def regen(client):
secretdata = kmip.pie.objects.SecretData(
SECRETDATABYTES, kmip.core.enums.SecretDataType.PASSWORD)
uid = client.register(secretdata)
print(f"Created SecretData with UID={uid}")
client.activate(uid)
print(f"Activated SecretData {uid}")
return uid
try:
key_id = client.create(enums.CryptographicAlgorithm.AES,
128,
cryptographic_usage_mask=[
enums.CryptographicUsageMask.ENCRYPT,
enums.CryptographicUsageMask.DECRYPT
])
logger.info("Successfully created a new encryption key.")
logger.info("Secret ID: {0}".format(key_id))
except Exception as e:
logger.error(e)
sys.exit(-1)
# Activate the encryption key so that it can be used.
try:
client.activate(key_id)
logger.info("Successfully activated the encryption key.")
except Exception as e:
logger.error(e)
sys.exit(-1)
# Encrypt some data with the encryption key.
try:
logger.info("Raw data: {0}".format(binascii.hexlify(file_bytes)))
cipher_text, autogenerated_iv = client.encrypt(
# message,
file_bytes,
uid=key_id,
cryptographic_parameters={
'cryptographic_algorithm':
enums.CryptographicAlgorithm.AES,
128,
cryptographic_usage_mask=[
enums.CryptographicUsageMask.ENCRYPT,
enums.CryptographicUsageMask.DECRYPT
]
)
logger.info("Successfully created a new encryption key.")
logger.info("Secret ID: {0}".format(key_id))
except Exception as e:
logger.error(e)
sys.exit(-1)
# Activate the encryption key so that it can be used.
try:
client.activate(key_id)
logger.info("Successfully activated the encryption key.")
except Exception as e:
logger.error(e)
sys.exit(-1)
# Encrypt some data with the encryption key.
try:
cipher_text, autogenerated_iv = client.encrypt(
message,
uid=key_id,
cryptographic_parameters={
'cryptographic_algorithm':
enums.CryptographicAlgorithm.AES,
'block_cipher_mode': enums.BlockCipherMode.CBC,
'padding_method': enums.PaddingMethod.ANSI_X923
),
masks=[
enums.CryptographicUsageMask.SIGN,
enums.CryptographicUsageMask.VERIFY
]
)
)
logger.info("Successfully created a new signing key.")
logger.info("Signing Key ID: {0}".format(signing_key_id))
except Exception as e:
logger.error(e)
sys.exit(-1)
# Activate the signing key.
try:
client.activate(signing_key_id)
logger.info(
"Signing key {0} has been activated.".format(signing_key_id)
)
except Exception as e:
logger.error(e)
sys.exit(-1)
# Verify a valid signature.
try:
result = client.signature_verify(
(
b'\xe1\xc0\xf9\x8d\x53\xf8\xf8\xb1\x41\x90\x57\xd5\xb9\xb1'
b'\x0b\x07\xfe\xea\xec\x32\xc0\x46\x3a\x4d\x68\x38\x2f\x53'
b'\x1b\xa1\xd6\xcf\xe4\xed\x38\xa2\x69\x4a\x34\xb9\xc8\x05'
b'\xad\xf0\x72\xff\xbc\xeb\xe2\x1d\x8d\x4b\x5c\x0e\x8c\x33'
),
masks=[
enums.CryptographicUsageMask.SIGN,
enums.CryptographicUsageMask.VERIFY
]
)
)
logger.info("Successfully created a new signing key.")
logger.info("Signing Key ID: {0}".format(signing_key_id))
except Exception as e:
logger.error(e)
sys.exit(-1)
# Activate the signing key.
try:
client.activate(signing_key_id)
logger.info(
"Signing key {0} has been activated.".format(signing_key_id)
)
except Exception as e:
logger.error(e)
sys.exit(-1)
# Verify a valid signature.
try:
result = client.signature_verify(
(
b'\xe1\xc0\xf9\x8d\x53\xf8\xf8\xb1\x41\x90\x57\xd5\xb9\xb1'
b'\x0b\x07\xfe\xea\xec\x32\xc0\x46\x3a\x4d\x68\x38\x2f\x53'
b'\x1b\xa1\xd6\xcf\xe4\xed\x38\xa2\x69\x4a\x34\xb9\xc8\x05'
b'\xad\xf0\x72\xff\xbc\xeb\xe2\x1d\x8d\x4b\x5c\x0e\x8c\x33'
