Key Buffer Example

Nubeva provides a Python script running a Flask application server that implements a DTLS key target and buffer for receiving and storing keys in memory.

Note

The Key Buffer script is provided for illustrating the use of the APIs. You may modify this code any way you like, or use it as a reference to build your own services.

Run the Key Buffer Example

  1. Add DNS resolution of key.nubedge.com to 127.0.0.1 to /etc/hosts on the Key Server instance.
  2. Run the API Server container:
docker run -p 4443:4443/TCP -p 4443:4443/UDP --name nubeva-ks -dit  nubevalab/nubeva-ks
  1. Add DNS resolution of key.nubedge.com to point to the IP address of the Key Server to instances running SKI sensors and SKI Decryptors.
  2. If you would like to configure SKI Sensors or SKI Decryptors from the Key Server, set the baseurl to https://key.nubedge.com:4443/
  3. If you would like SKI Sensors to send session keys to the Key Server, set the sslcredobj to point to the API server as described in Sensor Command Line Parameters. Do the same for SKI Decryptors as described in Decryptor Command Line Parameters.

Key Buffer Script

You can inspect the contents of the Key Server container by running:

docker exec -it nubeva-ks bash

Input Parameters

The container runs the script using default parameter values:

  • ca_path: Path to CA cert. Linux Default: /opt/nubevaTools/ca. Windows Default: C:\\Users\\
  • certs_path: Path to certs. Linux Default: /opt/nubevaTools/certs. Windows Default: C:\\Users\\
  • certs_name: Name for .ca, .key, .pem files. The default is nubedge: nubedge.ca, nubedge.key, nubedge.pem
  • nssfile_path: Path to nsslogfile including filename e.g. /host/home/ec2-user/keys.log

FastKey Protocol API

../_images/KeyDeliveryandRetrieval.png

The scripts runs a thread to process process FastKey Protocol DTLS messages. The DTLS handler function is dtls, which calls readdtls to process each message.

dtls()

Sets up the DTLS channel and listens for DTLS messages.

  • Parameters:

    nssfile_path: passed from main()

    ca_path: passed main()

    certs_path: passed from main()

    certs_name: passed from main()

readdtls()

Processes a DTLS message, stores the key object in memory and if specified, writes keys to the key log file.

  • Parameters:

    nssfile_path: passed in from dtls()

    conn: DTLS connection object passed dtls()

storebatch()

REST backup call for passing keys. Processes a list of JSON key objects. Stores each key in memory and if specified, writes keys to the key log file.

get()

REST key lookup based on a client-random value.

dumpkeys()

REST key dump helper function to test that keys are received and stored.