ckms 5.20.1

Command Line Interface used to manage the Cosmian KMS server. If any assistance is needed, please either visit the Cosmian technical documentation at https://docs.cosmian.com or contact the Cosmian support team on Discord https://discord.com/invite/7kPMNtHpnz
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64

use cosmian_kms_cli_actions::{
    actions::symmetric::keys::create_key::CreateKeyAction,
    reexport::cosmian_kms_client::reexport::cosmian_kms_client_utils::export_utils::WrappingAlgorithm,
};
use cosmian_logger::{debug, log_init};
use tempfile::TempDir;
use test_kms_server::start_default_test_kms_server;

use crate::{
    error::result::CosmianResult,
    tests::{
        save_kms_cli_config,
        shared::{ExportKeyParams, ImportKeyParams, export_key, import_key},
        symmetric::create_key::create_symmetric_key,
    },
};

#[tokio::test]
pub(crate) async fn test_wrap_on_export_unwrap_on_import() -> CosmianResult<()> {
    log_init(option_env!("RUST_LOG"));
    // log_init(Some("debug"));
    // init the test server
    let ctx = start_default_test_kms_server().await;
    let (owner_client_conf_path, user_client_conf_path) = save_kms_cli_config(ctx);

    // create a temp dir
    let tmp_dir = TempDir::new()?;
    let tmp_path = tmp_dir.path();

    // Generate a symmetric wrapping key
    let kek_id = create_symmetric_key(&owner_client_conf_path, CreateKeyAction::default())?;

    // Generate a symmetric key to wrap
    let dek_path = tmp_path.join("dek.key");
    let dek_file = dek_path.to_str().unwrap().to_string();
    let dek_id = create_symmetric_key(&owner_client_conf_path, CreateKeyAction::default())?;

    // Export and import the key with different block cipher modes
    for wrapping_algorithm in [WrappingAlgorithm::AesGCM, WrappingAlgorithm::NistKeyWrap] {
        debug!("wrapping algorithm: {:?}", wrapping_algorithm);
        export_key(ExportKeyParams {
            cli_conf_path: user_client_conf_path.clone(),
            sub_command: "sym".to_owned(),
            key_id: dek_id.clone(),
            key_file: dek_file.clone(),
            wrap_key_id: Some(kek_id.clone()),
            wrapping_algorithm: Some(wrapping_algorithm.clone()),
            ..Default::default()
        })?;

        let imported_key_id = import_key(ImportKeyParams {
            cli_conf_path: user_client_conf_path.clone(),
            sub_command: "sym".to_string(),
            key_file: dek_file.clone(),
            key_id: Some(dek_id.clone()),
            unwrap: true,
            replace_existing: true,
            ..Default::default()
        })?;
        debug!("imported key id: {imported_key_id}",);
    }

    Ok(())
}