SecureBlackbox 2020 Python Edition

Questions / Feedback?

KMIPClient Class

Properties   Methods   Events   Configuration Settings   Errors  

The KMIPClient class provides client-side functionality for KMIP.

Syntax

class secureblackbox.KMIPClient

Remarks

The Key Management Interoperability Protocol (KMIP) is an OASIS standard for communication between different key management servers and clients.

Property List


The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

data_fileA path to the file containing the unsigned data.
encoder_typeSpecifies the KMIP encoder type.
external_crypto_custom_paramsCustom parameters to be passed to the signing service (uninterpreted).
external_crypto_dataAdditional data to be included in the async state and mirrored back by the requestor.
external_crypto_external_hash_calculationSpecifies whether the message hash is to be calculated at the external endpoint.
external_crypto_hash_algorithmSpecifies the request's signature hash algorithm.
external_crypto_key_idThe ID of the pre-shared key used for DC request authentication.
external_crypto_key_secretThe pre-shared key used for DC request authentication.
external_crypto_methodSpecifies the asynchronous signing method.
external_crypto_modeSpecifies the external cryptography mode.
external_crypto_public_key_algorithmProvide public key algorithm here if the certificate is not available on the pre-signing stage.
hostSpecifies the host name of the KMIP server.
input_filePath to the file containing data to be signed, verified, encrypted or decrypted.
object_countThe number of records in the Object arrays.
object_idContains the value currently stored in the ID Placeholder.
object_key_algorithmThe cryptographic algorithm for this object.
object_key_lengthThe length of the cryptographic key.
object_object_typeThe type of this object.
object_sig_algorithmDigital signature algorithm for this object (only for certificates).
object_unique_identifierThe unique identifier of the object generated by the key management system.
output_fileSpecifies the file where the signed, encrypted, or decrypted data should be saved.
passwordSpecifies a password to authenticate to the KMIP server.
pinned_cert_bytesReturns raw certificate data in DER format.
pinned_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
pinned_cert_request_bytesProvides access to raw certificate request data in DER format.
pinned_cert_request_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
portSpecifies the port on the KMIP server to connect to.
proxy_addressThe IP address of the proxy server.
proxy_authenticationThe authentication type used by the proxy server.
proxy_passwordThe password to authenticate to the proxy server.
proxy_portThe port on the proxy server to connect to.
proxy_proxy_typeThe type of the proxy server.
proxy_request_headersContains HTTP request headers for WebTunnel and HTTP proxy.
proxy_response_bodyContains the HTTP or HTTPS (WebTunnel) proxy response body.
proxy_response_headersContains response headers received from an HTTP or HTTPS (WebTunnel) proxy server.
proxy_use_i_pv6Specifies whether IPv6 should be used when connecting through the proxy.
proxy_use_proxyEnables or disables proxy-driven connection.
proxy_usernameSpecifies the username credential for proxy authentication.
signature_validation_resultThe signature validation result.
socket_dns_modeSelects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system.
socket_dns_portSpecifies the port number to be used for sending queries to the DNS server.
socket_dns_query_timeoutThe timeout (in milliseconds) for each DNS query.
socket_dns_serversThe addresses of DNS servers to use for address resolution, separated by commas or semicolons.
socket_dns_total_timeoutThe timeout (in milliseconds) for the whole resolution process.
socket_incoming_speed_limitThe maximum number of bytes to read from the socket, per second.
socket_local_addressThe local network interface to bind the socket to.
socket_local_portThe local port number to bind the socket to.
socket_outgoing_speed_limitThe maximum number of bytes to write to the socket, per second.
socket_timeoutThe maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful.
socket_use_i_pv6Enables or disables IP protocol version 6.
tls_client_cert_countThe number of records in the TLSClientCert arrays.
tls_client_cert_bytesReturns raw certificate data in DER format.
tls_client_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
tls_server_cert_countThe number of records in the TLSServerCert arrays.
tls_server_cert_bytesReturns raw certificate data in DER format.
tls_server_cert_handleAllows to get or set a 'handle', a unique identifier of the underlying property object.
tls_auto_validate_certificatesSpecifies whether server-side TLS certificates should be validated automatically using internal validation rules.
tls_base_configurationSelects the base configuration for the TLS settings.
tls_ciphersuitesA list of ciphersuites separated with commas or semicolons.
tlsec_curvesDefines the elliptic curves to enable.
tls_force_resume_if_destination_changesWhether to force TLS session resumption when the destination address changes.
tls_pre_shared_identityDefines the identity used when the PSK (Pre-Shared Key) key-exchange mechanism is negotiated.
tls_pre_shared_keyContains the pre-shared for the PSK (Pre-Shared Key) key-exchange mechanism, encoded with base16.
tls_pre_shared_key_ciphersuiteDefines the ciphersuite used for PSK (Pre-Shared Key) negotiation.
tls_renegotiation_attack_prevention_modeSelects renegotiation attack prevention mechanism.
tls_revocation_checkSpecifies the kind(s) of revocation check to perform.
tlsssl_optionsVarious SSL (TLS) protocol options, set of cssloExpectShutdownMessage 0x001 Wait for the close-notify message when shutting down the connection cssloOpenSSLDTLSWorkaround 0x002 (DEPRECATED) Use a DTLS version workaround when talking to very old OpenSSL versions cssloDisableKexLengthAlignment 0x004 Do not align the client-side PMS by the RSA modulus size.
tlstls_modeSpecifies the TLS mode to use.
tls_use_extended_master_secretEnables Extended Master Secret Extension, as defined in RFC 7627.
tls_use_session_resumptionEnables or disables TLS session resumption capability.
tls_versionsTh SSL/TLS versions to enable by default.
usernameThe username to authenticate to the KMIP server.

