import ssl
from kmip.pie.client import ProxyKmipClient
from kmip.pie import client
from kmip import enums
client = ProxyKmipClient(hostname='127.0.0.1',
port=5696,
cert='certs/client_certificate_jane_doe.pem',
key='certs/client_key_jane_doe.pem',
ca='certs/root_certificate.pem',
ssl_version='PROTOCOL_SSLv23',
username='******',
password='******',
config='client')
client.open()
key_id = client.create(enums.CryptographicAlgorithm.AES,
256,
operation_policy_name='default',
name='Test_256_AES_Symmetric_Key',
cryptographic_usage_mask=[
enums.CryptographicUsageMask.ENCRYPT,
enums.CryptographicUsageMask.DECRYPT
])
print('key[%s] created' % key_id)
key = client.get(key_id)
print('key: %s' % key)
if __name__ == '__main__':
logger = utils.build_console_logger(logging.INFO)
# Build and parse arguments
parser = utils.build_cli_parser(enums.Operation.CREATE)
opts, args = parser.parse_args(sys.argv[1:])
config = opts.config
algorithm = opts.algorithm
length = opts.length
# Exit early if the arguments are not specified
if algorithm is None:
logger.error('No algorithm provided, exiting early from demo')
sys.exit()
if length is None:
logger.error("No key length provided, exiting early from demo")
sys.exit()
algorithm = getattr(enums.CryptographicAlgorithm, algorithm, None)
# Build the client and connect to the server
with client.ProxyKmipClient(config=config) as client:
try:
uid = client.create(algorithm, length)
logger.info("Successfully created symmetric key with ID: "
"{0}".format(uid))
except Exception as e:
logger.error(e)
if (len(args) != 1):
print('Pick a file to encrypt.')
exit()
with open(args[0], 'rb') as f:
file_to_encrypt = open(args[0], 'rb')
file_bytes = file_to_encrypt.read()
# Build the client and connect to the server
with client.ProxyKmipClient(config=config,
config_file=opts.config_file) as client:
# Create an encryption key.
try:
key_id = client.create(enums.CryptographicAlgorithm.AES,
128,
cryptographic_usage_mask=[
enums.CryptographicUsageMask.ENCRYPT,
enums.CryptographicUsageMask.DECRYPT
])
logger.info("Successfully created a new encryption key.")
logger.info("Secret ID: {0}".format(key_id))
except Exception as e:
logger.error(e)
sys.exit(-1)
# Activate the encryption key so that it can be used.
try:
client.activate(key_id)
logger.info("Successfully activated the encryption key.")
except Exception as e:
logger.error(e)
sys.exit(-1)
if __name__ == '__main__':
logger = utils.build_console_logger(logging.INFO)
# Build and parse arguments
parser = utils.build_cli_parser(enums.Operation.DERIVE_KEY)
opts, args = parser.parse_args(sys.argv[1:])
config = opts.config
# Build the client and connect to the server
with client.ProxyKmipClient(config=config) as client:
# Create keys to use for derivation
try:
key_id = client.create(
enums.CryptographicAlgorithm.AES,
128,
cryptographic_usage_mask=[
enums.CryptographicUsageMask.DERIVE_KEY
]
)
logger.info("Successfully created a new derivation key.")
logger.info("Secret ID: {0}".format(key_id))
except Exception as e:
logger.error(e)
sys.exit(-1)
# Derive a new secret via PBKDF2.
try:
secret_id = client.derive_key(
enums.ObjectType.SYMMETRIC_KEY,
[key_id],
enums.DerivationMethod.PBKDF2,
# Build and parse arguments
parser = utils.build_cli_parser(enums.Operation.ENCRYPT)
opts, args = parser.parse_args(sys.argv[1:])
config = opts.config
message = opts.message
message = bytes(message, 'utf-8')
# Build the client and connect to the server
with client.ProxyKmipClient(config=config) as client:
# Create an encryption key.
try:
key_id = client.create(
enums.CryptographicAlgorithm.AES,
128,
cryptographic_usage_mask=[
enums.CryptographicUsageMask.ENCRYPT,
enums.CryptographicUsageMask.DECRYPT
]
)
logger.info("Successfully created a new encryption key.")
logger.info("Secret ID: {0}".format(key_id))
except Exception as e:
logger.error(e)
sys.exit(-1)
# Activate the encryption key so that it can be used.
try:
client.activate(key_id)
logger.info("Successfully activated the encryption key.")
except Exception as e:
logger.error(e)
config = opts.config
algorithm = opts.algorithm
length = opts.length
# Exit early if the arguments are not specified
if algorithm is None:
logger.error('No algorithm provided, exiting early from demo')
sys.exit()
if length is None:
logger.error("No key length provided, exiting early from demo")
sys.exit()
algorithm = getattr(enums.CryptographicAlgorithm, algorithm, None)
# Build the client and connect to the server
with client.ProxyKmipClient(
config=config,
config_file=opts.config_file
) as client:
try:
uid = client.create(
algorithm,
length,
operation_policy_name=opts.operation_policy_name
)
logger.info("Successfully created symmetric key with ID: "
"{0}".format(uid))
except Exception as e:
logger.error(e)
