search

OpenKMIP / PyKMIP

A Python implementation of the KMIP specification.
Apache License 2.0
272 stars 134 forks source link

How to get rsa , des , sm4 from kmip? How to write a request #641

Open hxszha opened 3 years ago

hxszha commented 3 years ago

please help me . now , I only can get aes key from kmip server .when I want to get des or rsa, the server return the same error ID is 7. my des request like this: Batch Items: 1 Request Batch Item @ 0x7ffccb1db8f0 Operation: Create Unique Batch Item ID @ (nil) Create Request Payload @ 0x7ffccb1db910 Object Type: Symmetric Key Template Attribute @ 0x7ffccb1db890 Names: 0 Attributes: 3 Attribute @ 0x7ffccb1db960 Attribute Name: Cryptographic Algorithm Attribute Index: - Attribute Value: DES Attribute @ 0x7ffccb1db970 Attribute Name: Cryptographic Length Attribute Index: - Attribute Value: 64 Attribute @ 0x7ffccb1db980 Attribute Name: Cryptographic Usage Mask Attribute Index: - Attribute Value: Encrypt Decrypt

and my rsa request like this: Batch Items: 1 Request Batch Item @ 0x7ffd3e59fe40 Operation: Create Unique Batch Item ID @ (nil) Create Request Payload @ 0x7ffd3e59fe60 Object Type: Private Key Template Attribute @ 0x7ffd3e59fde0 Names: 0 Attributes: 3 Attribute @ 0x7ffd3e59feb0 Attribute Name: Cryptographic Algorithm Attribute Index: - Attribute Value: RSA Attribute @ 0x7ffd3e59fec0 Attribute Name: Cryptographic Length Attribute Index: - Attribute Value: 2048 Attribute @ 0x7ffd3e59fed0 Attribute Name: Cryptographic Usage Mask Attribute Index: - Attribute Value: Sign

the server‘s log is : 2021-02-25 20:40:18,687 - kmip.server.session.00001094 - DEBUG - Session cipher selected: ('ECDHE-RSA-AES256-SHA384', 'TLSv1/SSLv3', 256) 2021-02-25 20:40:18,696 - kmip.server.session.00001094 - INFO - Username and password verify success, username:DHTester 2021-02-25 20:40:18,697 - kmip.server.session.00001094 - DEBUG - No authentication plugins are enabled. The client identity will be extracted from the client certificate. 2021-02-25 20:40:18,700 - kmip.server.session.00001094 - DEBUG - Extraction succeeded for client identity: KmipClient 2021-02-25 20:40:18,700 - kmip.server.session.00001094 - INFO - Session client identity: KmipClient 2021-02-25 20:40:18,715 - kmip.server.engine - DEBUG - Request specified KMIP version: 1.0 2021-02-25 20:40:18,717 - kmip.server.engine - INFO - Processing operation: Create 2021-02-25 20:40:18,719 - kmip.server.session.00001094 - DEBUG - Response encoding: 42007b01000000d042007a0100000048420069010000002042006a0200000004000000010000000042006b0200000004000000000000000042009209000000080000000060379ab242000d0200000004000000010000000042000f010000007842005c0500000004000000010000000042007f0500000004000000010000000042007e0500000004000000070000000042007d070000003c43616e6e6f7420637265617465206120507269766174654b6579206f626a65637420776974682074686520437265617465206f7065726174696f6e2e00000000 2021-02-25 20:40:19,535 - kmip.server.session.00001094 - INFO - Stopping session: 00001094

but I cannot get key from server.The errorID is 7 ,my kmip client just get, please help, how to get des, rsa and sm4 from server,

PeterHamilton commented 3 years ago

Hi @hxszha, thanks for filing this issue. An error code of 7 likely indicates an invalid field in your Get request. Can you post the client and server logs that are produced when you attempt to retrieve your keys? Are you using libkmip or a different client library?

