Python Setup
python3 -m venv cli_envsource cli_env/bin/activatepip install -r requirements.txt
python cse_cmd.py -h
- Create a directory for storing all wrapped private keys.
Ex:$root/wrapped_keys
- The wrapped private key file for each user should have basename as email-id
and a '.wrap' extension.
Ex:$root/wrapped_keys/user1@example.com.wrap - The wrapped private key file should have a json object with
two required fields:
{ 'kacls_url': 'url of kacls configured in CSE Admin Console', 'wrapped_private_key': 'wrapped private key bytes' }
- Create a directory for storing all certificates in p7 pem format.
Ex:$root/p7pem_certs
- The certificate file should contain the full chain to root CA and should
have basename as email-id and a '.p7pem' extension.
Ex:
$root/p7pem_certs/user1@example.com.p7pem - If you have p7b file, you can use the following openssl command to convert
it to a p7 pem format:
openssl pkcs7 -inform DER -in {old_name.p7b} -outform PEM -out {new_name.p7pem}
-
Note that all commands require the following argument
--creds: a json file contains credentials to the service account created in you GCP project. After creating a service account, you can download the credentials to that account to a json file, which you will use here.
Ex: stored at$root/svc_acct_creds.json -
Easiest is to run the 'insert' command to insert key pairs and identities. Ex:
python cse_cmd.py insert
--creds $root/svc_acct_creds.json
--inkeydir $root/wrapped_keys
--incertdir $root/p7pem_certs
- alternatively, you could run
insert_keypair, note down the keypair id and then runinsert_identityusing that keypair id. You can also get the keypair id by runninglist_keypaircommand.
- You can check if user has a valid cse keypair or identity by running
list_keypairand/orlist_identity