Whats the simplest and safest method to generate a API KEY and SECRET in Python

烂漫一生 提交于 2020-07-31 18:26:08

问题


I need to generate a API key and Secret that would be stored in a Redis server. What would be the best way to generate a key and secret?

I am develop a Django-tastypie framework based app.


回答1:


EDIT: for a very secure way of generating random number, you should use urandom:

from binascii import hexlify

key = hexlify(os.urandom(length))

this will produce bytes, call key.decode() if you need a string

You can just generate keys of your desired length the python way:

import random
import string

def generate_key(length):
    return ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(length))

And then you can just call it with your desired length key = generate_key(40).
You can specify what alphabet you want to use, for example using only string.ascii_lowercase for key consisting of only lowercase letters etc.

There is also Model for Api authentication in tastypie, might be worth checking out https://django-tastypie.readthedocs.org/en/latest/authentication.html#apikeyauthentication




回答2:


If you're on Python 3.6 or later, the secrets module is the way to go:

The secrets module is used for generating cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets.

In particular, secrets should be used in preference to the default pseudo-random number generator in the random module, which is designed for modelling and simulation, not security or cryptography.

e.g. to generate a 16 byte token:

>>> import secrets
>>> secrets.token_urlsafe(16)
'zs9XYCbTPKvux46UJckflw'
>>> secrets.token_hex(16)
'6bef18936ac12a9096e9fe7a8fe1f777'



回答3:


you can also use following module to generate random string

 1 - os.urandom(64).encode('hex') #from os module
 2 - uuid.uuid4()                 # from uuid module
 3 - get_random_string(length=32) #from django.utils.crypto
 4 - secrets.token_hex(64)         #from secrets >= python 3.6 



回答4:


Adding answer as I can't comment on T. Opletals answer.

You should not use random.choice as random isn't cryptographically secure. A better option would be random.SystemRandom() which uses the system source of randomness, on linux this would be urandom.

def generate_key(length):
    char_set = string.ascii_letters + string.punctuation                    
    urand = random.SystemRandom()                                           
    return ''.join([urand.choice(char_set) for _ in range(length)])



回答5:


If you want an easy-to-use but highly customisable key generator, use key-generator pypi package.

Here is the GitHub repo where you can find the complete documentation.

Here's an example:

from key_generator.key_generator import generate

custom_key = generate(2, ['-', ':'], 3, 10, type_of_value = 'char', capital = 'mix', seed = 17).get_key()
print(custom_key)  # ZLFdHXIUe-ekwJCu

Hope this helps :)

Disclaimer: This uses the key-generator library which I made.



来源:https://stackoverflow.com/questions/34897740/whats-the-simplest-and-safest-method-to-generate-a-api-key-and-secret-in-python

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!