diff --git a/CHANGELOG.md b/CHANGELOG.md index ee94bd45..cfc577df 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,26 @@ All notable changes to this project will be documented in this file. +## [1.9.0] - 2026-02-16 + +### ๐Ÿš€ Features + +- Add KEM subcommand + +### ๐Ÿ› Bug Fixes + +- Cargo audit: time and actix-files + +### ๐Ÿ’ผ Other + +- *(deps)* Bump bytes in the cargo group across 1 directory ([#131](https://github.com/Cosmian/cli/pull/131)) +- Release 1.9.0 + +### โš™๏ธ Miscellaneous Tasks + +- Merge branch 'release/1.8.1' into develop +- Small refactor on kem_tag + ## [1.8.1] - 2026-01-29 ### ๐Ÿงช Continuous Integration diff --git a/Cargo.lock b/Cargo.lock index 4ee8eaa9..ed115310 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -36,9 +36,9 @@ dependencies = [ [[package]] name = "actix-files" -version = "0.6.9" +version = "0.6.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4009a8beb4dc78a58286ac9d58969ee0a8acecb7912d5ce898b4da4335579341" +checksum = "df8c4f30e3272d7c345f88ae0aac3848507ef5ba871f9cc2a41c8085a0f0523b" dependencies = [ "actix-http", "actix-service", @@ -978,7 +978,7 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" [[package]] name = "cosmian_cli" -version = "1.8.1" +version = "1.9.0" dependencies = [ "assert_cmd", "base64 0.22.1", @@ -1041,23 +1041,24 @@ dependencies = [ [[package]] name = "cosmian_cover_crypt" -version = "15.0.0" +version = "16.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f12eb7e96555b6b8841966fa264e7a6dfe5e39ad0733317c088c52259e99993c" +checksum = "99ba2fcbf4ba83c30eefbeb61dbd3e6b64c478feaf2e9a67928921ed66bc5abc" dependencies = [ "cosmian_crypto_core", + "cosmian_openssl_provider", + "cosmian_rust_curve25519_provider", "ml-kem", "serde", "serde_json", - "tiny-keccak", "zeroize", ] [[package]] name = "cosmian_crypto_core" -version = "10.3.0" +version = "11.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87ac375aad30335e299f5ab6c1028faca9c3a5aa48180735dae5632622622796" +checksum = "271f3236104ae46dbc58527127605571571ff6bc9222052f1f913c8f73916558" dependencies = [ "aead", "aes-gcm", @@ -1080,9 +1081,9 @@ dependencies = [ [[package]] name = "cosmian_findex" -version = "8.0.1" +version = "8.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d65dc3cc50a14e772350b8ed87da19830856ce7d90e6f6f37870ffb8c0f923c2" +checksum = "72ce1d89a15f207e9df8c33b6cb9b16dc9886c457767e66c3c89aeedbba4bdad" dependencies = [ "aes", "cosmian_crypto_core", @@ -1094,7 +1095,7 @@ dependencies = [ [[package]] name = "cosmian_findex_cli" -version = "0.4.12" +version = "0.4.14" dependencies = [ "assert_cmd", "base64 0.22.1", @@ -1118,7 +1119,7 @@ dependencies = [ [[package]] name = "cosmian_findex_client" -version = "0.4.12" +version = "0.4.14" dependencies = [ "base64 0.22.1", "cosmian_findex", @@ -1138,7 +1139,7 @@ dependencies = [ [[package]] name = "cosmian_findex_server" -version = "0.4.12" +version = "0.4.14" dependencies = [ "actix-cors", "actix-identity", @@ -1174,7 +1175,7 @@ dependencies = [ [[package]] name = "cosmian_findex_structs" -version = "0.4.12" +version = "0.4.14" dependencies = [ "base64 0.22.1", "cosmian_crypto_core", @@ -1206,7 +1207,7 @@ dependencies = [ [[package]] name = "cosmian_kmip" -version = "5.15.0" +version = "5.16.1" dependencies = [ "base64 0.22.1", "bitflags", @@ -1232,7 +1233,7 @@ dependencies = [ [[package]] name = "cosmian_kms_access" -version = "5.15.0" +version = "5.16.1" dependencies = [ "cosmian_kmip", "serde", @@ -1240,7 +1241,7 @@ dependencies = [ [[package]] name = "cosmian_kms_base_hsm" -version = "5.15.0" +version = "5.16.1" dependencies = [ "async-trait", "cosmian_kms_interfaces", @@ -1257,11 +1258,12 @@ dependencies = [ [[package]] name = "cosmian_kms_cli" -version = "5.15.0" +version = "5.16.1" dependencies = [ "base64 0.22.1", "clap", "cosmian_config_utils 0.3.1", + "cosmian_crypto_core", "cosmian_kmip", "cosmian_kms_client", "cosmian_kms_crypto", @@ -1288,7 +1290,7 @@ dependencies = [ [[package]] name = "cosmian_kms_client" -version = "5.15.0" +version = "5.16.1" dependencies = [ "cosmian_crypto_core", "cosmian_http_client", @@ -1304,7 +1306,7 @@ dependencies = [ [[package]] name = "cosmian_kms_client_utils" -version = "5.15.0" +version = "5.16.1" dependencies = [ "base64 0.22.1", "clap", @@ -1323,7 +1325,7 @@ dependencies = [ [[package]] name = "cosmian_kms_crypto" -version = "5.15.0" +version = "5.16.1" dependencies = [ "aes-gcm-siv", "argon2", @@ -1349,7 +1351,7 @@ dependencies = [ [[package]] name = "cosmian_kms_interfaces" -version = "5.15.0" +version = "5.16.1" dependencies = [ "async-trait", "cosmian_kmip", @@ -1362,7 +1364,7 @@ dependencies = [ [[package]] name = "cosmian_kms_server" -version = "5.15.0" +version = "5.16.1" dependencies = [ "actix-cors", "actix-files", @@ -1414,7 +1416,7 @@ dependencies = [ [[package]] name = "cosmian_kms_server_database" -version = "5.15.0" +version = "5.16.1" dependencies = [ "async-trait", "cosmian_findex", @@ -1475,9 +1477,20 @@ dependencies = [ "tracing-subscriber", ] +[[package]] +name = "cosmian_openssl_provider" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb222d76b31200effbcee8b998920ee8496949fc407d1b2e22b8d64ad90c58b3" +dependencies = [ + "cosmian_crypto_core", + "openssl", + "zeroize", +] + [[package]] name = "cosmian_pkcs11" -version = "1.8.1" +version = "1.9.0" dependencies = [ "cosmian_cli", "cosmian_config_utils 0.2.0", @@ -1502,7 +1515,7 @@ dependencies = [ [[package]] name = "cosmian_pkcs11_module" -version = "1.8.1" +version = "1.9.0" dependencies = [ "const-oid", "cosmian_logger 0.6.0", @@ -1521,11 +1534,22 @@ dependencies = [ "zeroize", ] +[[package]] +name = "cosmian_rust_curve25519_provider" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c38ea5665310769d4dabdefd3da0dcba91efabc258335b4edee1e2dd592adf14" +dependencies = [ + "cosmian_crypto_core", + "curve25519-dalek", + "zeroize", +] + [[package]] name = "cosmian_sse_memories" -version = "8.0.1" +version = "8.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48c34c748901cac5415742e6eef7a79024b924ab9ea28d030baf455784b9cc62" +checksum = "8174f5993eb78248fe600d30a3506009977282fd41e82566f977d28e5c7ec3aa" dependencies = [ "cosmian_crypto_core", "redis", @@ -1634,7 +1658,7 @@ checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5" [[package]] name = "crypt2pay_pkcs11_loader" -version = "5.15.0" +version = "5.16.1" dependencies = [ "cosmian_kms_base_hsm", ] @@ -1733,6 +1757,7 @@ dependencies = [ "curve25519-dalek-derive", "digest", "fiat-crypto", + "rand_core 0.6.4", "rustc_version", "subtle", "zeroize", @@ -2894,16 +2919,17 @@ dependencies = [ [[package]] name = "jsonwebtoken" -version = "9.3.1" +version = "10.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a87cc7a48537badeae96744432de36f4be2b4a34a05a5ef32e9dd8a1c169dde" +checksum = "0529410abe238729a60b108898784df8984c87f6054c9c4fcacc47e4803c1ce1" dependencies = [ "base64 0.22.1", + "getrandom 0.2.16", "js-sys", "pem", - "ring", "serde", "serde_json", + "signature", "simple_asn1", ] @@ -2951,7 +2977,7 @@ dependencies = [ [[package]] name = "kmip-derive" -version = "5.15.0" +version = "5.16.1" dependencies = [ "quote", "syn", @@ -3328,9 +3354,9 @@ dependencies = [ [[package]] name = "num-conv" -version = "0.1.0" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" +checksum = "cf97ec579c3c42f953ef76dbf8d55ac91fb219dde70e49aa4a6b7d74e9919050" [[package]] name = "num-format" @@ -4022,7 +4048,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a56d757972c98b346a9b766e3f02746cde6dd1cd1d1d563472929fdd74bec4d" dependencies = [ "anyhow", - "itertools 0.10.5", + "itertools 0.13.0", "proc-macro2", "quote", "syn", @@ -4030,7 +4056,7 @@ dependencies = [ [[package]] name = "proteccio_pkcs11_loader" -version = "5.15.0" +version = "5.16.1" dependencies = [ "cosmian_kms_base_hsm", ] @@ -4705,7 +4731,7 @@ checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03" [[package]] name = "smartcardhsm_pkcs11_loader" -version = "5.15.0" +version = "5.16.1" dependencies = [ "cosmian_kms_base_hsm", ] @@ -4732,7 +4758,7 @@ dependencies = [ [[package]] name = "softhsm2_pkcs11_loader" -version = "5.15.0" +version = "5.16.1" dependencies = [ "cosmian_kms_base_hsm", ] @@ -4909,7 +4935,7 @@ checksum = "8f50febec83f5ee1df3015341d8bd429f2d1cc62bcba7ea2076759d315084683" [[package]] name = "test_findex_server" -version = "1.8.1" +version = "1.9.0" dependencies = [ "actix-server", "cosmian_findex_client", @@ -4921,7 +4947,7 @@ dependencies = [ [[package]] name = "test_kms_server" -version = "5.15.0" +version = "5.16.1" dependencies = [ "actix-server", "cosmian_kms_client", @@ -4983,9 +5009,9 @@ dependencies = [ [[package]] name = "time" -version = "0.3.44" +version = "0.3.