hxszha commented 3 years ago

I am using libkmip, And my code just like this: ///pack msg keyLen = 2048; algorithm = KMIP_CRYPTOALG_RSA; attribute[0].type = KMIP_ATTR_CRYPTOGRAPHIC_ALGORITHM; attribute[0].value = &algorithm; int32 length = keyLen; attribute[1].type = KMIP_ATTR_CRYPTOGRAPHIC_LENGTH; attribute[1].value = &length; int mask = KMIP_CRYPTOMASK_SIGN; attribute[2].type = KMIP_ATTR_CRYPTOGRAPHIC_USAGE_MASK; attribute[2].value = &mask; TemplateAttribute templateAttribute = {0};
templateAttribute.attributes = attribute; templateAttribute.attribute_count = ARRAY_LENGTH(attribute); CreateRequestPayload createRequestPayload = {KMIP_OBJTYPE_PRIVATE_KEY, &templateAttribute}; RequestBatchItem requestBatchItem = {KMIP_OP_CREATE, NULL, &createRequestPayload};
RequestMessage requestMessage = {0};
requestMessage.request_header = &requestHeader; requestMessage.batch_items = &requestBatchItem; requestMessage.batch_count = 1;

/// send
if (sendMessage(requestMessage))
{
    log_warn("sendMessage fail");
    return -1;
}
/// recv
ResponseMessage responseMessage = {0};
void* pResponsePayload = NULL;
enum result_reason resultReason = KMIP_REASON_GENERAL_FAILURE;
if (ReceiveMessage(responseMessage, &pResponsePayload, resultReason))

then I just recv errorID is 7 . so ,...what should I change.

by the way, The server has been open debug log: logging_level=DEBUG But the log is less, like this: 2021-02-25 20:40:18,687 - kmip.server.session.00001094 - DEBUG - Session cipher selected: ('ECDHE-RSA-AES256-SHA384', 'TLSv1/SSLv3', 256) 2021-02-25 20:40:18,696 - kmip.server.session.00001094 - INFO - Username and password verify success, username:DHTester 2021-02-25 20:40:18,697 - kmip.server.session.00001094 - DEBUG - No authentication plugins are enabled. The client identity will be extracted from the client certificate. 2021-02-25 20:40:18,700 - kmip.server.session.00001094 - DEBUG - Extraction succeeded for client identity: KmipClient 2021-02-25 20:40:18,700 - kmip.server.session.00001094 - INFO - Session client identity: KmipClient 2021-02-25 20:40:18,715 - kmip.server.engine - DEBUG - Request specified KMIP version: 1.0 2021-02-25 20:40:18,717 - kmip.server.engine - INFO - Processing operation: Create 2021-02-25 20:40:18,719 - kmip.server.session.00001094 - DEBUG - Response encoding: 42007b01000000d042007a0100000048420069010000002042006a0200000004000000010000000042006b0200000004000000000000000042009209000000080000000060379ab242000d0200000004000000010000000042000f010000007842005c0500000004000000010000000042007f0500000004000000010000000042007e0500000004000000070000000042007d070000003c43616e6e6f7420637265617465206120507269766174654b6579206f626a65637420776974682074686520437265617465206f7065726174696f6e2e00000000 2021-02-25 20:40:19,535 - kmip.server.session.00001094 - INFO - Stopping session: 00001094

so, what's the problem with my code .

PeterHamilton commented 3 years ago

You cannot create a PrivateKey using the Create operation. You need to use the CreateKeyPair operation, which libkmip does not currently support. You can only Get and Delete PrivateKeys with libkmip as of the current release. You can however use the PyKMIP client to create PrivateKeys using the CreateKeyPair operation, see here.

hxszha commented 3 years ago

thank you so much for your response, can I get sm4 and creat sm4 by libkmip?any examples can I refer to。 发自我的iPhone

在 2021年2月27日,00:14,Peter Hamilton notifications@github.com 写道:

 You cannot create a PrivateKey using the Create operation. You need to use the CreateKeyPair operation, which libkmip does not currently support. You can only Get and Delete PrivateKeys with libkmip as of the current release. You can however use the PyKMIP client to create PrivateKeys using the CreateKeyPair operation, see here.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

hxszha commented 3 years ago

thank you so much for your response, can I get sm4 and creat sm4 by libkmip?any examples can I refer to。

PeterHamilton commented 3 years ago

You can create an SM4 key by using KMIP_CRYPTOALG_SM4 as the algorithm value. However, the PyKMIP server does not currently support SM4 key creation; it's available in pyca/cryptography, which is what we use for the server cryptography functionality, but we would need to update the mapping in the engine (along with the associated tests) to enable that functionality. If you are using libkmip with another KMIP server this isn't an issue.