search

OpenKMIP / PyKMIP

A Python implementation of the KMIP specification.
Apache License 2.0
272 stars 134 forks source link

Add support to perform create elliptic curve key-pair operation #646

Open mshamn6x opened 3 years ago

mshamn6x commented 3 years ago

Hi @PeterHamilton,

I tried elliptic key-pair creation with a python client implementation script as mentioned in documentation.

def CreateEC():
    print("Perform EC Key create OPERATION")
    with c:
        print("CREATE EC")
        key_id = c.create_key_pair(
            enums.CryptographicAlgorithm.EC,
           1024,
            public_usage_mask=[
                enums.CryptographicUsageMask.VERIFY
            ],
            private_usage_mask=[
                enums.CryptographicUsageMask.SIGN
            ]
        )  
        print("CREATED KEY ID ",key_id)
        print("Private KEY ID ",key_id[1])

It gave the following error in output.

Perform EC Key create OPERATION
CREATE EC
Traceback (most recent call last):
  File "c:/Users/mshanm6x/OneDrive - Intel Corporation/Documents/Work/KMIP-Q4/createRSA/rsa.py", line 80, in <module>
    main()
  File "c:/Users/mshanm6x/OneDrive - Intel Corporation/Documents/Work/KMIP-Q4/createRSA/rsa.py", line 61, in main
    CreateEC()
  File "c:/Users/mshanm6x/OneDrive - Intel Corporation/Documents/Work/KMIP-Q4/createRSA/rsa.py", line 26, in CreateEC
    enums.CryptographicUsageMask.SIGN
  File "C:\Python27\lib\site-packages\kmip\pie\client.py", line 41, in wrapper
    return function(self, *args, **kwargs)
  File "C:\Python27\lib\site-packages\kmip\pie\client.py", line 390, in create_key_pair
    raise exceptions.KmipOperationFailure(status, reason, message)
kmip.pie.exceptions.KmipOperationFailure: OPERATION_FAILED: INVALID_FIELD - The cryptographic algorithm (CryptographicAlgorithm.EC) is not a supported asymmetric key algorithm.

Server DEBUG log,

2021-05-11 20:06:17,951 - kmip.server - INFO - Receiving incoming connection from: 10.104.165.142:55267 2021-05-11 20:06:17,951 - kmip.server - INFO - Dedicating session 00000002 to 10.104.165.142:55267 2021-05-11 20:06:17,952 - kmip.server.session.00000002 - INFO - Starting session: 00000002 2021-05-11 20:06:18,686 - kmip.server.session.00000002 - DEBUG - Possible session ciphers: 7 2021-05-11 20:06:18,686 - kmip.server.session.00000002 - DEBUG - ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256) 2021-05-11 20:06:18,687 - kmip.server.session.00000002 - DEBUG - ('TLS_CHACHA20_POLY1305_SHA256', 'TLSv1.3', 256) 2021-05-11 20:06:18,687 - kmip.server.session.00000002 - DEBUG - ('TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128) 2021-05-11 20:06:18,687 - kmip.server.session.00000002 - DEBUG - ('TLS_AES_128_CCM_SHA256', 'TLSv1.3', 128) 2021-05-11 20:06:18,688 - kmip.server.session.00000002 - DEBUG - ('AES256-SHA256', 'TLSv1.2', 256) 2021-05-11 20:06:18,688 - kmip.server.session.00000002 - DEBUG - ('AES128-SHA256', 'TLSv1.2', 128) 2021-05-11 20:06:18,688 - kmip.server.session.00000002 - DEBUG - ('ECDHE-ECDSA-AES256-SHA384', 'TLSv1.2', 256) 2021-05-11 20:06:18,689 - kmip.server.session.00000002 - DEBUG - Session cipher selected: ('AES256-SHA256', 'TLSv1.2', 256) 2021-05-11 20:06:18,707 - kmip.server.session.00000002 - DEBUG - No authentication plugins are enabled. The client identity will be extracted from the client certificate. 2021-05-11 20:06:18,707 - kmip.server.session.00000002 - DEBUG - Extraction succeeded for client identity: Client Certificate 2021-05-11 20:06:18,707 - kmip.server.session.00000002 - INFO - Session client identity: Client Certificate 2021-05-11 20:06:18,709 - kmip.server.engine - DEBUG - Request specified KMIP version: 2.0 2021-05-11 20:06:18,709 - kmip.server.engine - INFO - Received request at time: 2021-05-12 03:06:18 2021-05-11 20:06:18,710 - kmip.server.engine - INFO - Processing operation: CreateKeyPair 2021-05-11 20:06:19,001 - kmip.server.session.00000002 - INFO - Stopping session: 00000002

I'm able to create an RSA key with this create_key_pair(). And I tried above mentioned code with different KMIP server where EC is supported, there it returned error "invalid curve type", there also unable to create EC key-pairs , we need curve type to create EC keys right ? this create_key_pair() don't have any arguments for curve type.

Whether this way of execution is correct? Or I missed something?

Kindly add support to perform EC keys, If any another way to perform this operation kindly leave a reply.

Thank you.

PeterHamilton commented 3 years ago

Hi @mshamn6x, thanks for filing this issue. Unfortunately PyKMIP does not support generating elliptic curve key pairs at this time. I'll add this request to our backlog but it will likely be a while before we get to it.

mshamn6x commented 3 years ago

Hi @PeterHamilton thank you for your response.