def setup_brand(brand_identifier): """ create keys, brand config file, and brand layers file for NUS """ base_id, base_keypair = get_base() brand_id, brand_keypair = make_keypair() save_key(brand_id, brand_keypair) layers = ( ( brand_id, brand_keypair.publickey(), ), ( base_id, base_keypair.publickey(), ), ) layer_fn = os.path.join(_ESCROW_LAYERS_PATH, "brand.%s.layers.serial" % (brand_identifier, )) if os.path.exists(layer_fn): raise EscrowError("Brand id %s layers exist" % (brand_identifier, )) with open(layer_fn, "ab") as fobj: dump(layers, fobj) write_config("brand.%s" % (brand_identifier, ), brand_id) print "new keys and config saved for brand %s" % brand_identifier return brand_id, brand_identifier, layers
def setup_brand(brand_identifier): """ create keys, brand config file, and brand layers file for NUS """ base_id, base_keypair = get_base() brand_id, brand_keypair = make_keypair() save_key(brand_id, brand_keypair) layers = ( (brand_id, brand_keypair.publickey(), ), (base_id, base_keypair.publickey(), ), ) layer_fn = os.path.join(_ESCROW_LAYERS_PATH, "brand.%s.layers.serial" % ( brand_identifier, )) if os.path.exists(layer_fn): raise EscrowError("Brand id %s layers exist" % (brand_identifier, )) with open(layer_fn, "ab") as fobj: dump(layers, fobj) write_config("brand.%s" % (brand_identifier, ), brand_id) print "new keys and config saved for brand %s" % brand_identifier return brand_id, brand_identifier, layers
def test_write_and_read_layers(): """ test encapsulating data in many escrow layers and reading it back out """ userkey = make_keypair() layers = list() for _ in range(_TEST_LAYERS): layers.append(make_keypair()) # this is the data that goes in the innermost layer data = os.urandom(_TEST_DATA_SIZE) layer_data = data # we encapsulate this data in layers of key escrow for idx, layer in enumerate(layers): cipher_layer_data = make_escrow_layer( layer[0], layer[1].publickey(), layer_data, userkey[1]) # at every layer we test that we can read back the data plain_layer_data = read_escrow_layer( { layer[0]: layer[1] }, cipher_layer_data, userkey[1].publickey()) assert plain_layer_data == layer_data, \ "readback fail at layer %d" % (idx + 1) layer_data = cipher_layer_data # read back the layers in reverse for idx, layer in enumerate(layers[::-1]): plain_layer_data = read_escrow_layer( { layer[0]: layer[1] }, layer_data, userkey[1].publickey()) layer_data = plain_layer_data # we should get our original data back out assert layer_data == data return True
def test_write_and_read_layers(): """ test encapsulating data in many escrow layers and reading it back out """ userkey = make_keypair() layers = list() for _ in range(_TEST_LAYERS): layers.append(make_keypair()) # this is the data that goes in the innermost layer data = os.urandom(_TEST_DATA_SIZE) layer_data = data # we encapsulate this data in layers of key escrow for idx, layer in enumerate(layers): cipher_layer_data = make_escrow_layer(layer[0], layer[1].publickey(), layer_data, userkey[1]) # at every layer we test that we can read back the data plain_layer_data = read_escrow_layer({layer[0]: layer[1]}, cipher_layer_data, userkey[1].publickey()) assert plain_layer_data == layer_data, \ "readback fail at layer %d" % (idx + 1) layer_data = cipher_layer_data # read back the layers in reverse for idx, layer in enumerate(layers[::-1]): plain_layer_data = read_escrow_layer({layer[0]: layer[1]}, layer_data, userkey[1].publickey()) layer_data = plain_layer_data # we should get our original data back out assert layer_data == data return True
def test_setup_brand(): from key_escrow.server import read_escrow_data brand_identifier = 'my_test_brand' brand_id, _brand_keypair, layers = setup_brand(brand_identifier) assert brand_id == layers[0][0] _user_key_id, user_keypair = make_keypair() test_data = "0123456789" escrowed_data = escrow_binary(layers, test_data, user_keypair) plain_escrowed_data = read_escrow_data(brand_identifier, escrowed_data, sign_key=user_keypair.publickey()) assert plain_escrowed_data == test_data print "setup brand test ok" return True
def create_base(): """ Run only once to create base layer of key escrow (which is kept internal.) create a new (key_id, keypair, ) and save it. create a new file base.cfg with key_id in first line """ base_id, base_keypair = make_keypair() save_key(base_id, base_keypair) write_config("base", base_id) print "base key ID %s and cfg saved" % ( base_id, ) return True
def create_base(): """ Run only once to create base layer of key escrow (which is kept internal.) create a new (key_id, keypair, ) and save it. create a new file base.cfg with key_id in first line """ base_id, base_keypair = make_keypair() save_key(base_id, base_keypair) write_config("base", base_id) print "base key ID %s and cfg saved" % (base_id, ) return True