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91e7d9e3bb61134e77bde20dd4825b97c010155709965fedf0f49bb138e52a9d" +checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c" dependencies = [ "deranged", "itoa", @@ -4993,22 +5019,22 @@ dependencies = [ "num-conv", "num_threads", "powerfmt", - "serde", + "serde_core", "time-core", "time-macros", ] [[package]] name = "time-core" -version = "0.1.6" +version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b" +checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca" [[package]] name = "time-macros" -version = "0.2.24" +version = "0.2.27" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3" +checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215" dependencies = [ "num-conv", "time-core", @@ -5591,7 +5617,7 @@ checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" [[package]] name = "utimaco_pkcs11_loader" -version = "5.15.0" +version = "5.16.1" dependencies = [ "cosmian_kms_base_hsm", ] @@ -5797,7 +5823,7 @@ version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22" dependencies = [ - "windows-sys 0.48.0", + "windows-sys 0.61.2", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 152fa654..da97532a 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ exclude = ["kms"] resolver = "2" [workspace.package] -version = "1.8.1" +version = "1.9.0" edition = "2024" rust-version = "1.87.0" authors = [ @@ -46,12 +46,12 @@ actix-server = { version = "2.6", default-features = false } base64 = "0.22" clap = { version = "4.5", default-features = false } cosmian_config_utils = "0.2" -cosmian_crypto_core = { version = "10.2", default-features = false, features = [ +cosmian_crypto_core = { version = "11.0", default-features = false, features = [ "ser", ] } -cosmian_findex_cli = { path = "findex-server/crate/cli", version = "0.4.12" } -cosmian_kms_cli = { path = "kms/crate/cli", version = "5.15.0" } -test_kms_server = { path = "kms/crate/test_kms_server", version = "5.15.0" } +cosmian_findex_cli = { path = "findex-server/crate/cli", version = "0.4.13" } +cosmian_kms_cli = { path = "kms/crate/cli", version = "5.16.1" } +test_kms_server = { path = "kms/crate/test_kms_server", version = "5.16.1" } cosmian_logger = "0.6" der = { version = "0.7", default-features = false } hex = { version = "0.4", default-features = false } diff --git a/Dockerfile b/Dockerfile index 4ef09a3b..41333ea3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM rust:1.79.0-buster AS builder -LABEL version="1.8.1" +LABEL version="1.9.0" LABEL name="Cosmian CLI and PKCS11 container" ENV OPENSSL_DIR=/usr/local/openssl diff --git a/crate/cli/Cargo.toml b/crate/cli/Cargo.toml index 876ae742..322da916 100644 --- a/crate/cli/Cargo.toml +++ b/crate/cli/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cosmian_cli" -version = "1.8.1" +version = "1.9.0" authors.workspace = true categories = ["security"] edition.workspace = true diff --git a/crate/cli/src/tests/kms/configurable_kem/mod.rs b/crate/cli/src/tests/kms/configurable_kem/mod.rs new file mode 100644 index 00000000..9dd447c9 --- /dev/null +++ b/crate/cli/src/tests/kms/configurable_kem/mod.rs @@ -0,0 +1,174 @@ +use std::{path::Path, process::Command}; + +use assert_cmd::prelude::*; +use tempfile::TempDir; +use test_kms_server::start_default_test_kms_server; + +use crate::{ + config::COSMIAN_CLI_CONF_ENV, + error::{CosmianError, result::CosmianResult}, + tests::{ + PROG_NAME, + kms::{ + KMS_SUBCOMMAND, + utils::{ + extract_uids::{extract_private_key, extract_public_key}, + recover_cmd_logs, + }, + }, + save_kms_cli_config, + }, +}; + +pub(crate) const SUB_COMMAND: &str = "kem"; + +/// Create a configurable KEM key pair and return the (`private_key_id`, `public_key_id`). +pub(crate) fn create_kem_key_pair( + cli_conf_path: &str, + kem_algorithm: &str, + tags: &[&str], +) -> CosmianResult<(String, String)> { + let mut cmd = Command::cargo_bin(PROG_NAME)?; + cmd.env(COSMIAN_CLI_CONF_ENV, cli_conf_path); + + let mut args = vec!["key-gen", "--kem", kem_algorithm]; + for tag in tags { + args.push("--tag"); + args.push(tag); + } + cmd.arg(KMS_SUBCOMMAND).arg(SUB_COMMAND).args(args); + + let output = recover_cmd_logs(&mut cmd); + if output.status.success() { + let stdout_str = std::str::from_utf8(&output.stdout)?; + let private_key_id = extract_private_key(stdout_str) + .ok_or_else(|| { + CosmianError::Default("failed extracting the private key id".to_owned()) + })? + .to_owned(); + let public_key_id = extract_public_key(stdout_str) + .ok_or_else(|| CosmianError::Default("failed extracting the public key id".to_owned()))? + .to_owned(); + return Ok((private_key_id, public_key_id)); + } + + Err(CosmianError::Default( + std::str::from_utf8(&output.stderr)?.to_owned(), + )) +} + +/// Encapsulate using the given public key. Writes the encapsulation to `output_file`. +pub(crate) fn encaps( + cli_conf_path: &str, + public_key_id: &str, + output_file: &Path, +) -> CosmianResult<()> { + let mut cmd = Command::cargo_bin(PROG_NAME)?; + cmd.env(COSMIAN_CLI_CONF_ENV, cli_conf_path); + + let output_file_str = output_file.to_str().unwrap(); + let args = vec!["encrypt", "--key-id", public_key_id, "-o", output_file_str]; + cmd.arg(KMS_SUBCOMMAND).arg(SUB_COMMAND).args(args); + + let output = recover_cmd_logs(&mut cmd); + if output.status.success() { + return Ok(()); + } + + Err(CosmianError::Default( + std::str::from_utf8(&output.stderr)?.to_owned(), + )) +} + +/// Decapsulate using the given private key. Reads encapsulation from `input_file`, +/// writes the session key to `output_file`. +pub(crate) fn decaps( + cli_conf_path: &str, + private_key_id: &str, + input_file: &Path, + output_file: &Path, +) -> CosmianResult<()> { + let mut cmd = Command::cargo_bin(PROG_NAME)?; + cmd.env(COSMIAN_CLI_CONF_ENV, cli_conf_path); + + let input_file_str = input_file.to_str().unwrap(); + let output_file_str = output_file.to_str().unwrap(); + let args = vec![ + "decrypt", + "--key-id", + private_key_id, + input_file_str, + "-o", + output_file_str, + ]; + cmd.arg(KMS_SUBCOMMAND).arg(SUB_COMMAND).args(args); + + let output = recover_cmd_logs(&mut cmd); + if output.status.success() { + return Ok(()); + } + + Err(CosmianError::Default( + std::str::from_utf8(&output.stderr)?.to_owned(), + )) +} + +fn test_kem(cli_conf_path: &str, name: &str, kem_algorithm: &str) -> CosmianResult<()> { + let tmp_dir = TempDir::new()?; + let tmp_path = tmp_dir.path(); + let encapsulation_file = tmp_path.join("encapsulation.enc"); + let session_key_file = tmp_path.join("session_key.plain"); + + // Key generation + let (dk_id, ek_id) = create_kem_key_pair(cli_conf_path, kem_algorithm, &[name])?; + + // Encapsulation + encaps(cli_conf_path, &ek_id, &encapsulation_file)?; + assert!(encapsulation_file.exists()); + + // Decapsulation + decaps( + cli_conf_path, + &dk_id, + &encapsulation_file, + &session_key_file, + )?; + assert!(session_key_file.exists()); + + let session_key = std::fs::read(&session_key_file)?; + assert!(!session_key.is_empty()); + Ok(()) +} + +#[tokio::test] +pub(crate) async fn test_create_configurable_kem_key_pair() -> CosmianResult<()> { + let ctx = start_default_test_kms_server().await; + let (owner_client_conf_path, _) = save_kms_cli_config(ctx); + + test_kem(&owner_client_conf_path, "ML-KEM512 KEM", "ml-kem-512")?; + test_kem(&owner_client_conf_path, "ML-KEM768 KEM", "ml-kem-768")?; + test_kem(&owner_client_conf_path, "P256 KEM", "p256")?; + test_kem(&owner_client_conf_path, "CURVE25519 KEM", "curve25519")?; + test_kem( + &owner_client_conf_path, + "ML-KEM512/P256 KEM", + "ml-kem-512-p256", + )?; + test_kem( + &owner_client_conf_path, + "ML-KEM768/P256 KEM", + "ml-kem-768-p256", + )?; + test_kem( + &owner_client_conf_path, + "ML-KEM512/CURVE25519 KEM", + "ml-kem-512-curve25519", + )?; + test_kem( + &owner_client_conf_path, + "ML-KEM768/CURVE25519 KEM", + "ml-kem-768-curve25519", + )?; + + Ok(()) +} diff --git a/crate/cli/src/tests/kms/cover_crypt/access_structure.rs b/crate/cli/src/tests/kms/cover_crypt/access_structure.rs index 4ff218db..63fa03d8 100644 --- a/crate/cli/src/tests/kms/cover_crypt/access_structure.rs +++ b/crate/cli/src/tests/kms/cover_crypt/access_structure.rs @@ -86,7 +86,7 @@ async fn test_view_access_structure() -> CosmianResult<()> { .stdout(predicate::str::contains("\"Security Level\"")) .stdout(predicate::str::contains("\"Top Secret\"")) .stdout(predicate::str::contains( - "Attribute { id: 6, encryption_hint: Classic, write_status: EncryptDecrypt }", + "Attribute { id: 6, security_mode: Classic, encryption_status: EncryptDecrypt }", )); Ok(()) diff --git a/crate/cli/src/tests/kms/cover_crypt/rekey.rs b/crate/cli/src/tests/kms/cover_crypt/rekey.rs index de9e0560..dce462f1 100644 --- a/crate/cli/src/tests/kms/cover_crypt/rekey.rs +++ b/crate/cli/src/tests/kms/cover_crypt/rekey.rs @@ -9,7 +9,8 @@ use cosmian_kms_cli::{ crypto::cover_crypt::access_structure::access_structure_from_json_file, reexport::{ cosmian_cover_crypt::{ - AccessPolicy, EncryptedHeader, MasterSecretKey, UserSecretKey, api::Covercrypt, + AccessPolicy, MasterSecretKey, UserSecretKey, api::Covercrypt, + encrypted_header::EncryptedHeader, }, cosmian_crypto_core::bytes_ser_de::{ Deserializer, Serializable, test_serialization, diff --git a/crate/cli/src/tests/kms/mod.rs b/crate/cli/src/tests/kms/mod.rs index 80d51066..c0d8bc9e 100644 --- a/crate/cli/src/tests/kms/mod.rs +++ b/crate/cli/src/tests/kms/mod.rs @@ -3,6 +3,8 @@ mod attributes; mod auth_tests; mod certificates; #[cfg(feature = "non-fips")] +mod configurable_kem; +#[cfg(feature = "non-fips")] mod cover_crypt; mod derive_key; mod elliptic_curve; diff --git a/crate/cli/src/tests/kms/shared/import_export_wrapping.rs b/crate/cli/src/tests/kms/shared/import_export_wrapping.rs index afeb164d..d77b0327 100644 --- a/crate/cli/src/tests/kms/shared/import_export_wrapping.rs +++ b/crate/cli/src/tests/kms/shared/import_export_wrapping.rs @@ -367,8 +367,13 @@ fn test_import_export_wrap_private_key( .unique_identifier .clone(); - assert!