1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
# Copyright (c) 2017 The Johns Hopkins University/Applied Physics Laboratory
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import binascii
import logging
import sys
from kmip.core import enums
from kmip.demos import utils
from kmip.pie import client
# Real world example, assuming 'test' is a valid configuration:
#
# $ python kmip/demos/pie/encrypt.py -c test -m "My test message."
# INFO - Successfully created a new encryption key.
# INFO - Secret ID: 470
# INFO - Successfully activated the encryption key.
# INFO - Successfully encrypted the message.
# INFO - Cipher text: b'49cfacbb62659180c20dfbf9f7553488b3ea9ebeecd70ce2e5c4d4
# ece6def0d4'
# INFO - No autogenerated IV expected, since one was provided.
# INFO - Autogenerated IV: None
# $ python kmip/demos/pie/decrypt.py -c test -i 470 -m b'49cfacbb62659180c20df
# bf9f7553488b3ea9ebeecd70ce2e5c4d4ece6def0d4'
# INFO - Successfully decrypted the message.
# INFO - Plain text: 'My test message.'
if __name__ == '__main__':
logger = utils.build_console_logger(logging.INFO)
# Build and parse arguments
parser = utils.build_cli_parser(enums.Operation.ENCRYPT)
opts, args = parser.parse_args(sys.argv[1:])
config = opts.config
message = opts.message
message = bytes(message, 'utf-8')
# Build the client and connect to the server
with client.ProxyKmipClient(
config=config,
config_file=opts.config_file
) as client:
# Create an encryption key.
try:
key_id = client.create(
enums.CryptographicAlgorithm.AES,
128,
cryptographic_usage_mask=[
enums.CryptographicUsageMask.ENCRYPT,
enums.CryptographicUsageMask.DECRYPT
]
)
logger.info("Successfully created a new encryption key.")
logger.info("Secret ID: {0}".format(key_id))
except Exception as e:
logger.error(e)
sys.exit(-1)
# Activate the encryption key so that it can be used.
try:
client.activate(key_id)
logger.info("Successfully activated the encryption key.")
except Exception as e:
logger.error(e)
sys.exit(-1)
# Encrypt some data with the encryption key.
try:
cipher_text, autogenerated_iv = client.encrypt(
message,
uid=key_id,
cryptographic_parameters={
'cryptographic_algorithm':
enums.CryptographicAlgorithm.AES,
'block_cipher_mode': enums.BlockCipherMode.CBC,
'padding_method': enums.PaddingMethod.ANSI_X923
},
iv_counter_nonce=(
b'\x01\x7D\x45\xA0\x88\x08\x11\x11'
b'\xF0\x00\x12\xFF\x7A\x3A\x36\x90'
)
)
logger.info("Successfully encrypted the message.")
logger.info(
"Cipher text: {0}".format(binascii.hexlify(cipher_text))
)
logger.info(
"No autogenerated IV expected, since one was provided."
)
logger.info("Autogenerated IV: {0}".format(autogenerated_iv))
except Exception as e:
logger.error(e)
|
