Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Panduan ini menunjukkan cara membuat pasangan kunci asimetris untuk
Media CDN.
Buat kunci
Command line
Anda dapat membuat kunci pribadi dan publik menggunakan Python 3 dan OpenSSL 1.1.1 atau yang lebih baru (versi OpenSSL sebelumnya tidak mendukung Ed25519).
Tindakan ini akan menghasilkan kunci pribadi yang dienkode PEM. Jaga keamanan kunci ini, sebaiknya dengan
menggunakan sistem pengelolaan kunci atau Secret Manager.
Buat kunci publik dari kunci pribadi dalam format base64 yang aman untuk URL.
Perintah ini membuat kunci publik dari kunci pribadi, dengan menghapus informasi header ASN.1
dari kunci publik mentah.
Python
importbase64fromcryptography.hazmat.primitivesimportserializationfromcryptography.hazmat.primitives.asymmetricimported25519defgenerate_ed25519_keypair(private_key_filename:str="private.key",public_key_filename:str="public.pub")-> None:"""Generate Ed25519 Keys Pairs. Args: private_key_filename(default private.key): private key filename as a string. public_key_filename(default public.pub): public key filename as a string Returns: """private_key=ed25519.Ed25519PrivateKey.generate()public_key=private_key.public_key()private_key_str=private_key.private_bytes(encoding=serialization.Encoding.Raw,format=serialization.PrivateFormat.Raw,encryption_algorithm=serialization.NoEncryption(),)print("Private Key:\t",base64.urlsafe_b64encode(private_key_str))public_key_str=public_key.public_bytes(encoding=serialization.Encoding.Raw,format=serialization.PublicFormat.Raw)print("Public Key:\t",base64.urlsafe_b64encode(public_key_str))withopen(private_key_filename,"wb")asfp:fp.write(base64.urlsafe_b64encode(private_key_str))print(f"Private Key is written to:\t{private_key_filename}")withopen(public_key_filename,"wb")asfp:fp.write(base64.urlsafe_b64encode(public_key_str))print(f"Public Key is written to:\t{public_key_filename}")
Dengan kunci dalam format ini, Anda kini dapat menambahkannya ke set kunci.
Jika keyset dikaitkan dengan rute sebagai cdnPolicy.signedRequestKeyset,
Media CDN akan memvalidasi bahwa permintaan ditandatangani sebelum
menayangkan konten apa pun.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Sulit dipahami","hardToUnderstand","thumb-down"],["Informasi atau kode contoh salah","incorrectInformationOrSampleCode","thumb-down"],["Informasi/contoh yang saya butuhkan tidak ada","missingTheInformationSamplesINeed","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2025-09-04 UTC."],[],[],null,["# Create asymmetric key pairs\n\nThis guide demonstrates how to create asymmetric key pairs for\nMedia CDN.\n\nGenerate keys\n-------------\n\n### Command line\n\nYou can generate both a private and public key by using Python 3 and OpenSSL\n1.1.1 or later (earlier versions of OpenSSL don't support Ed25519).\n\n1. Generate the private key.\n\n ```\n openssl genpkey -algorithm ed25519 -outform PEM -out test.private.key\n ```\n\n This outputs a PEM-encoded private key. Keep this key secure, ideally by\n using a key management system or [Secret Manager](/secret-manager).\n2. Generate the public key from the private key in URL-safe base64 format.\n\n ```\n openssl pkey -outform DER -pubout -in test.private.key | tail -c +13 | python3 -c \"import base64, sys; print(('%s' % base64.urlsafe_b64encode(sys.stdin.buffer.read()))[2:-1])\"\n ```\n\n This command generates the public key from the private key, stripping ASN.1\n header information from the raw public key.\n\n### Python\n\n import base64\n\n from cryptography.hazmat.primitives import serialization\n from cryptography.hazmat.primitives.asymmetric import ed25519\n\n\n def generate_ed25519_keypair(\n private_key_filename: str = \"private.key\", public_key_filename: str = \"public.pub\"\n ) -\u003e None:\n \"\"\"Generate Ed25519 Keys Pairs.\n\n Args:\n private_key_filename(default private.key): private key filename as a string.\n public_key_filename(default public.pub): public key filename as a string\n\n Returns:\n\n \"\"\"\n private_key = ed25519.Ed25519PrivateKey.generate()\n public_key = private_key.public_key()\n\n private_key_str = private_key.private_bytes(\n encoding=serialization.Encoding.Raw,\n format=serialization.PrivateFormat.Raw,\n encryption_algorithm=serialization.NoEncryption(),\n )\n print(\"Private Key:\\t\", base64.urlsafe_b64encode(private_key_str))\n\n public_key_str = public_key.public_bytes(\n encoding=serialization.Encoding.Raw, format=serialization.PublicFormat.Raw\n )\n print(\"Public Key:\\t\", base64.urlsafe_b64encode(public_key_str))\n\n with open(private_key_filename, \"wb\") as fp:\n fp.write(base64.urlsafe_b64encode(private_key_str))\n print(f\"Private Key is written to:\\t{private_key_filename}\")\n\n with open(public_key_filename, \"wb\") as fp:\n fp.write(base64.urlsafe_b64encode(public_key_str))\n print(f\"Public Key is written to:\\t{public_key_filename}\")\n\nWith the key in this format, you can now [add it to a keyset](/media-cdn/docs/create-keyset).\nWhen the keyset is associated with a route as a `cdnPolicy.signedRequestKeyset`,\nMedia CDN validates that the requests were signed before\nserving any content."]]