( - exported_unwrapped_key.key_block()?.key_value == private_key.key_block()?.key_value + // Fresh may legitimately be materialized as `Some(false)` after key material + // is returned (e.g., via unwrap-on-export). Ignore it for this equivalence check. + exp_attrs.fresh = None; + + assert_eq!( + exported_unwrapped_key.key_block()?.key_value, + private_key.key_block()?.key_value ); assert!(exported_unwrapped_key.key_wrapping_data().is_none()); } diff --git a/crate/pkcs11/provider/Cargo.toml b/crate/pkcs11/provider/Cargo.toml index 448b306e..ee182699 100644 --- a/crate/pkcs11/provider/Cargo.toml +++ b/crate/pkcs11/provider/Cargo.toml @@ -20,8 +20,8 @@ default = ["non-fips"] non-fips = ["cosmian_cli/non-fips"] [dependencies] -cosmian_cli = { path = "../../cli", version = "1.8.1" } -cosmian_pkcs11_module = { path = "../module", version = "1.8.1" } +cosmian_cli = { path = "../../cli", version = "1.9.0" } +cosmian_pkcs11_module = { path = "../module", version = "1.9.0" } etcetera = "0.8.0" hex = "0.4" p256 = { version = "0.13.2", default-features = false, features = [ diff --git a/documentation/docs/cli/main_commands.md b/documentation/docs/cli/main_commands.md index 2e5bb87e..e7d501d9 100644 --- a/documentation/docs/cli/main_commands.md +++ b/documentation/docs/cli/main_commands.md @@ -69,39 +69,41 @@ Handle KMS actions **`cc`** [[1.5]](#15-cosmian-kms-cc) Manage Covercrypt keys and policies. Rotate attributes. Encrypt and decrypt data -**`certificates`** [[1.6]](#16-cosmian-kms-certificates) Manage certificates. Create, import, destroy and revoke. Encrypt and decrypt data +**`kem`** [[1.6]](#16-cosmian-kms-kem) Manage Configurable KEM keys. Encrypt and decrypt data -**`derive-key`** [[1.7]](#17-cosmian-kms-derive-key) Derive a new key from an existing key +**`certificates`** [[1.7]](#17-cosmian-kms-certificates) Manage certificates. Create, import, destroy and revoke. Encrypt and decrypt data -**`ec`** [[1.8]](#18-cosmian-kms-ec) Manage elliptic curve keys. Encrypt and decrypt data using ECIES +**`derive-key`** [[1.8]](#18-cosmian-kms-derive-key) Derive a new key from an existing key -**`google`** [[1.9]](#19-cosmian-kms-google) Manage google elements. Handle key pairs and identities from Gmail API +**`ec`** [[1.9]](#19-cosmian-kms-ec) Manage elliptic curve keys. Encrypt and decrypt data using ECIES -**`locate`** [[1.10]](#110-cosmian-kms-locate) Locate cryptographic objects inside the KMS +**`google`** [[1.10]](#110-cosmian-kms-google) Manage google elements. Handle key pairs and identities from Gmail API -**`login`** [[1.11]](#111-cosmian-kms-login) Login to the Identity Provider of the KMS server using the `OAuth2` authorization code flow. +**`locate`** [[1.11]](#111-cosmian-kms-locate) Locate cryptographic objects inside the KMS -**`logout`** [[1.12]](#112-cosmian-kms-logout) Logout from the Identity Provider +**`login`** [[1.12]](#112-cosmian-kms-login) Login to the Identity Provider of the KMS server using the `OAuth2` authorization code flow. -**`hash`** [[1.13]](#113-cosmian-kms-hash) Hash arbitrary data. +**`logout`** [[1.13]](#113-cosmian-kms-logout) Logout from the Identity Provider -**`mac`** [[1.14]](#114-cosmian-kms-mac) MAC utilities: compute or verify a MAC value. +**`hash`** [[1.14]](#114-cosmian-kms-hash) Hash arbitrary data. -**`rng`** [[1.15]](#115-cosmian-kms-rng) RNG utilities: retrieve random bytes or seed RNG +**`mac`** [[1.15]](#115-cosmian-kms-mac) MAC utilities: compute or verify a MAC value. -**`discover-versions`** [[1.16]](#116-cosmian-kms-discover-versions) Discover KMIP protocol versions supported by the server +**`rng`** [[1.16]](#116-cosmian-kms-rng) RNG utilities: retrieve random bytes or seed RNG -**`query`** [[1.17]](#117-cosmian-kms-query) Query server capabilities and metadata (KMIP Query) +**`discover-versions`** [[1.17]](#117-cosmian-kms-discover-versions) Discover KMIP protocol versions supported by the server -**`rsa`** [[1.18]](#118-cosmian-kms-rsa) Manage RSA keys. Encrypt and decrypt data using RSA keys +**`query`** [[1.18]](#118-cosmian-kms-query) Query server capabilities and metadata (KMIP Query) -**`opaque-object`** [[1.19]](#119-cosmian-kms-opaque-object) Create, import, export, revoke and destroy Opaque Objects +**`rsa`** [[1.19]](#119-cosmian-kms-rsa) Manage RSA keys. Encrypt and decrypt data using RSA keys -**`secret-data`** [[1.20]](#120-cosmian-kms-secret-data) Create, import, export and destroy secret data +**`opaque-object`** [[1.20]](#120-cosmian-kms-opaque-object) Create, import, export, revoke and destroy Opaque Objects -**`server-version`** [[1.21]](#121-cosmian-kms-server-version) Print the version of the server +**`secret-data`** [[1.21]](#121-cosmian-kms-secret-data) Create, import, export and destroy secret data -**`sym`** [[1.22]](#122-cosmian-kms-sym) Manage symmetric keys. Encrypt and decrypt data +**`server-version`** [[1.22]](#122-cosmian-kms-server-version) Print the version of the server + +**`sym`** [[1.23]](#123-cosmian-kms-sym) Manage symmetric keys. Encrypt and decrypt data --- @@ -806,8 +808,8 @@ Extract, view, or edit policies of existing keys **`remove-attribute`** [[1.5.2.3]](#1523-cosmian-kms-cc-access-structure-remove-attribute) Remove an attribute from the access structure of an existing private master key. Permanently removes the ability to use this attribute in both encryptions and decryptions. -**`disable-attribute`** [[1.5.2.4]](#1524-cosmian-kms-cc-access-structure-disable-attribute) Disable an attribute from the access structure of an existing private master key. -Prevents the creation of new ciphertexts for this attribute while keeping the ability to decrypt existing ones. +**`disable-attribute`** [[1.5.2.4]](#1524-cosmian-kms-cc-access-structure-disable-attribute) Disable an attribute from the access structure of an existing private master +key. **`rename-attribute`** [[1.5.2.5]](#1525-cosmian-kms-cc-access-structure-rename-attribute) Rename an attribute in the access structure of an existing private master key. @@ -871,8 +873,8 @@ Permanently removes the ability to use this attribute in both encryptions and de ## 1.5.2.4 cosmian kms cc access-structure disable-attribute -Disable an attribute from the access structure of an existing private master key. -Prevents the creation of new ciphertexts for this attribute while keeping the ability to decrypt existing ones. +Disable an attribute from the access structure of an existing private master +key. ### Usage `cosmian kms cc access-structure disable-attribute [options] @@ -958,7 +960,95 @@ Decrypt a file using Covercrypt --- -## 1.6 cosmian kms certificates +## 1.6 cosmian kms kem + +Manage Configurable KEM keys. Encrypt and decrypt data + +### Usage +`cosmian kms kem ` + +### Subcommands + +**`key-gen`** [[1.6.1]](#161-cosmian-kms-kem-key-gen) Create a new Configurable-KEM keypair and return the key IDs. + +**`encrypt`** [[1.6.2]](#162-cosmian-kms-kem-encrypt) Encapsulate a new symmetric key + +**`decrypt`** [[1.6.3]](#163-cosmian-kms-kem-decrypt) Open a Configurable-KEM encapsulation + +--- + +## 1.6.1 cosmian kms kem key-gen + +Create a new Configurable-KEM keypair and return the key IDs. + +### Usage +`cosmian kms kem key-gen [options]` +### Arguments +`--access-structure [-s] ` The JSON access structure specifications file to use to generate the keys. See the inline doc of the `create-master-key-pair` command for details + +`--tag [-t] ` The tag to associate with the master key pair. To specify multiple tags, use the option multiple times + +`--sensitive ` Sensitive: if set, the private key will not be exportable + +Possible values: `"true", "false"` [default: `"false"`] + +`--kem [-k] ` The KEM algorithm to use for key pair generation + +Possible values: `"ml-kem-512", "ml-kem-768", "p256", "curve25519", "ml-kem-512-p256", "ml-kem-768-p256", "ml-kem-512-curve25519", "ml-kem-768-curve25519", "cover-crypt"` + +`--wrapping-key-id [-w] ` The key encryption key (KEK) used to wrap the keypair with. +If the wrapping key is: + +- a symmetric key, AES-GCM will be used +- a RSA key, RSA-OAEP will be used +- a EC key, ECIES will be used (salsa20poly1305 for X25519) + + + +--- + +## 1.6.2 cosmian kms kem encrypt + +Encapsulate a new symmetric key + +### Usage +`cosmian kms kem encrypt [options] [ENCRYPTION_POLICY] +` +### Arguments +`--key-id [-k] ` The public key unique identifier. If not specified, tags should be specified + +`--tag [-t] ` Tag to use to retrieve the key when no key id is specified. To specify multiple tags, use the option multiple times + +` ` The encryption policy to use. Example: "`department::marketing` && `level::confidential`" + +`--output-file [-o] ` The encrypted output file path for the encapsulation + + + +--- + +## 1.6.3 cosmian kms kem decrypt + +Open a Configurable-KEM encapsulation + +### Usage +`cosmian kms kem decrypt [options] +` +### Arguments +` ` The encapsulation file to decrypt + +`--key-id [-k] ` The user key unique identifier If not specified, tags should be specified + +`--tag [-t] ` Tag to use to retrieve the key when no key id is specified. To specify multiple tags, use the option multiple times + +`--output-file [-o] ` The decrypted output file path + + + + +--- + +## 1.7 cosmian kms certificates Manage certificates. Create, import, destroy and revoke. Encrypt and decrypt data @@ -967,30 +1057,30 @@ Manage certificates. Create, import, destroy and revoke. Encrypt and decrypt dat ### Subcommands -**`certify`** [[1.6.1]](#161-cosmian-kms-certificates-certify) Issue or renew a X509 certificate +**`certify`** [[1.7.1]](#171-cosmian-kms-certificates-certify) Issue or renew a X509 certificate -**`decrypt`** [[1.6.2]](#162-cosmian-kms-certificates-decrypt) Decrypt a file using the private key of a certificate +**`decrypt`** [[1.7.2]](#172-cosmian-kms-certificates-decrypt) Decrypt a file using the private key of a certificate -**`encrypt`** [[1.6.3]](#163-cosmian-kms-certificates-encrypt) Encrypt a file using the certificate public key +**`encrypt`** [[1.7.3]](#173-cosmian-kms-certificates-encrypt) Encrypt a file using the certificate public key -**`export`** [[1.6.4]](#164-cosmian-kms-certificates-export) Export a certificate from the KMS +**`export`** [[1.7.4]](#174-cosmian-kms-certificates-export) Export a certificate from the KMS -**`import`** [[1.6.5]](#165-cosmian-kms-certificates-import) Import one of the following: +**`import`** [[1.7.5]](#175-cosmian-kms-certificates-import) Import one of the following: - a certificate: formatted as a X509 PEM (pem), X509 DER (der) or JSON TTLV (json-ttlv) - a certificate chain as a PEM-stack (chain) - a PKCS12 file containing a certificate, a private key and possibly a chain (pkcs12) - the Mozilla Common CA Database (CCADB - fetched by the CLI before import) (ccadb) -**`revoke`** [[1.6.6]](#166-cosmian-kms-certificates-revoke) Revoke a certificate +**`revoke`** [[1.7.6]](#176-cosmian-kms-certificates-revoke) Revoke a certificate -**`destroy`** [[1.6.7]](#167-cosmian-kms-certificates-destroy) Destroy a certificate +**`destroy`** [[1.7.7]](#177-cosmian-kms-certificates-destroy) Destroy a certificate -**`validate`** [[1.6.8]](#168-cosmian-kms-certificates-validate) Validate a certificate +**`validate`** [[1.7.8]](#178-cosmian-kms-certificates-validate) Validate a certificate --- -## 1.6.1 cosmian kms certificates certify +## 1.7.1 cosmian kms certificates certify Issue or renew a X509 certificate @@ -1035,7 +1125,7 @@ with the x509 extensions to use. For instance: --- -## 1.6.2 cosmian kms certificates decrypt +## 1.7.2 cosmian kms certificates decrypt Decrypt a file using the private key of a certificate @@ -1063,7 +1153,7 @@ Possible values: `"ckm-rsa-pkcs", "ckm-rsa-pkcs-oaep", "ckm-rsa-aes-key-wrap"` --- -## 1.6.3 cosmian kms certificates encrypt +## 1.7.3 cosmian kms certificates encrypt Encrypt a file using the certificate public key @@ -1091,7 +1181,7 @@ Possible values: `"ckm-rsa-pkcs", "ckm-rsa-pkcs-oaep", "ckm-rsa-aes-key-wrap"` --- -## 1.6.4 cosmian kms certificates export +## 1.7.4 cosmian kms certificates export Export a certificate from the KMS @@ -1123,7 +1213,7 @@ Possible values: `"true", "false"` [default: `"false"`] --- -## 1.6.5 cosmian kms certificates import +## 1.7.5 cosmian kms certificates import Import one of the following: @@ -1169,7 +1259,7 @@ Possible values: `"sign", "verify", "encrypt", "decrypt", "wrap-key", "unwrap-k --- -## 1.6.6 cosmian kms certificates revoke +## 1.7.6 cosmian kms certificates revoke Revoke a certificate @@ -1187,7 +1277,7 @@ Revoke a certificate --- -## 1.6.7 cosmian kms certificates destroy +## 1.7.7 cosmian kms certificates destroy Destroy a certificate @@ -1209,7 +1299,7 @@ Possible values: `"true", "false"` [default: `"false"`] --- -## 1.6.8 cosmian kms certificates validate +## 1.7.8 cosmian kms certificates validate Validate a certificate @@ -1225,7 +1315,7 @@ Validate a certificate --- -## 1.7 cosmian kms derive-key +## 1.8 cosmian kms derive-key Derive a new key from an existing key @@ -1260,7 +1350,7 @@ Possible values: `"chacha20", "aes", "sha3", "shake"` [default: `"aes"`] --- -## 1.8 cosmian kms ec +## 1.9 cosmian kms ec Manage elliptic curve keys. Encrypt and decrypt data using ECIES @@ -1269,19 +1359,19 @@ Manage elliptic curve keys. Encrypt and decrypt data using ECIES ### Subcommands -**`keys`** [[1.8.1]](#181-cosmian-kms-ec-keys) Create, destroy, import, and export elliptic curve key pairs +**`keys`** [[1.9.1]](#191-cosmian-kms-ec-keys) Create, destroy, import, and export elliptic curve key pairs -**`encrypt`** [[1.8.2]](#182-cosmian-kms-ec-encrypt) Encrypt a file with the given public key using ECIES +**`encrypt`** [[1.9.2]](#192-cosmian-kms-ec-encrypt) Encrypt a file with the given public key using ECIES -**`decrypt`** [[1.8.3]](#183-cosmian-kms-ec-decrypt) Decrypts a file with the given private key using ECIES +**`decrypt`** [[1.9.3]](#193-cosmian-kms-ec-decrypt) Decrypts a file with the given private key using ECIES -**`sign`** [[1.8.4]](#184-cosmian-kms-ec-sign) Sign a file using elliptic curve digital signature algorithms (ECDSA) +**`sign`** [[1.9.4]](#194-cosmian-kms-ec-sign) Sign a file using elliptic curve digital signature algorithms (ECDSA) -**`sign-verify`** [[1.8.5]](#185-cosmian-kms-ec-sign-verify) Verify an ECDSA signature for a given data file +**`sign-verify`** [[1.9.5]](#195-cosmian-kms-ec-sign-verify) Verify an ECDSA signature for a given data file --- -## 1.8.1 cosmian kms ec keys +## 1.9.1 cosmian kms ec keys Create, destroy, import, and export elliptic curve key pairs @@ -1290,23 +1380,23 @@ Create, destroy, import, and export elliptic curve key pairs ### Subcommands -**`create`** [[1.8.1.1]](#1811-cosmian-kms-ec-keys-create) Create an elliptic curve key pair +**`create`** [[1.9.1.1]](#1911-cosmian-kms-ec-keys-create) Create an elliptic curve key pair -**`export`** [[1.8.1.2]](#1812-cosmian-kms-ec-keys-export) Export a key or secret data from the KMS +**`export`** [[1.9.1.2]](#1912-cosmian-kms-ec-keys-export) Export a key or secret data from the KMS -**`import`** [[1.8.1.3]](#1813-cosmian-kms-ec-keys-import) Import a secret data or a key in the KMS. +**`import`** [[1.9.1.3]](#1913-cosmian-kms-ec-keys-import) Import a secret data or a key in the KMS. -**`wrap`** [[1.8.1.4]](#1814-cosmian-kms-ec-keys-wrap) Locally wrap a secret data or key in KMIP JSON TTLV format. +**`wrap`** [[1.9.1.4]](#1914-cosmian-kms-ec-keys-wrap) Locally wrap a secret data or key in KMIP JSON TTLV format. -**`unwrap`** [[1.8.1.5]](#1815-cosmian-kms-ec-keys-unwrap) Locally unwrap a secret data or key in KMIP JSON TTLV format. +**`unwrap`** [[1.9.1.5]](#1915-cosmian-kms-ec-keys-unwrap) Locally unwrap a secret data or key in KMIP JSON TTLV format. -**`revoke`** [[1.8.1.6]](#1816-cosmian-kms-ec-keys-revoke) Revoke a public or private key +**`revoke`** [[1.9.1.6]](#1916-cosmian-kms-ec-keys-revoke) Revoke a public or private key -**`destroy`** [[1.8.1.7]](#1817-cosmian-kms-ec-keys-destroy) Destroy a public or private key +**`destroy`** [[1.9.1.7]](#1917-cosmian-kms-ec-keys-destroy) Destroy a public or private key --- -## 1.8.1.1 cosmian kms ec keys create +## 1.9.1.1 cosmian kms ec keys create Create an elliptic curve key pair @@ -1337,7 +1427,7 @@ If the wrapping key is: --- -## 1.8.1.2 cosmian kms ec keys export +## 1.9.1.2 cosmian kms ec keys export Export a key or secret data from the KMS @@ -1396,7 +1486,7 @@ Possible values: `"aes-key-wrap-padding", "nist-key-wrap", "aes-gcm", "rsa-pkcs --- -## 1.8.1.3 cosmian kms ec keys import +## 1.9.1.3 cosmian kms ec keys import Import a secret data or a key in the KMS. @@ -1444,7 +1534,7 @@ If the wrapping key is: --- -## 1.8.1.4 cosmian kms ec