mirror of https://github.com/OpenKMIP/PyKMIP.git
78 lines
2.8 KiB
Python
78 lines
2.8 KiB
Python
# Copyright (c) 2017 The Johns Hopkins University/Applied Physics Laboratory
|
|
# All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
import binascii
|
|
import logging
|
|
import sys
|
|
|
|
from kmip.core import enums
|
|
from kmip.demos import utils
|
|
from kmip.pie import client
|
|
|
|
# Real world example, assuming 'test' is a valid configuration:
|
|
#
|
|
# $ python kmip/demos/pie/encrypt.py -c test -m "My test message."
|
|
# INFO - Successfully created a new encryption key.
|
|
# INFO - Secret ID: 470
|
|
# INFO - Successfully activated the encryption key.
|
|
# INFO - Successfully encrypted the message.
|
|
# INFO - Cipher text: b'49cfacbb62659180c20dfbf9f7553488b3ea9ebeecd70ce2e5c4d4
|
|
# ece6def0d4'
|
|
# INFO - No autogenerated IV expected, since one was provided.
|
|
# INFO - Autogenerated IV: None
|
|
# $ python kmip/demos/pie/decrypt.py -c test -i 470 -m b'49cfacbb62659180c20df
|
|
# bf9f7553488b3ea9ebeecd70ce2e5c4d4ece6def0d4'
|
|
# INFO - Successfully decrypted the message.
|
|
# INFO - Plain text: 'My test message.'
|
|
|
|
|
|
if __name__ == '__main__':
|
|
logger = utils.build_console_logger(logging.INFO)
|
|
|
|
# Build and parse arguments
|
|
parser = utils.build_cli_parser(enums.Operation.DECRYPT)
|
|
opts, args = parser.parse_args(sys.argv[1:])
|
|
config = opts.config
|
|
uuid = opts.uuid
|
|
message = opts.message
|
|
|
|
if not message.startswith("b"):
|
|
raise ValueError("The message should be a byte string (e.g., b'...').")
|
|
else:
|
|
message = binascii.unhexlify(message[1:])
|
|
|
|
# Build the client and connect to the server
|
|
with client.ProxyKmipClient(config=config) as client:
|
|
# Decrypt the cipher text with the encryption key.
|
|
try:
|
|
plain_text = client.decrypt(
|
|
message,
|
|
uid=uuid,
|
|
cryptographic_parameters={
|
|
'cryptographic_algorithm':
|
|
enums.CryptographicAlgorithm.AES,
|
|
'block_cipher_mode': enums.BlockCipherMode.CBC,
|
|
'padding_method': enums.PaddingMethod.ANSI_X923
|
|
},
|
|
iv_counter_nonce=(
|
|
b'\x01\x7D\x45\xA0\x88\x08\x11\x11'
|
|
b'\xF0\x00\x12\xFF\x7A\x3A\x36\x90'
|
|
)
|
|
)
|
|
logger.info("Successfully decrypted the message.")
|
|
logger.info("Plain text: '{0}'".format(plain_text.decode('utf-8')))
|
|
except Exception as e:
|
|
logger.error(e)
|