forked from zopefoundation/keas.kmi
jean/keas.kmi
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
This package provides a NIST SP 800-57 compliant Key Management Infrastructure (KMI). To get started do:: $ python bootstrap.py # Must be Python 2.5 or higher $ ./bin/buildout # Depends on successfull compilation of M2Crypto $ ./bin/runserver # or ./bin/paster serve server.ini The server will come up on port 8080. You can create a new key encrypting key using:: $ wget https://localhost:8080/new -O kek.dat --ca-certificate sample.pem \ --post-data="" or, if you want a more convenient tool:: $ ./bin/testclient https://localhost:8080/new -n > kek.dat The data encryption key can now be retrieved by posting the KEK to another URL:: $ wget https://localhost:8080/key --header 'Content-Type: text/plain' \ --post-file kek.dat -O datakey.dat --ca-certificate sample.pem or :: $ ./bin/testclient https://localhost:8080/new -g kek.dat > datakey.dat Note: To be compliant, the server must use an encrypted communication channel of course. The ``--ca-certificate`` tells wget to trust the sample self-signed certificate included in the keas.kmi distribution; you'll want to generate a new SSL certificate for production use.
About
A Key Management Infrastructure
Resources
Stars
Watchers
Forks
Packages 0
No packages published
Languages
- Python 99.5%
- Shell 0.5%