keys wrap +## 1.9.1.4 cosmian kms ec keys wrap Locally wrap a secret data or key in KMIP JSON TTLV format. @@ -1469,7 +1559,7 @@ Locally wrap a secret data or key in KMIP JSON TTLV format. --- -## 1.8.1.5 cosmian kms ec keys unwrap +## 1.9.1.5 cosmian kms ec keys unwrap Locally unwrap a secret data or key in KMIP JSON TTLV format. @@ -1492,7 +1582,7 @@ Locally unwrap a secret data or key in KMIP JSON TTLV format. --- -## 1.8.1.6 cosmian kms ec keys revoke +## 1.9.1.6 cosmian kms ec keys revoke Revoke a public or private key @@ -1510,7 +1600,7 @@ Revoke a public or private key --- -## 1.8.1.7 cosmian kms ec keys destroy +## 1.9.1.7 cosmian kms ec keys destroy Destroy a public or private key @@ -1533,7 +1623,7 @@ Possible values: `"true", "false"` [default: `"false"`] --- -## 1.8.2 cosmian kms ec encrypt +## 1.9.2 cosmian kms ec encrypt Encrypt a file with the given public key using ECIES @@ -1553,7 +1643,7 @@ Encrypt a file with the given public key using ECIES --- -## 1.8.3 cosmian kms ec decrypt +## 1.9.3 cosmian kms ec decrypt Decrypts a file with the given private key using ECIES @@ -1573,7 +1663,7 @@ Decrypts a file with the given private key using ECIES --- -## 1.8.4 cosmian kms ec sign +## 1.9.4 cosmian kms ec sign Sign a file using elliptic curve digital signature algorithms (ECDSA) @@ -1601,7 +1691,7 @@ Possible values: `"true", "false"` --- -## 1.8.5 cosmian kms ec sign-verify +## 1.9.5 cosmian kms ec sign-verify Verify an ECDSA signature for a given data file @@ -1629,7 +1719,7 @@ Possible values: `"true", "false"` --- -## 1.9 cosmian kms google +## 1.10 cosmian kms google Manage google elements. Handle key pairs and identities from Gmail API @@ -1638,13 +1728,13 @@ Manage google elements. Handle key pairs and identities from Gmail API ### Subcommands -**`key-pairs`** [[1.9.1]](#191-cosmian-kms-google-key-pairs) Insert, get, list, enable, disabled and obliterate key pairs to Gmail API +**`key-pairs`** [[1.10.1]](#1101-cosmian-kms-google-key-pairs) Insert, get, list, enable, disabled and obliterate key pairs to Gmail API -**`identities`** [[1.9.2]](#192-cosmian-kms-google-identities) Insert, get, list, patch and delete identities from Gmail API +**`identities`** [[1.10.2]](#1102-cosmian-kms-google-identities) Insert, get, list, patch and delete identities from Gmail API --- -## 1.9.1 cosmian kms google key-pairs +## 1.10.1 cosmian kms google key-pairs Insert, get, list, enable, disabled and obliterate key pairs to Gmail API @@ -1653,30 +1743,30 @@ Insert, get, list, enable, disabled and obliterate key pairs to Gmail API ### Subcommands -**`get`** [[1.9.1.1]](#1911-cosmian-kms-google-key-pairs-get) Retrieves an existing client-side encryption key pair. +**`get`** [[1.10.1.1]](#11011-cosmian-kms-google-key-pairs-get) Retrieves an existing client-side encryption key pair. -**`list`** [[1.9.1.2]](#1912-cosmian-kms-google-key-pairs-list) Lists client-side encryption key pairs for a user. +**`list`** [[1.10.1.2]](#11012-cosmian-kms-google-key-pairs-list) Lists client-side encryption key pairs for a user. -**`enable`** [[1.9.1.3]](#1913-cosmian-kms-google-key-pairs-enable) Turns on a client-side encryption key pair that was turned off. The key pair becomes active +**`enable`** [[1.10.1.3]](#11013-cosmian-kms-google-key-pairs-enable) Turns on a client-side encryption key pair that was turned off. The key pair becomes active again for any associated client-side encryption identities. -**`disable`** [[1.9.1.4]](#1914-cosmian-kms-google-key-pairs-disable) Turns off a client-side encryption key pair. The authenticated user can no longer use the key +**`disable`** [[1.10.1.4]](#11014-cosmian-kms-google-key-pairs-disable) Turns off a client-side encryption key pair. The authenticated user can no longer use the key pair to decrypt incoming CSE message texts or sign outgoing CSE mail. To regain access, use the key pairs.enable to turn on the key pair. After 30 days, you can permanently delete the key pair by using the key pairs.obliterate method. -**`obliterate`** [[1.9.1.5]](#1915-cosmian-kms-google-key-pairs-obliterate) Deletes a client-side encryption key pair permanently and immediately. You can only permanently +**`obliterate`** [[1.10.1.5]](#11015-cosmian-kms-google-key-pairs-obliterate) Deletes a client-side encryption key pair permanently and immediately. You can only permanently delete key pairs that have been turned off for more than 30 days. To turn off a key pair, use the key pairs disable method. Gmail can't restore or decrypt any messages that were encrypted by an obliterated key. Authenticated users and Google Workspace administrators lose access to reading the encrypted messages. -**`create`** [[1.9.1.6]](#1916-cosmian-kms-google-key-pairs-create) Creates and uploads a client-side encryption S/MIME public key certificate chain and private key +**`create`** [[1.10.1.6]](#11016-cosmian-kms-google-key-pairs-create) Creates and uploads a client-side encryption S/MIME public key certificate chain and private key metadata for a user. --- -## 1.9.1.1 cosmian kms google key-pairs get +## 1.10.1.1 cosmian kms google key-pairs get Retrieves an existing client-side encryption key pair. @@ -1692,7 +1782,7 @@ Retrieves an existing client-side encryption key pair. --- -## 1.9.1.2 cosmian kms google key-pairs list +## 1.10.1.2 cosmian kms google key-pairs list Lists client-side encryption key pairs for a user. @@ -1706,7 +1796,7 @@ Lists client-side encryption key pairs for a user. --- -## 1.9.1.3 cosmian kms google key-pairs enable +## 1.10.1.3 cosmian kms google key-pairs enable Turns on a client-side encryption key pair that was turned off. The key pair becomes active again for any associated client-side encryption identities. @@ -1723,7 +1813,7 @@ again for any associated client-side encryption identities. --- -## 1.9.1.4 cosmian kms google key-pairs disable +## 1.10.1.4 cosmian kms google key-pairs disable Turns off a client-side encryption key pair. The authenticated user can no longer use the key pair to decrypt incoming CSE message texts or sign outgoing CSE mail. To regain access, use the @@ -1742,7 +1832,7 @@ by using the key pairs.obliterate method. --- -## 1.9.1.5 cosmian kms google key-pairs obliterate +## 1.10.1.5 cosmian kms google key-pairs obliterate Deletes a client-side encryption key pair permanently and immediately. You can only permanently delete key pairs that have been turned off for more than 30 days. To turn off a key pair, use @@ -1762,7 +1852,7 @@ reading the encrypted messages. --- -## 1.9.1.6 cosmian kms google key-pairs create +## 1.10.1.6 cosmian kms google key-pairs create Creates and uploads a client-side encryption S/MIME public key certificate chain and private key metadata for a user. @@ -1827,7 +1917,7 @@ Possible values: `"true", "false"` [default: `"false"`] --- -## 1.9.2 cosmian kms google identities +## 1.10.2 cosmian kms google identities Insert, get, list, patch and delete identities from Gmail API @@ -1836,24 +1926,24 @@ Insert, get, list, patch and delete identities from Gmail API ### Subcommands -**`get`** [[1.9.2.1]](#1921-cosmian-kms-google-identities-get) Retrieves a client-side encryption identity configuration. +**`get`** [[1.10.2.1]](#11021-cosmian-kms-google-identities-get) Retrieves a client-side encryption identity configuration. -**`list`** [[1.9.2.2]](#1922-cosmian-kms-google-identities-list) Lists the client-side encrypted identities for an authenticated user. +**`list`** [[1.10.2.2]](#11022-cosmian-kms-google-identities-list) Lists the client-side encrypted identities for an authenticated user. -**`insert`** [[1.9.2.3]](#1923-cosmian-kms-google-identities-insert) Creates and configures a client-side encryption identity that's authorized to send mail from the +**`insert`** [[1.10.2.3]](#11023-cosmian-kms-google-identities-insert) Creates and configures a client-side encryption identity that's authorized to send mail from the user account. Google publishes the S/MIME certificate to a shared domain-wide directory so that people within a Google Workspace organization can encrypt and send mail to the identity. -**`delete`** [[1.9.2.4]](#1924-cosmian-kms-google-identities-delete) Deletes a client-side encryption identity. The authenticated user can no longer use the identity +**`delete`** [[1.10.2.4]](#11024-cosmian-kms-google-identities-delete) Deletes a client-side encryption identity. The authenticated user can no longer use the identity to send encrypted messages. You cannot restore the identity after you delete it. Instead, use the identities.create method to create another identity with the same configuration. -**`patch`** [[1.9.2.5]](#1925-cosmian-kms-google-identities-patch) Associates a different key pair with an existing client-side encryption identity. The updated +**`patch`** [[1.10.2.5]](#11025-cosmian-kms-google-identities-patch) Associates