Key Buffer Example¶
Nubeva provides a Python script running a Flask application server that implements a DTLS key target and buffer for receiving and storing keys in memory.
The Key Buffer script is provided for illustrating the use of the APIs. You may modify this code any way you like, or use it as a reference to build your own services.
Run the Key Buffer Example¶
- Add DNS resolution of
key.nubedge.comto 127.0.0.1 to /etc/hosts on the Key Server instance.
- Run the API Server container:
docker run -p 4443:4443/TCP -p 4443:4443/UDP --name nubeva-ks -dit nubevalab/nubeva-ks
- Add DNS resolution of
key.nubedge.comto point to the IP address of the Key Server to instances running SKI sensors and SKI Decryptors.
- If you would like to configure SKI Sensors or SKI Decryptors from the Key Server, set the
- If you would like SKI Sensors to send session keys to the Key Server, set the
sslcredobjto point to the API server as described in Sensor Command Line Parameters. Do the same for SKI Decryptors as described in Decryptor Command Line Parameters.
Key Buffer Script¶
You can inspect the contents of the Key Server container by running:
docker exec -it nubeva-ks bash
The container runs the script using default parameter values:
- ca_path: Path to CA cert. Linux Default:
/opt/nubevaTools/ca. Windows Default:
- certs_path: Path to certs. Linux Default:
/opt/nubevaTools/certs. Windows Default:
- certs_name: Name for .ca, .key, .pem files. The default is
- nssfile_path: Path to nsslogfile including filename e.g.
FastKey Protocol API¶
The scripts runs a thread to process process FastKey Protocol DTLS messages. The DTLS handler function is
dtls, which calls
readdtls to process each message.
Sets up the DTLS channel and listens for DTLS messages.
nssfile_path: passed from main()
ca_path: passed main()
certs_path: passed from main()
certs_name: passed from main()
Processes a DTLS message, stores the key object in memory and if specified, writes keys to the key log file.
nssfile_path: passed in from dtls()
conn: DTLS connection object passed dtls()
REST backup call for passing keys. Processes a list of JSON key objects. Stores each key in memory and if specified, writes keys to the key log file.
REST key lookup based on a client-random value.
REST key dump helper function to test that keys are received and stored.