms using the cryptography library. Handles formatting, Base64 encoding, and optional file storage.
def gen_key_pair( # pylint: disable=too-many-arguments,too-many-positional-arguments,redefined-builtin algorithm: str = "RSA", format: str = "pkcs8", storage_type: str = "file" ) -> Dict[str, Any]: try: private_key_str = None public_key_str = None if algorithm.upper() == "RSA": # 生成RSA密钥对,使用2048位密钥长度 private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend() ) public_key = private_key.public_key() # 处理私钥格式 if format.lower() == "pkcs8": private_key_bytes = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption(), ) else: # pkcs1 private_key_bytes = private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.TraditionalOpenSSL, encryption_algorithm=serialization.NoEncryption(), ) # 处理公钥格式 public_key_bytes = public_key.public_bytes( encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) # 去除PEM头尾并转为Base64字符串 private_key_str = private_key_bytes.decode("utf-8") private_key_str = private_key_str.replace( "-----BEGIN PRIVATE KEY-----\n", "" ) private_key_str = private_key_str.replace("-----END PRIVATE KEY-----\n", "") private_key_str = private_key_str.replace( "-----BEGIN RSA PRIVATE KEY-----\n", "" ) private_key_str = private_key_str.replace( "-----END RSA PRIVATE KEY-----\n", "" ) private_key_str = private_key_str.replace("\n", "") public_key_str = public_key_bytes.decode("utf-8") public_key_str = public_key_str.replace("-----BEGIN PUBLIC KEY-----\n", "") public_key_str = public_key_str.replace("-----END PUBLIC KEY-----\n", "") public_key_str = public_key_str.replace("\n", "") elif algorithm.upper() == "SM2": if format.lower() != "pkcs8": return { "message": "SM2密钥只支持生成PKCS8格式", "privateKey": None, "publicKey": None, "privateCert": None, "publicCert": None, } private_key_str, public_key_str = CertUtils.generate_sm2_key_pair() else: return { "message": f"不支持的密钥算法: {algorithm}", "privateKey": None, "publicKey": None, "privateCert": None, "publicCert": None, } # 如果需要保存到文件 private_cert_path = None public_cert_path = None if storage_type.lower() == "file": # 创建目录 key_dir = "./keys/" os.makedirs(key_dir, exist_ok=True) algorithm_name = "RSA2048" if algorithm.upper() == "RSA" else "SM2" # 保存私钥 private_cert_path = os.path.join(key_dir, f"应用私钥{algorithm_name}.txt") with open(private_cert_path, "w", encoding="utf-8") as f: f.write(private_key_str) # 保存公钥 public_cert_path = os.path.join(key_dir, f"应用公钥{algorithm_name}.txt") with open(public_cert_path, "w", encoding="utf-8") as f: f.write(public_key_str) return { "message": "密钥对生成成功" + (",并已保存到文件" if storage_type.lower() == "file" else ""), "privateKey": private_key_str, "publicKey": public_key_str, "privateCert": private_cert_path, "publicCert": public_cert_path, } except Exception as e: return { "message": f"生成密钥对失败: {str(e)}", "privateKey": None, "publicKey": None, "privateCert": None, "publicCert": None, } - tools/cert_utils.py:413-438 (helper)Supporting method for generating SM2 key pairs using elliptic curve cryptography (SECP256K1 curve).
def generate_sm2_key_pair() -> List[str]: # 使用SM2曲线创建私钥 private_key = ec.generate_private_key(ec.SECP256K1(), default_backend()) # 从私钥获取公钥 public_key = private_key.public_key() # 导出私钥,DER格式 private_key_der = private_key.private_bytes( encoding=serialization.Encoding.DER, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption(), ) # 导出公钥,DER格式 public_key_der = public_key.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) # Base64编码 private_key_b64 = base64.b64encode(private_key_der).decode("utf-8") public_key_b64 = base64.b64encode(public_key_der).decode("utf-8") return [private_key_b64, public_key_b64]