a different key pair with an existing client-side encryption identity. The updated key pair must validate against Google's S/MIME certificate profiles. --- -## 1.9.2.1 cosmian kms google identities get +## 1.10.2.1 cosmian kms google identities get Retrieves a client-side encryption identity configuration. @@ -1867,7 +1957,7 @@ Retrieves a client-side encryption identity configuration. --- -## 1.9.2.2 cosmian kms google identities list +## 1.10.2.2 cosmian kms google identities list Lists the client-side encrypted identities for an authenticated user. @@ -1881,7 +1971,7 @@ Lists the client-side encrypted identities for an authenticated user. --- -## 1.9.2.3 cosmian kms google identities insert +## 1.10.2.3 cosmian kms google identities insert Creates and configures a client-side encryption identity that's authorized to send mail from the user account. Google publishes the S/MIME certificate to a shared domain-wide directory so that @@ -1899,7 +1989,7 @@ people within a Google Workspace organization can encrypt and send mail to the i --- -## 1.9.2.4 cosmian kms google identities delete +## 1.10.2.4 cosmian kms google identities delete Deletes a client-side encryption identity. The authenticated user can no longer use the identity to send encrypted messages. You cannot restore the identity after you delete it. Instead, use @@ -1915,7 +2005,7 @@ the identities.create method to create another identity with the same configurat --- -## 1.9.2.5 cosmian kms google identities patch +## 1.10.2.5 cosmian kms google identities patch Associates a different key pair with an existing client-side encryption identity. The updated key pair must validate against Google's S/MIME certificate profiles. @@ -1934,7 +2024,7 @@ key pair must validate against Google's S/MIME certificate profiles. --- -## 1.10 cosmian kms locate +## 1.11 cosmian kms locate Locate cryptographic objects inside the KMS @@ -1962,7 +2052,7 @@ To specify multiple tags, use the option multiple times. --- -## 1.11 cosmian kms login +## 1.12 cosmian kms login Login to the Identity Provider of the KMS server using the `OAuth2` authorization code flow. @@ -1972,7 +2062,7 @@ Login to the Identity Provider of the KMS server using the `OAuth2` authorizatio --- -## 1.12 cosmian kms logout +## 1.13 cosmian kms logout Logout from the Identity Provider @@ -1982,7 +2072,7 @@ Logout from the Identity Provider --- -## 1.13 cosmian kms hash +## 1.14 cosmian kms hash Hash arbitrary data. @@ -2009,7 +2099,7 @@ Possible values: `"true", "false"` --- -## 1.14 cosmian kms mac +## 1.15 cosmian kms mac MAC utilities: compute or verify a MAC value. @@ -2018,13 +2108,13 @@ MAC utilities: compute or verify a MAC value. ### Subcommands -**`compute`** [[1.14.1]](#1141-cosmian-kms-mac-compute) Compute a MAC over data with a MAC key +**`compute`** [[1.15.1]](#1151-cosmian-kms-mac-compute) Compute a MAC over data with a MAC key -**`verify`** [[1.14.2]](#1142-cosmian-kms-mac-verify) Verify a MAC over data with a MAC key +**`verify`** [[1.15.2]](#1152-cosmian-kms-mac-verify) Verify a MAC over data with a MAC key --- -## 1.14.1 cosmian kms mac compute +## 1.15.1 cosmian kms mac compute Compute a MAC over data with a MAC key @@ -2053,7 +2143,7 @@ Possible values: `"true", "false"` --- -## 1.14.2 cosmian kms mac verify +## 1.15.2 cosmian kms mac verify Verify a MAC over data with a MAC key @@ -2075,7 +2165,7 @@ Possible values: `"sha256", "sha384", "sha512", "sha3-224", "sha3-256", "sha3-3 --- -## 1.15 cosmian kms rng +## 1.16 cosmian kms rng RNG utilities: retrieve random bytes or seed RNG @@ -2084,13 +2174,13 @@ RNG utilities: retrieve random bytes or seed RNG ### Subcommands -**`retrieve`** [[1.15.1]](#1151-cosmian-kms-rng-retrieve) Retrieve cryptographically secure random bytes from the server RNG +**`retrieve`** [[1.16.1]](#1161-cosmian-kms-rng-retrieve) Retrieve cryptographically secure random bytes from the server RNG -**`seed`** [[1.15.2]](#1152-cosmian-kms-rng-seed) Seed the server RNG with provided hex-encoded bytes +**`seed`** [[1.16.2]](#1162-cosmian-kms-rng-seed) Seed the server RNG with provided hex-encoded bytes --- -## 1.15.1 cosmian kms rng retrieve +## 1.16.1 cosmian kms rng retrieve Retrieve cryptographically secure random bytes from the server RNG @@ -2103,7 +2193,7 @@ Retrieve cryptographically secure random bytes from the server RNG --- -## 1.15.2 cosmian kms rng seed +## 1.16.2 cosmian kms rng seed Seed the server RNG with provided hex-encoded bytes @@ -2117,7 +2207,7 @@ Seed the server RNG with provided hex-encoded bytes --- -## 1.16 cosmian kms discover-versions +## 1.17 cosmian kms discover-versions Discover KMIP protocol versions supported by the server @@ -2127,7 +2217,7 @@ Discover KMIP protocol versions supported by the server --- -## 1.17 cosmian kms query +## 1.18 cosmian kms query Query server capabilities and metadata (KMIP Query) @@ -2137,7 +2227,7 @@ Query server capabilities and metadata (KMIP Query) --- -## 1.18 cosmian kms rsa +## 1.19 cosmian kms rsa Manage RSA keys. Encrypt and decrypt data using RSA keys @@ -2146,27 +2236,27 @@ Manage RSA keys. Encrypt and decrypt data using RSA keys ### Subcommands -**`keys`** [[1.18.1]](#1181-cosmian-kms-rsa-keys) Create, destroy, import, and export RSA key pairs +**`keys`** [[1.19.1]](#1191-cosmian-kms-rsa-keys) Create, destroy, import, and export RSA key pairs -**`encrypt`** [[1.18.2]](#1182-cosmian-kms-rsa-encrypt) Encrypt a file with the given public key using either +**`encrypt`** [[1.19.2]](#1192-cosmian-kms-rsa-encrypt) Encrypt a file with the given public key using either - `CKM_RSA_PKCS` a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 - `CKM_RSA_PKCS_OAEP` a.k.a PKCS #1 RSA OAEP as specified in PKCS#11 v2.40 - `CKM_RSA_AES_KEY_WRAP` as specified in PKCS#11 v2.40 -**`decrypt`** [[1.18.3]](#1183-cosmian-kms-rsa-decrypt) Decrypt a file with the given private key using either +**`decrypt`** [[1.19.3]](#1193-cosmian-kms-rsa-decrypt) Decrypt a file with the given private key using either - `CKM_RSA_PKCS` a.k.a PKCS #1 RSA V1.5 as specified in PKCS#11 v2.40 - `CKM_RSA_PKCS_OAEP` a.k.a PKCS #1 RSA OAEP as specified in PKCS#11 v2.40 - `CKM_RSA_AES_KEY_WRAP` as specified in PKCS#11 v2.40 -**`sign`** [[1.18.4]](#1184-cosmian-kms-rsa-sign) Digital signature supported is RSASSA-PSS +**`sign`** [[1.19.4]](#1194-cosmian-kms-rsa-sign) Digital signature supported is RSASSA-PSS -**`sign-verify`** [[1.18.5]](#1185-cosmian-kms-rsa-sign-verify) Verify an RSASSA-PSS signature for a given data file +**`sign-verify`** [[1.19.5]](#1195-cosmian-kms-rsa-sign-verify) Verify an RSASSA-PSS signature for a given data file --- -## 1.18.1 cosmian kms rsa keys +## 1.19.1 cosmian kms rsa keys Create, destroy, import, and export RSA key pairs @@ -2175,23 +2265,23 @@ Create, destroy, import, and export RSA key pairs ### Subcommands -**`create`** [[1.18.1.1]](#11811-cosmian-kms-rsa-keys-create) Create a new RSA key pair +**`create`** [[1.19.1.1]](#11911-cosmian-kms-rsa-keys-create) Create a new RSA key pair -**`export`** [[1.18.1.2]](#11812-cosmian-kms-rsa-keys-export) Export a key or secret data from the KMS +**`export`** [[1.19.1.2]](#11912-cosmian-kms-rsa-keys-export) Export a key or secret data from the KMS -**`import`** [[1.18.1.3]](#11813-cosmian-kms-rsa-keys-import) Import a secret data or a key in the KMS. +**`import`** [[1.19.1.3]](#11913-cosmian-kms-rsa-keys-import) Import a secret data or a key in the KMS. -**`wrap`** [[1.18.1.4]](#11814-cosmian-kms-rsa-keys-wrap) Locally wrap a secret data or key in KMIP JSON TTLV format. +**`wrap`** [[1.19.1.4]](#11914-cosmian-kms-rsa-keys-wrap) Locally wrap a secret data or key in KMIP JSON TTLV format. -**`unwrap`** [[1.18.1.5]](#11815-cosmian-kms-rsa-keys-unwrap) Locally unwrap a secret data or key in KMIP JSON TTLV format. +**`unwrap`** [[1.19.1.5]](#11915-cosmian-kms-rsa-keys-unwrap) Locally unwrap a secret data or key in KMIP JSON TTLV format. -**`revoke`** [[1.18.1.6]](#11816-cosmian-kms-rsa-keys-revoke) Revoke a public or private key +**`revoke`** [[1.19.1.6]](#11916-cosmian-kms-rsa-keys-revoke) Revoke a public or private key -**`destroy`** [[1.18.1.7]](#11817-cosmian-kms-rsa-keys-destroy) Destroy a public or private key +**`destroy`** [[1.19.1.7]](#11917-cosmian-kms-rsa-keys-destroy) Destroy a public or private key --- -## 1.18.1.1 cosmian kms rsa keys create +## 1.19.1.1 cosmian kms rsa keys create Create a new RSA key pair @@ -2220,7 +2310,7 @@ If the wrapping key is: --- -## 1.18.1.2 cosmian kms rsa keys export +## 1.19.1.2 cosmian kms rsa keys export Export a key or secret data from the KMS @@ -2279,7 +2369,7 @@ Possible values: `"aes-key-wrap-padding", "nist-key-wrap", "aes-gcm", "rsa-pkcs --- -## 1.18.1.3 cosmian kms rsa keys import +## 1.19.1.3 cosmian kms rsa keys import Import a secret data or a