def create_root_key(self, password=None):
"""
Create root keypair for the repository.
The private key is written to ``<repos_root>/<repo>/master/keys/root_key`` and can be moved offline once you've called :meth:`create_metadata`. You'll need it again if you call :meth:`reset_keys` when the root metadata expires.
The public key is written to ``<repos_root>/<repo>/master/keys/root_key.pub`` and can be given to others for use when retrieving a copy of the repository metadata with :meth:`DTufCopy.pull_metadata`.
:param password: Password to use for encrypting the private key. You'll be prompted for one if you don't supply it.
:type password: str
"""
from tuf.repository_tool import generate_and_write_rsa_keypair
if password is None:
print('generating root key...')
generate_and_write_rsa_keypair(self._root_key_file, password=password)
def create_root_key(self, password=None):
"""
Create root keypair for the repository.
The private key is written to ``<repos_root>/<repo>/master/keys/root_key`` and can be moved offline once you've called :meth:`create_metadata`. You'll need it again if you call :meth:`reset_keys` when the root metadata expires.
The public key is written to ``<repos_root>/<repo>/master/keys/root_key.pub`` and can be given to others for use when retrieving a copy of the repository metadata with :meth:`DTufCopy.pull_metadata`.
:param password: Password to use for encrypting the private key. You'll be prompted for one if you don't supply it.
:type password: str
"""
from tuf.repository_tool import generate_and_write_rsa_keypair
if password is None:
print('generating root key...')
generate_and_write_rsa_keypair(self._root_key_file, password=password)
def create_metadata_keys(self,
targets_key_password=None,
snapshot_key_password=None,
timestamp_key_password=None):
"""
Create TUF metadata keypairs for the repository.
The keys are written to the ``<repos_root>/<repo>/master/keys`` directory. The public keys have a ``.pub`` extension.
You can move the private keys offline once you've called :meth:`create_metadata` but you'll need them again when you call :meth:`push_metadata` to publish the repository.
You don't need to give out the metadata public keys since they're published on the repository.
:param targets_key_password: Password to use for encrypting the TUF targets private key. You'll be prompted for one if you don't supply it.
:type password: str
:param snapshot_key_password: Password to use for encrypting the TUF snapshot private key. You'll be prompted for one if you don't supply it.
:type password: str
:param timestamp_key_password: Password to use for encrypting the TUF timestamp private key. You'll be prompted for one if you don't supply it.
:type password: str
"""
from tuf.repository_tool import generate_and_write_rsa_keypair
if targets_key_password is None:
print('generating targets key...')
generate_and_write_rsa_keypair(self._targets_key_file,
password=targets_key_password)
if snapshot_key_password is None:
print('generating snapshot key...')
generate_and_write_rsa_keypair(self._snapshot_key_file,
password=snapshot_key_password)
if timestamp_key_password is None:
print('generating timestamp key...')
generate_and_write_rsa_keypair(self._timestamp_key_file,
password=timestamp_key_password)
def create_metadata_keys(self,
targets_key_password=None,
snapshot_key_password=None,
timestamp_key_password=None):
"""
Create TUF metadata keypairs for the repository.
The keys are written to the ``<repos_root>/<repo>/master/keys`` directory. The public keys have a ``.pub`` extension.
You can move the private keys offline once you've called :meth:`create_metadata` but you'll need them again when you call :meth:`push_metadata` to publish the repository.
You don't need to give out the metadata public keys since they're published on the repository.
:param targets_key_password: Password to use for encrypting the TUF targets private key. You'll be prompted for one if you don't supply it.
:type password: str
:param snapshot_key_password: Password to use for encrypting the TUF snapshot private key. You'll be prompted for one if you don't supply it.
:type password: str
:param timestamp_key_password: Password to use for encrypting the TUF timestamp private key. You'll be prompted for one if you don't supply it.
:type password: str
"""
from tuf.repository_tool import generate_and_write_rsa_keypair
if targets_key_password is None:
print('generating targets key...')
generate_and_write_rsa_keypair(self._targets_key_file,
password=targets_key_password)
if snapshot_key_password is None:
print('generating snapshot key...')
generate_and_write_rsa_keypair(self._snapshot_key_file,
password=snapshot_key_password)
if timestamp_key_password is None:
print('generating timestamp key...')
generate_and_write_rsa_keypair(self._timestamp_key_file,
password=timestamp_key_password)
