Skip to main content

Enigma Bridge Installer

Project description

EnigmaBridge Installer

This python installer helps witl deploying EnigmaBridge products to the virtual machines. For now we support

  • EJBCA (PKI) deployment

  • Private Space deployment (VPN + other services)

Features

  • OpenVPN

  • EJBCA 6.3.1.1

  • JBoss EAP 6.4

  • SoftHSMv1-EnigmaBridge PKCS#11 adapter

  • EnigmaBridge Dynamic DNS for AWS

SoftHSMv1-EnigmaBridge PKCS#11 adapter

SoftHSMv1-EB is a PKCS#11 interface for EnigmaBridge services. Using this adapter one can use our services using the generic PKCS#11 interface without need to modify the software.

Like in EJBCA case, there is no need to modify the software which supports PKCS#11, just plug our adapter to it and it starts working.

One can for example generate RSA keys via PKCS#11 adapter and call encrypt, decrypt, sign, verify operations on it. The keys are securely stored on EnigmaBridge servers, in the secure hardware. The cryptographic operation itself is performed in the secure hardware in a transparent way.

Dynamic DNS

Amazon provides IP address to your EC2 instance from the IP pool. This kind of address is re-allocated after your instance is turned off. After next start it will get a new IP address.

Usually its convenient to have a static IP so you can map it to the domain name or put in the config files, manuals, etc… You can buy Amazon Elastic IP which remains static even after instance restart or you can use our EnigmaBridge Dynamic DNS feature for the AWS.

During the initialization we allocate a new domains for your running instance, e.g., sunderland1.pki.enigmabridge.com. It has A record pointing to your current IP address.

After you restart your instance, our script is started. It connects to our DNS server and updates the A record for your domain in a secure way - request is signed with the key generated when domain was created.

Time to live of the record is 600 seconds so after the restart the hostname is updated in 10 minutes.

In this way you will get the static DNS name even if your IP changes.

Requirements

Generally the host need to have TCP port 443 open for LetsEncrypt domain verification. Without that you won’t get valid SSL certificate for your CA domain and you won’t be able to access administration console of your EJBCA installation in a secure way.

The EJBCA itself runs on TCP port 8443. It depends on you how you set it. It don’t necessarily have to be open to the world-fine. Its enough if you can access it somehow. e.g., it’s possible to access EJBCA admin via SSH tunnel. ssh -L 8443:localhost:8443 ami_ip

Init

The init command starts a new fresh installation. If a previous installation is present it asks user whether to proceed, backups the old installation databases and config files and installs a new one.

Troubleshooting

Error in installation of dependencies (cryptography, pyOpenSSL): sorry, but this version only supports 100 named groups [100-named-groups]

Solution: Install downgraded version of pycparser and pyOpenSSL:

pip install pycparser==2.13
pip install pyOpenSSL==0.13
pip install cryptography

You may need to install some deps for the python packages

yum install gcc g++ openssl-devel libffi-devel dialog

SNI on Python < 2.7.9

TLS SNI support was added to Python. For earlier versions SNI needs to be added to Requests networking library.

pip install urllib3
pip install pyopenssl
pip install ndg-httpsclient
pip install pyasn1

Mac OSX installation

For new OSX versions (El Capitan and above) the default system python installation cannot be modified with standard means. There are some workarounds, but one can also use --user switch for pip.

pip install --user cryptography

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ebstall-0.1.5.tar.gz (93.4 kB view details)

Uploaded Source

File details

Details for the file ebstall-0.1.5.tar.gz.

File metadata

  • Download URL: ebstall-0.1.5.tar.gz
  • Upload date:
  • Size: 93.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for ebstall-0.1.5.tar.gz
Algorithm Hash digest
SHA256 762781a3f040291d6f560ce6e09cb6f223a27fe2e6621a76066ff253f075265b
MD5 19e5ffdc62afd1428b5567b2e2208d03
BLAKE2b-256 5cb40ea100f831cb675b2160c43971920313e174adfafc60d0cd46e3807bd499

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page