key in the KMS. @@ -2327,7 +2417,7 @@ If the wrapping key is: --- -## 1.18.1.4 cosmian kms rsa keys wrap +## 1.19.1.4 cosmian kms rsa keys wrap Locally wrap a secret data or key in KMIP JSON TTLV format. @@ -2352,7 +2442,7 @@ Locally wrap a secret data or key in KMIP JSON TTLV format. --- -## 1.18.1.5 cosmian kms rsa keys unwrap +## 1.19.1.5 cosmian kms rsa keys unwrap Locally unwrap a secret data or key in KMIP JSON TTLV format. @@ -2375,7 +2465,7 @@ Locally unwrap a secret data or key in KMIP JSON TTLV format. --- -## 1.18.1.6 cosmian kms rsa keys revoke +## 1.19.1.6 cosmian kms rsa keys revoke Revoke a public or private key @@ -2393,7 +2483,7 @@ Revoke a public or private key --- -## 1.18.1.7 cosmian kms rsa keys destroy +## 1.19.1.7 cosmian kms rsa keys destroy Destroy a public or private key @@ -2416,7 +2506,7 @@ Possible values: `"true", "false"` [default: `"false"`] --- -## 1.18.2 cosmian kms rsa encrypt +## 1.19.2 cosmian kms rsa encrypt Encrypt a file with the given public key using either @@ -2448,7 +2538,7 @@ Possible values: `"sha1", "sha224", "sha256", "sha384", "sha512", "sha3-224", " --- -## 1.18.3 cosmian kms rsa decrypt +## 1.19.3 cosmian kms rsa decrypt Decrypt a file with the given private key using either @@ -2480,7 +2570,7 @@ Possible values: `"sha1", "sha224", "sha256", "sha384", "sha512", "sha3-224", " --- -## 1.18.4 cosmian kms rsa sign +## 1.19.4 cosmian kms rsa sign Digital signature supported is RSASSA-PSS @@ -2504,7 +2594,7 @@ Possible values: `"true", "false"` --- -## 1.18.5 cosmian kms rsa sign-verify +## 1.19.5 cosmian kms rsa sign-verify Verify an RSASSA-PSS signature for a given data file @@ -2532,7 +2622,7 @@ Possible values: `"true", "false"` --- -## 1.19 cosmian kms opaque-object +## 1.20 cosmian kms opaque-object Create, import, export, revoke and destroy Opaque Objects @@ -2541,19 +2631,19 @@ Create, import, export, revoke and destroy Opaque Objects ### Subcommands -**`create`** [[1.19.1]](#1191-cosmian-kms-opaque-object-create) Create (register) an `OpaqueObject` by importing raw bytes. +**`create`** [[1.20.1]](#1201-cosmian-kms-opaque-object-create) Create (register) an `OpaqueObject` by importing raw bytes. -**`export`** [[1.19.2]](#1192-cosmian-kms-opaque-object-export) Export a key or secret data from the KMS +**`export`** [[1.20.2]](#1202-cosmian-kms-opaque-object-export) Export a key or secret data from the KMS -**`import`** [[1.19.3]](#1193-cosmian-kms-opaque-object-import) Import a secret data or a key in the KMS. +**`import`** [[1.20.3]](#1203-cosmian-kms-opaque-object-import) Import a secret data or a key in the KMS. -**`revoke`** [[1.19.4]](#1194-cosmian-kms-opaque-object-revoke) Revoke an `OpaqueObject` +**`revoke`** [[1.20.4]](#1204-cosmian-kms-opaque-object-revoke) Revoke an `OpaqueObject` -**`destroy`** [[1.19.5]](#1195-cosmian-kms-opaque-object-destroy) Destroy an `OpaqueObject` +**`destroy`** [[1.20.5]](#1205-cosmian-kms-opaque-object-destroy) Destroy an `OpaqueObject` --- -## 1.19.1 cosmian kms opaque-object create +## 1.20.1 cosmian kms opaque-object create Create (register) an `OpaqueObject` by importing raw bytes. @@ -2574,7 +2664,7 @@ Create (register) an `OpaqueObject` by importing raw bytes. --- -## 1.19.2 cosmian kms opaque-object export +## 1.20.2 cosmian kms opaque-object export Export a key or secret data from the KMS @@ -2633,7 +2723,7 @@ Possible values: `"aes-key-wrap-padding", "nist-key-wrap", "aes-gcm", "rsa-pkcs --- -## 1.19.3 cosmian kms opaque-object import +## 1.20.3 cosmian kms opaque-object import Import a secret data or a key in the KMS. @@ -2681,7 +2771,7 @@ If the wrapping key is: --- -## 1.19.4 cosmian kms opaque-object revoke +## 1.20.4 cosmian kms opaque-object revoke Revoke an `OpaqueObject` @@ -2699,7 +2789,7 @@ Revoke an `OpaqueObject` --- -## 1.19.5 cosmian kms opaque-object destroy +## 1.20.5 cosmian kms opaque-object destroy Destroy an `OpaqueObject` @@ -2720,7 +2810,7 @@ Possible values: `"true", "false"` [default: `"false"`] --- -## 1.20 cosmian kms secret-data +## 1.21 cosmian kms secret-data Create, import, export and destroy secret data @@ -2729,23 +2819,23 @@ Create, import, export and destroy secret data ### Subcommands -**`create`** [[1.20.1]](#1201-cosmian-kms-secret-data-create) Create a new secret data +**`create`** [[1.21.1]](#1211-cosmian-kms-secret-data-create) Create a new secret data -**`export`** [[1.20.2]](#1202-cosmian-kms-secret-data-export) Export a key or secret data from the KMS +**`export`** [[1.21.2]](#1212-cosmian-kms-secret-data-export) Export a key or secret data from the KMS -**`import`** [[1.20.3]](#1203-cosmian-kms-secret-data-import) Import a secret data or a key in the KMS. +**`import`** [[1.21.3]](#1213-cosmian-kms-secret-data-import) Import a secret data or a key in the KMS. -**`wrap`** [[1.20.4]](#1204-cosmian-kms-secret-data-wrap) Locally wrap a secret data or key in KMIP JSON TTLV format. +**`wrap`** [[1.21.4]](#1214-cosmian-kms-secret-data-wrap) Locally wrap a secret data or key in KMIP JSON TTLV format. -**`unwrap`** [[1.20.5]](#1205-cosmian-kms-secret-data-unwrap) Locally unwrap a secret data or key in KMIP JSON TTLV format. +**`unwrap`** [[1.21.5]](#1215-cosmian-kms-secret-data-unwrap) Locally unwrap a secret data or key in KMIP JSON TTLV format. -**`revoke`** [[1.20.6]](#1206-cosmian-kms-secret-data-revoke) Revoke a secret data +**`revoke`** [[1.21.6]](#1216-cosmian-kms-secret-data-revoke) Revoke a secret data -**`destroy`** [[1.20.7]](#1207-cosmian-kms-secret-data-destroy) Destroy a secret data +**`destroy`** [[1.21.7]](#1217-cosmian-kms-secret-data-destroy) Destroy a secret data --- -## 1.20.1 cosmian kms secret-data create +## 1.21.1 cosmian kms secret-data create Create a new secret data @@ -2778,7 +2868,7 @@ If the wrapping key is: --- -## 1.20.2 cosmian kms secret-data export +## 1.21.2 cosmian kms secret-data export Export a key or secret data from the KMS @@ -2837,7 +2927,7 @@ Possible values: `"aes-key-wrap-padding", "nist-key-wrap", "aes-gcm", "rsa-pkcs --- -## 1.20.3 cosmian kms secret-data import +## 1.21.3 cosmian kms secret-data import Import a secret data or a key in the KMS. @@ -2885,7 +2975,7 @@ If the wrapping key is: --- -## 1.20.4 cosmian kms secret-data wrap +## 1.21.4 cosmian kms secret-data wrap Locally wrap a secret data or key in KMIP JSON TTLV format. @@ -2910,7 +3000,7 @@ Locally wrap a secret data or key in KMIP JSON TTLV format. --- -## 1.20.5 cosmian kms secret-data unwrap +## 1.21.5 cosmian kms secret-data unwrap Locally unwrap a secret data or key in KMIP JSON TTLV format. @@ -2933,7 +3023,7 @@ Locally unwrap a secret data or key in KMIP JSON TTLV format. --- -## 1.20.6 cosmian kms secret-data revoke +## 1.21.6 cosmian kms secret-data revoke Revoke a secret data @@ -2951,7 +3041,7 @@ Revoke a secret data --- -## 1.20.7 cosmian kms secret-data destroy +## 1.21.7 cosmian kms secret-data destroy Destroy a secret data @@ -2974,7 +3064,7 @@ Possible values: `"true", "false"` [default: `"false"`] --- -## 1.21 cosmian kms server-version +## 1.22 cosmian kms server-version Print the version of the server @@ -2984,7 +3074,7 @@ Print the version of the server --- -## 1.22 cosmian kms sym +## 1.23 cosmian kms sym Manage symmetric keys. Encrypt and decrypt data @@ -2993,15 +3083,15 @@ Manage symmetric keys. Encrypt and decrypt data ### Subcommands -**`keys`** [[1.22.1]](#1221-cosmian-kms-sym-keys) Create, destroy, import, and export symmetric keys +**`keys`** [[1.23.1]](#1231-cosmian-kms-sym-keys) Create, destroy, import, and export symmetric keys -**`encrypt`** [[1.22.2]](#1222-cosmian-kms-sym-encrypt) Encrypt a file using a symmetric cipher +**`encrypt`** [[1.23.2]](#1232-cosmian-kms-sym-encrypt) Encrypt a file using a symmetric cipher -**`decrypt`** [[1.22.3]](#1223-cosmian-kms-sym-decrypt) Decrypt a file using a symmetric key. +**`decrypt`** [[1.23.3]](#1233-cosmian-kms-sym-decrypt) Decrypt a file using a symmetric key. --- -## 1.22.1 cosmian kms sym keys +## 1.23.1 cosmian kms sym keys Create, destroy, import, and export symmetric keys @@ -3010,25 +3100,25 @@ Create, destroy, import, and export symmetric keys ### Subcommands -**`create`** [[1.22.1.1]](#12211-cosmian-kms-sym-keys-create) Create a new symmetric key +**`create`** [[1.23.1.1]](#12311-cosmian-kms-sym-keys-create) Create a new symmetric key -**`re-key`** [[1.22.1.2]](#12212-cosmian-kms-sym-keys-re-key) Refresh an existing symmetric key +**`re-key`** [[1.23.1.2]](#12312-cosmian-kms-sym-keys-re-key) Refresh an existing symmetric key -**`export`** [[1.22.1.3]](#12213-cosmian-kms-sym-keys-export) Export a key or secret data from the KMS +**`export`** [[1.23.1.3]](#12313-cosmian-kms-sym-keys-export) Export a key or secret data from the KMS -**`import`** [[1.22.1.4]](#12214-cosmian-kms-sym-keys-import) Import a secret data or a key in the