Add support to perform create elliptic curve key-pair operation
Opened this issue · 2 comments
Hi @PeterHamilton,
I tried elliptic key-pair creation with a python client implementation script as mentioned in documentation.
def CreateEC():
print("Perform EC Key create OPERATION")
with c:
print("CREATE EC")
key_id = c.create_key_pair(
enums.CryptographicAlgorithm.EC,
1024,
public_usage_mask=[
enums.CryptographicUsageMask.VERIFY
],
private_usage_mask=[
enums.CryptographicUsageMask.SIGN
]
)
print("CREATED KEY ID ",key_id)
print("Private KEY ID ",key_id[1])
It gave the following error in output.
Perform EC Key create OPERATION
CREATE EC
Traceback (most recent call last):
File "c:/Users/mshanm6x/OneDrive - Intel Corporation/Documents/Work/KMIP-Q4/createRSA/rsa.py", line 80, in <module>
main()
File "c:/Users/mshanm6x/OneDrive - Intel Corporation/Documents/Work/KMIP-Q4/createRSA/rsa.py", line 61, in main
CreateEC()
File "c:/Users/mshanm6x/OneDrive - Intel Corporation/Documents/Work/KMIP-Q4/createRSA/rsa.py", line 26, in CreateEC
enums.CryptographicUsageMask.SIGN
File "C:\Python27\lib\site-packages\kmip\pie\client.py", line 41, in wrapper
return function(self, *args, **kwargs)
File "C:\Python27\lib\site-packages\kmip\pie\client.py", line 390, in create_key_pair
raise exceptions.KmipOperationFailure(status, reason, message)
kmip.pie.exceptions.KmipOperationFailure: OPERATION_FAILED: INVALID_FIELD - The cryptographic algorithm (CryptographicAlgorithm.EC) is not a supported asymmetric key algorithm.
Server DEBUG log,
2021-05-11 20:06:17,951 - kmip.server - INFO - Receiving incoming connection from: 10.104.165.142:55267
2021-05-11 20:06:17,951 - kmip.server - INFO - Dedicating session 00000002 to 10.104.165.142:55267
2021-05-11 20:06:17,952 - kmip.server.session.00000002 - INFO - Starting session: 00000002
2021-05-11 20:06:18,686 - kmip.server.session.00000002 - DEBUG - Possible session ciphers: 7
2021-05-11 20:06:18,686 - kmip.server.session.00000002 - DEBUG - ('TLS_AES_256_GCM_SHA384', 'TLSv1.3', 256)
2021-05-11 20:06:18,687 - kmip.server.session.00000002 - DEBUG - ('TLS_CHACHA20_POLY1305_SHA256', 'TLSv1.3', 256)
2021-05-11 20:06:18,687 - kmip.server.session.00000002 - DEBUG - ('TLS_AES_128_GCM_SHA256', 'TLSv1.3', 128)
2021-05-11 20:06:18,687 - kmip.server.session.00000002 - DEBUG - ('TLS_AES_128_CCM_SHA256', 'TLSv1.3', 128)
2021-05-11 20:06:18,688 - kmip.server.session.00000002 - DEBUG - ('AES256-SHA256', 'TLSv1.2', 256)
2021-05-11 20:06:18,688 - kmip.server.session.00000002 - DEBUG - ('AES128-SHA256', 'TLSv1.2', 128)
2021-05-11 20:06:18,688 - kmip.server.session.00000002 - DEBUG - ('ECDHE-ECDSA-AES256-SHA384', 'TLSv1.2', 256)
2021-05-11 20:06:18,689 - kmip.server.session.00000002 - DEBUG - Session cipher selected: ('AES256-SHA256', 'TLSv1.2', 256)
2021-05-11 20:06:18,707 - kmip.server.session.00000002 - DEBUG - No authentication plugins are enabled. The client identity will be extracted from the client certificate.
2021-05-11 20:06:18,707 - kmip.server.session.00000002 - DEBUG - Extraction succeeded for client identity: Client Certificate
2021-05-11 20:06:18,707 - kmip.server.session.00000002 - INFO - Session client identity: Client Certificate
2021-05-11 20:06:18,709 - kmip.server.engine - DEBUG - Request specified KMIP version: 2.0
2021-05-11 20:06:18,709 - kmip.server.engine - INFO - Received request at time: 2021-05-12 03:06:18
2021-05-11 20:06:18,710 - kmip.server.engine - INFO - Processing operation: CreateKeyPair
2021-05-11 20:06:19,001 - kmip.server.session.00000002 - INFO - Stopping session: 00000002
I'm able to create an RSA key with this create_key_pair(). And I tried above mentioned code with different KMIP server where EC is supported, there it returned error "invalid curve type", there also unable to create EC key-pairs , we need curve type to create EC keys right ? this create_key_pair() don't have any arguments for curve type.
Whether this way of execution is correct? Or I missed something?
Kindly add support to perform EC keys, If any another way to perform this operation kindly leave a reply.
Thank you.
Hi @mshamn6x, thanks for filing this issue. Unfortunately PyKMIP does not support generating elliptic curve key pairs at this time. I'll add this request to our backlog but it will likely be a while before we get to it.
Hi @PeterHamilton thank you for your response.