GitHub - ecreall/keas.kmi: A Key Management Infrastructure

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 75 Commits
src/keas		src/keas
.gitignore		.gitignore
.travis.yml		.travis.yml
CHANGES.txt		CHANGES.txt
MANIFEST.in		MANIFEST.in
README.txt		README.txt
bootstrap.py		bootstrap.py
buildout.cfg		buildout.cfg
generate-sample-cert.sh		generate-sample-cert.sh
sample.crt		sample.crt
sample.key		sample.key
server.ini		server.ini
setup.py		setup.py
zope.conf		zope.conf

Repository files navigation

This package provides a NIST SP 800-57 compliant Key Management Infrastructure
(KMI).

To get started do::

  $ python bootstrap.py # Must be Python 2.7 or higher
  $ ./bin/buildout     # Depends on successful compilation of M2Crypto
  $ ./bin/runserver    # or ./bin/gunicorn --paste server.ini

The server will come up on port 8080. You can create a new key encrypting key
using::

  $ wget https://localhost:8080/new -O kek.dat --ca-certificate sample.crt \
         --post-data=""

or, if you want a more convenient tool::

  $ ./bin/testclient https://localhost:8080 -n > kek.dat

The data encryption key can now be retrieved by posting the KEK to another
URL::

  $ wget https://localhost:8080/key --header 'Content-Type: text/plain' \
         --post-file kek.dat -O datakey.dat --ca-certificate sample.crt

or ::

  $ ./bin/testclient https://localhost:8080 -g kek.dat > datakey.dat

Note: To be compliant, the server must use an encrypted communication channel
of course.  The ``--ca-certificate`` tells wget to trust the sample self-signed
certificate included in the keas.kmi distribution; you'll want to generate a
new SSL certificate for production use.