KMS. +**`import`** [[1.23.1.4]](#12314-cosmian-kms-sym-keys-import) Import a secret data or a key in the KMS. -**`wrap`** [[1.22.1.5]](#12215-cosmian-kms-sym-keys-wrap) Locally wrap a secret data or key in KMIP JSON TTLV format. +**`wrap`** [[1.23.1.5]](#12315-cosmian-kms-sym-keys-wrap) Locally wrap a secret data or key in KMIP JSON TTLV format. -**`unwrap`** [[1.22.1.6]](#12216-cosmian-kms-sym-keys-unwrap) Locally unwrap a secret data or key in KMIP JSON TTLV format. +**`unwrap`** [[1.23.1.6]](#12316-cosmian-kms-sym-keys-unwrap) Locally unwrap a secret data or key in KMIP JSON TTLV format. -**`revoke`** [[1.22.1.7]](#12217-cosmian-kms-sym-keys-revoke) Revoke a symmetric key +**`revoke`** [[1.23.1.7]](#12317-cosmian-kms-sym-keys-revoke) Revoke a symmetric key -**`destroy`** [[1.22.1.8]](#12218-cosmian-kms-sym-keys-destroy) Destroy a symmetric key +**`destroy`** [[1.23.1.8]](#12318-cosmian-kms-sym-keys-destroy) Destroy a symmetric key --- -## 1.22.1.1 cosmian kms sym keys create +## 1.23.1.1 cosmian kms sym keys create Create a new symmetric key @@ -3063,7 +3153,7 @@ If the wrapping key is: --- -## 1.22.1.2 cosmian kms sym keys re-key +## 1.23.1.2 cosmian kms sym keys re-key Refresh an existing symmetric key @@ -3076,7 +3166,7 @@ Refresh an existing symmetric key --- -## 1.22.1.3 cosmian kms sym keys export +## 1.23.1.3 cosmian kms sym keys export Export a key or secret data from the KMS @@ -3135,7 +3225,7 @@ Possible values: `"aes-key-wrap-padding", "nist-key-wrap", "aes-gcm", "rsa-pkcs --- -## 1.22.1.4 cosmian kms sym keys import +## 1.23.1.4 cosmian kms sym keys import Import a secret data or a key in the KMS. @@ -3183,7 +3273,7 @@ If the wrapping key is: --- -## 1.22.1.5 cosmian kms sym keys wrap +## 1.23.1.5 cosmian kms sym keys wrap Locally wrap a secret data or key in KMIP JSON TTLV format. @@ -3208,7 +3298,7 @@ Locally wrap a secret data or key in KMIP JSON TTLV format. --- -## 1.22.1.6 cosmian kms sym keys unwrap +## 1.23.1.6 cosmian kms sym keys unwrap Locally unwrap a secret data or key in KMIP JSON TTLV format. @@ -3231,7 +3321,7 @@ Locally unwrap a secret data or key in KMIP JSON TTLV format. --- -## 1.22.1.7 cosmian kms sym keys revoke +## 1.23.1.7 cosmian kms sym keys revoke Revoke a symmetric key @@ -3249,7 +3339,7 @@ Revoke a symmetric key --- -## 1.22.1.8 cosmian kms sym keys destroy +## 1.23.1.8 cosmian kms sym keys destroy Destroy a symmetric key @@ -3272,7 +3362,7 @@ Possible values: `"true", "false"` [default: `"false"`] --- -## 1.22.2 cosmian kms sym encrypt +## 1.23.2 cosmian kms sym encrypt Encrypt a file using a symmetric cipher @@ -3304,7 +3394,7 @@ Possible values: `"chacha20-poly1305", "aes-gcm", "aes-xts", "aes-gcm-siv", "rf --- -## 1.22.3 cosmian kms sym decrypt +## 1.23.3 cosmian kms sym decrypt Decrypt a file using a symmetric key. diff --git a/documentation/docs/index.md b/documentation/docs/index.md index 94b07a46..0d240225 100644 --- a/documentation/docs/index.md +++ b/documentation/docs/index.md @@ -27,7 +27,7 @@ By leveraging Cosmian CLI, users can seamlessly integrate advanced cryptographic !!! info "Download cosmian" Please download the latest versions for your Operating System from - the [Cosmian public packages repository](https://package.cosmian.com/cli/1.8.1/) + the [Cosmian public packages repository](https://package.cosmian.com/cli/1.9.0/) See below for installation instructions. ## Version correspondence @@ -38,9 +38,11 @@ By leveraging Cosmian CLI, users can seamlessly integrate advanced cryptographic | CLI version | KMS version | Findex server version | | ----------- | ---------------- | --------------------- | -| 1.8.* | 5.15.0 | 0.4.12 | -| 1.8.0 | 5.14.1 | 0.4.11 | -| 1.7.0 | 5.14.0 | 0.4.10 | +| 1.9.* | 5.16.1 | 0.4.14 | +| 1.9.* | 5.16.0 | 0.4.13 | +| 1.8.* | 5.15.0 | 0.4.12 | +| 1.8.0 | 5.14.1 | 0.4.11 | +| 1.7.0 | 5.14.0 | 0.4.10 | | 1.6.0 | 5.13.* | 0.4.* | | 1.5.2 | 5.12.* | 0.4.* | | 1.5.1 | 5.11.* | 0.4.* | diff --git a/documentation/docs/installation.md b/documentation/docs/installation.md index 77440ba9..c4b64a41 100644 --- a/documentation/docs/installation.md +++ b/documentation/docs/installation.md @@ -4,8 +4,8 @@ ```console title="On local machine" sudo apt update && sudo apt install -y wget - wget https://package.cosmian.com/cli/1.8.1/debian10/cosmian-cli_1.8.1-1_amd64.deb - sudo apt install ./cosmian-cli_1.8.1-1_amd64.deb + wget https://package.cosmian.com/cli/1.9.0/debian10/cosmian-cli_1.9.0-1_amd64.deb + sudo apt install ./cosmian-cli_1.9.0-1_amd64.deb cosmian --version ``` @@ -15,8 +15,8 @@ ```console title="On local machine" sudo apt update && sudo apt install -y wget - wget https://package.cosmian.com/cli/1.8.1/ubuntu-22.04/cosmian-cli_1.8.1-1_amd64.deb - sudo apt install ./cosmian-cli_1.8.1-1_amd64.deb + wget https://package.cosmian.com/cli/1.9.0/ubuntu-22.04/cosmian-cli_1.9.0-1_amd64.deb + sudo apt install ./cosmian-cli_1.9.0-1_amd64.deb cosmian --version ``` @@ -26,8 +26,8 @@ ```console title="On local machine" sudo apt update && sudo apt install -y wget - wget https://package.cosmian.com/cli/1.8.1/ubuntu-24.04/cosmian-cli_1.8.1-1_amd64.deb - sudo apt install ./cosmian-cli_1.8.1-1_amd64.deb + wget https://package.cosmian.com/cli/1.9.0/ubuntu-24.04/cosmian-cli_1.9.0-1_amd64.deb + sudo apt install ./cosmian-cli_1.9.0-1_amd64.deb cosmian --version ``` @@ -37,8 +37,8 @@ ```console title="On local machine" sudo dnf update && sudo dnf install -y wget - wget https://package.cosmian.com/cli/1.8.1/rockylinux8/cosmian_cli-1.8.1-1.x86_64.rpm - sudo dnf install ./cosmian_cli-1.8.1-1.x86_64.rpm + wget https://package.cosmian.com/cli/1.9.0/rockylinux8/cosmian_cli-1.9.0-1.x86_64.rpm + sudo dnf install ./cosmian_cli-1.9.0-1.x86_64.rpm cosmian --version ``` @@ -48,8 +48,8 @@ ```console title="On local machine" sudo dnf update && sudo dnf install -y wget - wget https://package.cosmian.com/cli/1.8.1/rockylinux9/cosmian_cli-1.8.1-1.x86_64.rpm - sudo dnf install ./cosmian_cli-1.8.1-1.x86_64.rpm + wget https://package.cosmian.com/cli/1.9.0/rockylinux9/cosmian_cli-1.9.0-1.x86_64.rpm + sudo dnf install ./cosmian_cli-1.9.0-1.x86_64.rpm cosmian --version ``` @@ -58,7 +58,7 @@ On ARM MacOS, download the build archive and extract it: ```console title="On local machine" - wget https://package.cosmian.com/cli/1.8.1/macos_arm-release.zip + wget https://package.cosmian.com/cli/1.9.0/macos_arm-release.zip unzip macos_arm-release.zip cp ./macos_arm-release/release/cosmian /usr/local/bin/ chmod u+x /usr/local/bin/cosmian @@ -68,7 +68,7 @@ On Intel MacOS, download the build archive and extract it: ```console title="On local machine" - wget https://package.cosmian.com/cli/1.8.1/macos_intel-release.zip + wget https://package.cosmian.com/cli/1.9.0/macos_intel-release.zip unzip macos_intel-release.zip cp ./macos_intel-release/release/cosmian /usr/local/bin/ chmod u+x /usr/local/bin/cosmian @@ -80,7 +80,7 @@ On Windows, download the build archive: ```console title="Build archive" - https://package.cosmian.com/cli/1.8.1/windows-release.zip + https://package.cosmian.com/cli/1.9.0/windows-release.zip ``` Extract the cosmian from: diff --git a/documentation/docs/pkcs11/oracle/tde.md b/documentation/docs/pkcs11/oracle/tde.md index b79ce745..dc077c59 100644 --- a/documentation/docs/pkcs11/oracle/tde.md +++ b/documentation/docs/pkcs11/oracle/tde.md @@ -56,7 +56,7 @@ graph TD Before configuring a HSM such as described in [Oracle Key Vault](https://docs.oracle.com/en/database/oracle/key-vault/21.10/okvhm/index.html), some steps are needed: -For Oracle Database OS, the PKCS#11 library is available here: [cosmian-pkcs11](https://package.cosmian.com/cli/1.8.1/debian10-release.zip). +For Oracle Database OS, the PKCS#11 library is available here: [cosmian-pkcs11](https://package.cosmian.com/cli/1.9.0/debian10-release.zip). - Extract debian10-release.zip (debian 10 Buster is used for Glibc compatibility) - Copy the PKCS#11 provider library to the Oracle Key Vault server to `/usr/local/okv/hsm/generic/libcosmian_pkcs11.so` @@ -126,7 +126,7 @@ graph TD 1. **Install Cosmian PKCS#11 Library** - For Oracle Database OS, the PKCS#11 library is available here: [cosmian-pkcs11](https://package.cosmian.com/cli/1.8.1/debian10-release.zip). + For Oracle Database OS, the PKCS#11 library is available here: [cosmian-pkcs11](https://package.cosmian.com/cli/1.9.0/debian10-release.zip). ```bash # Extract library from debian10-release.zip. diff --git a/findex-server b/findex-server index a837d2ab..2c6962d3 160000 --- a/findex-server +++ b/findex-server @@ -1 +1 @@ -Subproject commit a837d2ab85c4cf787592f18e8617086fe594b14c +Subproject commit 2c6962d305d85b3f54bb21bcca86758ce4e25dca diff --git a/kms b/kms index 3ea3fc84..5c1d91e9 160000 --- a/kms +++ b/kms @@ -1 +1 @@ -Subproject commit 3ea3fc849de6f21231118602440657ed90917c38 +Subproject commit 5c1d91e9e72c77dd2bfff0cb0989ed221c4de2c4