def create_root_key(self, password=None): """ Create root keypair for the repository. The private key is written to ``<repos_root>/<repo>/master/keys/root_key`` and can be moved offline once you've called :meth:`create_metadata`. You'll need it again if you call :meth:`reset_keys` when the root metadata expires. The public key is written to ``<repos_root>/<repo>/master/keys/root_key.pub`` and can be given to others for use when retrieving a copy of the repository metadata with :meth:`DTufCopy.pull_metadata`. :param password: Password to use for encrypting the private key. You'll be prompted for one if you don't supply it. :type password: str """ from tuf.repository_tool import generate_and_write_rsa_keypair if password is None: print('generating root key...') generate_and_write_rsa_keypair(self._root_key_file, password=password)
def create_metadata_keys(self, targets_key_password=None, snapshot_key_password=None, timestamp_key_password=None): """ Create TUF metadata keypairs for the repository. The keys are written to the ``<repos_root>/<repo>/master/keys`` directory. The public keys have a ``.pub`` extension. You can move the private keys offline once you've called :meth:`create_metadata` but you'll need them again when you call :meth:`push_metadata` to publish the repository. You don't need to give out the metadata public keys since they're published on the repository. :param targets_key_password: Password to use for encrypting the TUF targets private key. You'll be prompted for one if you don't supply it. :type password: str :param snapshot_key_password: Password to use for encrypting the TUF snapshot private key. You'll be prompted for one if you don't supply it. :type password: str :param timestamp_key_password: Password to use for encrypting the TUF timestamp private key. You'll be prompted for one if you don't supply it. :type password: str """ from tuf.repository_tool import generate_and_write_rsa_keypair if targets_key_password is None: print('generating targets key...') generate_and_write_rsa_keypair(self._targets_key_file, password=targets_key_password) if snapshot_key_password is None: print('generating snapshot key...') generate_and_write_rsa_keypair(self._snapshot_key_file, password=snapshot_key_password) if timestamp_key_password is None: print('generating timestamp key...') generate_and_write_rsa_keypair(self._timestamp_key_file, password=timestamp_key_password)