def write_and_import_keypair(filename):
pathpriv = 'tufkeystore/{}_key'.format(filename)
pathpub = '{}.pub'.format(pathpriv)
rt.generate_and_write_ed25519_keypair(password='******', filepath=pathpriv)
public_key = rt.import_ed25519_publickey_from_file(pathpub)
private_key = rt.import_ed25519_privatekey_from_file(password='******', filepath=pathpriv)
return (public_key, private_key)
def generate_key(keyname):
"""
Generate a key pair according to the demo's current default key config.
Passphrase: 'pw'
Key type: ed25519
Key location: DEMO_KEYS_DIR
"""
rt.generate_and_write_ed25519_keypair(os.path.join(DEMO_KEYS_DIR, keyname),
password='******')
def generate_key(keyname):
"""
Generate a key pair according to the demo's current default key config.
Passphrase: 'pw'
Key type: ed25519
Key location: DEMO_KEYS_DIR
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[generate_key()]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(
str('%s %s %s' %
(I_TO_PRINT, 'Generating key with keyname:', keyname)))
#TODO: Until here
rt.generate_and_write_ed25519_keypair(os.path.join(DEMO_KEYS_DIR, keyname),
password='******')
def set_top_level_keys(repository, parsed_arguments):
"""
Generate, write, and set the top-level keys. 'repository' is modified.
"""
# Examples of how the --pw command-line option is interpreted:
# repo.py --init': parsed_arguments.pw = 'pw'
# repo.py --init --pw my_pw: parsed_arguments.pw = 'my_pw'
# repo.py --init --pw: The user is prompted for a password, here.
if not parsed_arguments.pw:
parsed_arguments.pw = securesystemslib.interface.get_password(
prompt='Enter a password for the top-level role keys: ',
confirm=True)
repo_tool.generate_and_write_ed25519_keypair(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, ROOT_KEY_NAME),
password=parsed_arguments.root_pw)
repo_tool.generate_and_write_ed25519_keypair(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, TARGETS_KEY_NAME),
password=parsed_arguments.targets_pw)
repo_tool.generate_and_write_ed25519_keypair(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, SNAPSHOT_KEY_NAME),
password=parsed_arguments.snapshot_pw)
repo_tool.generate_and_write_ed25519_keypair(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, TIMESTAMP_KEY_NAME),
password=parsed_arguments.timestamp_pw)
# Import the private keys. They are needed to generate the signatures
# included in metadata.
root_private = import_privatekey_from_file(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, ROOT_KEY_NAME),
parsed_arguments.root_pw)
targets_private = import_privatekey_from_file(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, TARGETS_KEY_NAME),
parsed_arguments.targets_pw)
snapshot_private = import_privatekey_from_file(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, SNAPSHOT_KEY_NAME),
parsed_arguments.snapshot_pw)
timestamp_private = import_privatekey_from_file(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, TIMESTAMP_KEY_NAME),
parsed_arguments.timestamp_pw)
# Import the public keys. They are needed so that metadata roles are
# assigned verification keys, which clients need in order to verify the
# signatures created by the corresponding private keys.
root_public = import_publickey_from_file(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, ROOT_KEY_NAME) +
'.pub')
targets_public = import_publickey_from_file(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, TARGETS_KEY_NAME) +
'.pub')
snapshot_public = import_publickey_from_file(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, SNAPSHOT_KEY_NAME) +
'.pub')
timestamp_public = import_publickey_from_file(
os.path.join(parsed_arguments.path, KEYSTORE_DIR, TIMESTAMP_KEY_NAME) +
'.pub')
# Add the verification keys to the top-level roles.
repository.root.add_verification_key(root_public)
repository.targets.add_verification_key(targets_public)
repository.snapshot.add_verification_key(snapshot_public)
repository.timestamp.add_verification_key(timestamp_public)
# Load the previously imported signing keys for the top-level roles so that
# valid metadata can be written.
repository.root.load_signing_key(root_private)
repository.targets.load_signing_key(targets_private)
repository.snapshot.load_signing_key(snapshot_private)
repository.timestamp.load_signing_key(timestamp_private)
def write_and_import_keypair(filename):
pathpriv = '{}_key'.format(filename)
rt.generate_and_write_ed25519_keypair(pathpriv, password='******')