Method List


The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

add_certificateImports a certificate to the KMIP server.
add_keyImports a key to the KMIP server.
add_pinnedImports a certificate to the KMIP server.
configSets or retrieves a configuration setting.
decryptDecrypts the provided data using a key stored on the KMIP server.
encryptEncrypts the provided data using a key stored on the KMIP server.
generate_certGenerates a new certificate on the KMIP server.
generate_cert_from_pinnedGenerates a new certificate on the KMIP server from the pinned certificate.
generate_cert_from_requestGenerates a new certificate on the KMIP server from the certificate request.
generate_keyGenerates a symmetric key or an asymmetric key pair on the KMIP server.
get_listRetrieves the list of objects of a given type.
removeRemoves the specified object from the server.
signSigns the data using a key on the KMIP server.
verifyVerifies digitally signed data.

Event List


The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

on_errorProvides information about errors during KMIP operations.
on_external_signHandles remote or external signing initiated by the SignExternal method or other source.
on_notificationThis event notifies the application about an underlying control flow event.
on_tls_cert_validateThis event is fired upon receipt of the TLS server's certificate, allowing the user to control its acceptance.

Configuration Settings


The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.

BlockCipherModeBlock cipher mode to use for encrypting or decrypting.
BlockSizeBlock size of data for encrypting, decrypting or signing.
CurveName of the curve of the newly added elliptic cryptography (EC) key.
HashAlgorithmHash algorithm to use for signing or verifying.
IVCounterNonceInitialization vector, counter or nonce for encrypting or decrypting.
MajorProtocolVersionMajor protocol version of the KMIP server.
MaximumItemsThe maximum number of items to be returned on getting the object list.
MinorProtocolVersionMinor protocol version of the KMIP server.
OffsetItemsThe number of items to skip on getting the object list.
PaddingMethodPadding method to use for encrypting or decrypting.
RandomIVWhether to generate the initialization vector automatically.
TagLengthTag length to use for encrypting or decrypting.
TempPathPath for storing temporary files.
CheckKeyIntegrityBeforeUseEnables or disable private key integrity check before use.
CookieCachingSpecifies whether a cookie cache should be used for HTTP(S) transports.
CookiesGets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only).
DefDeriveKeyIterationsSpecifies the default key derivation algorithm iteration count.
EnableClientSideSSLFFDHEEnables or disables finite field DHE key exchange support in TLS clients.
GlobalCookiesGets or sets global cookies for all the HTTP transports.
HttpUserAgentSpecifies the user agent name to be used by all HTTP clients.
LogDestinationSpecifies the debug log destination.
LogDetailsSpecifies the debug log details to dump.
LogFileSpecifies the debug log filename.
LogFiltersSpecifies the debug log filters.
LogFlushModeSpecifies the log flush mode.
LogLevelSpecifies the debug log level.
LogMaxEventCountSpecifies the maximum number of events to cache before further action is taken.
LogRotationModeSpecifies the log rotation mode.
MaxASN1BufferLengthSpecifies the maximal allowed length for ASN.1 primitive tag data.
MaxASN1TreeDepthSpecifies the maximal depth for processed ASN.1 trees.
OCSPHashAlgorithmSpecifies the hash algorithm to be used to identify certificates in OCSP requests.
UseOwnDNSResolverSpecifies whether the client classes should use own DNS resolver.
UseSharedSystemStoragesSpecifies whether the validation engine should use a global per-process copy of the system certificate stores.
UseSystemOAEPAndPSSEnforces or disables the use of system-driven RSA OAEP and PSS computations.
UseSystemRandomEnables or disables the use of the OS PRNG.

Copyright (c) 2022 /n software inc. - All rights reserved.
SecureBlackbox 2020 Python Edition - Version 20.0 [Build 8165]