No project description provided
Project description
QUARA Creds
CLI usage
Display help
Several subcommands are available. The --help option is available at different levels:
# General help
pync --help
# cert command group help
pync cert --help
# cert sign subcommand help
pync cert sign --help
Initialize environment
- Initialize with default configuration
pync init
- Reset configuration
pync init --force
- Configure authorities from a JSON file (either a path or an URL):
pync init --authorities https://example.com/authorities.json
Manage keypairs
- Create a new keypair for current user:
pync key gen
- Create a new keypair for a different user:
pync key gen -n test
- List available keypairs
pync key list
- Display a public key
pync key show -n test
- Display a private key
pync key show -n test --private
Manager certificate authorities
- List available authorities:
pync ca list
- Show authorities details:
pync ca show
- Show authorities certificates:
pync ca show --pem
Nebula certs examples
Create a new CA and a sign a new certificate
from quara.creds.nebula import (
EncryptionKeyPair,
SigningCAOptions,
SigningOptions,
sign_ca_certificate,
sign_certificate,
verify_certificate,
)
# Create a new CA
ca_keypair, ca_crt = sign_ca_certificate(options=SigningCAOptions(Name="test"))
# Create a new keypair for the certificate
enc_keypair = EncryptionKeyPair()
# Sign a new certificate
new_crt = sign_certificate(
ca_key=ca_keypair,
ca_crt=ca_crt,
public_key=enc_keypair,
options=SigningOptions(
Name="test",
Ip="10.100.100.10/24",
),
)
# Write files to disk
ca_crt.write_pem_file("ca.crt")
ca_keypair.write_private_key("ca.key")
new_crt.write_pem_file("node.crt")
enc_keypair.write_private_key("node.key")
enc_keypair.write_public_key("node.pub")
# Verify that the certificate is valid
verify_certificate(ca_crt=ca_crt, crt=new_crt)
This example generates 5 files:
ca.crt: The CA certificate created during the first step.ca.key: The private key of the CA. The public key is also present within this file.node.crt: The certificate created during the second step.node.key: The private key associated with the certificate. Unlike CA private keys, the public key is not present within the file.node.pub: The public key associated with the certificate. The public key is also embedded within the certificate.
Load an existing CA and sign a new certificate
from quara.creds.nebula import (
Certificate,
EncryptionKeyPair,
SigningKeyPair,
SigningOptions,
sign_certificate,
verify_certificate,
)
# Load CA certificate
ca_crt = Certificate.from_file("ca.crt")
# Load CA keypair
ca_keypair = SigningKeyPair.from_file("ca.key")
# Create a new keypair for the certificate
enc_keypair = EncryptionKeyPair()
# Sign a new certificate
new_crt = sign_certificate(
ca_key=ca_keypair,
ca_crt=ca_crt,
public_key=enc_keypair,
options=SigningOptions(
Name="test",
Ip="10.100.100.10/24",
),
)
# Write files to disk
new_crt.write_pem_file("node.crt")
enc_keypair.write_private_key("node.key")
enc_keypair.write_public_key("node.pub")
# Verify that the certificate is valid
verify_certificate(ca_crt=ca_crt, crt=new_crt)
In this case, only 3 files are created, as the CA certificate and the CA key already existed before.
Load an existing CA, an existing public key, and sign a new certificate
from quara.creds.nebula import (
Certificate,
PublicEncryptionKey,
SigningKeyPair,
SigningOptions,
sign_certificate,
verify_certificate,
)
# Load CA certificate
ca_crt = Certificate.from_file("ca.crt")
# Load CA keypair
ca_keypair = SigningKeyPair.from_file("ca.key")
# Load public key from file
pub_key = PublicEncryptionKey.from_file("node.pub")
# Sign a new certificate
new_crt = sign_certificate(
ca_key=ca_keypair,
ca_crt=ca_crt,
public_key=pub_key,
options=SigningOptions(
Name="test",
Ip="10.100.100.10/24",
),
)
# Write files to disk
new_crt.write_pem_file("node.crt")
# Verify that the certificate is valid
verify_certificate(ca_crt=ca_crt, crt=new_crt)
In this case, only the certificate file is written to disk, as all other information was known before issuing the certificate.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
quara_creds-0.10.2.tar.gz
(33.7 kB
view details)
Built Distribution
File details
Details for the file quara_creds-0.10.2.tar.gz.
File metadata
- Download URL: quara_creds-0.10.2.tar.gz
- Upload date:
- Size: 33.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.8.10 Linux/5.10.16.3-microsoft-standard-WSL2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e9e7dd1862b76c9a0ead22f24e34bb7753aaf2a4cf04025b7dfba7e3b2683b7a |
|
| MD5 | 2728da2dcbb96bd6b125c8bb458333eb |
|
| BLAKE2b-256 | 52f96611a625db852c438f9533b29c7e9a43395e530dc39c17b78ffbaa028c90 |
File details
Details for the file quara_creds-0.10.2-py3-none-any.whl.
File metadata
- Download URL: quara_creds-0.10.2-py3-none-any.whl
- Upload date:
- Size: 57.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: poetry/1.2.2 CPython/3.8.10 Linux/5.10.16.3-microsoft-standard-WSL2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f7571f36e676205650e14177270b2f2fe6dbc811af8d89538ed19903718c679f |
|
| MD5 | 6a3777cd9dfece72b74a4599f956c1f7 |
|
| BLAKE2b-256 | e8aca18c7c57ed841e6e45803eb7f8db676ed34558b9726820a2f675d4b568f3 |
