# Python-Zcrypto
This Python package provides API's to access [Certificate Management Services (CMS).](https://www.ibm.com/docs/en/zos/2.5.0?topic=programming-certificate-management-services-cms-api-reference) The APIs in this module can be used to create/manage your own key database files, and extract certificates stored in the key database file or RACF key ring. The helper package is installed alongside python zcrypto, and is only used to bundle together functionality.
## Setup
It's best practice to install in a clean virtual environment with `--system-site-packages` to get access to other needed dependencies (cffi, cryptography, six, pycparser) required by pyOpenSSL.
A C compiler is required to install this package from source. See [this](https://www.ibm.com/docs/en/python-zos/3.12?topic=using-cc-compilers-open-enterprise-sdk-python-312) page for supported compilers and required environment variables to use them.
```
# Install from PyPI
python3 -m venv venv --system-site-packages
source venv/bin/activate
pip3 install py_zcrypto
```
```
# Install from local
python3 -m venv venv --system-site-packages
source venv/bin/activate
pip3 install ./py-zcrypto
```
## Usage
### The `get_keypair` method shows how to get a public/private keypair using zcrypto.
```
import py_zcrypto
from helper import export_keypair
from py_zcrypto import zcrypto
def get_keypair(ring_name, cert_name, key_name, password, keypair_name):
'''
Export keypair method will export the public/private keypair
from your RACF keyring and convert the encoding to pem.
Parameters:
zcrypto_object (zcrypto) : A zcrypto object
cert_name (string) : String name for the certificate file
key_name (String) : String name for the key file
password (String) : String password for the keyfile
keypair_name (String) : String name for the public/private
keypair from RACF
Returns:
Nothing. If successful will create 4 files;
cert and key files (pem and der encoded)
'''
py_zcrypto_obj = zcrypto()
try:
py_zcrypto_obj.open_key_ring(ring_name)
except py_zcrypto.GSKError as e:
print(str(e))
return
export_keypair(py_zcrypto_obj, cert_name, key_name, password, keypair_name, "output.pem")
py_zcrypto_obj.close_database()
```
## The `get_certificate_fromRACF` method shows how to export a CA certificate.
```
import sys
import py_zcrypto
from helper import convert_der_cert_to_pem
def get_certificate_fromRACF():
'''
Export a CA certificate from a RACF keyring and convert
encoding to pem.
Returns:
return 0 if successful along with a der and pem encoded CA certificate.
'''
py_zcrypto_obj = py_zcrypto.zcrypto()
try:
py_zcrypto_obj.open_key_ring("ring_name")
except py_zcrypto.GSKError as e:
print(str(e))
return
try:
py_zcrypto_obj.export_cert_to_file("public_key_file.der",
"CACert_name")
except py_zcrypto.GSKError as e:
print(str(e))
return
convert_der_cert_to_pem("public_key_file.der")
return
```
## Notes
- Error codes are Certificate Management Services (CMS) status codes in decimal format. These codes can be found in the header gskcms.h.
- Additional details about the Certificate Management Services (CMS) API can be found [here](https://www.ibm.com/docs/en/zos/2.5.0?topic=programming-certificate-management-services-cms-api-reference)
- Only use the pem encoded versions of certificates/public/private keys for python purposes.
## Docstrings
To view a function docstring, type the method name followed by .doc
```
print(Pythonzcrypto.__doc__)
```
To view all methods available, read the package docstring:
```
python3 -c "import py_zcrypto; print(help(py_zcrypto))"
python3 -c "import helper; print(help(helper.helper))"
```
Raw data
{
"_id": null,
"home_page": null,
"name": "py-zcrypto",
"maintainer": null,
"docs_url": null,
"requires_python": null,
"maintainer_email": null,
"keywords": null,
"author": "IBM",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/a5/af/acc4bdabb57b87399cf5c55ecf0c62eef501dd6997c6aff275a04ad90dc8/py_zcrypto-1.0.2.tar.gz",
"platform": null,
"description": "# Python-Zcrypto\n\nThis Python package provides API's to access [Certificate Management Services (CMS).](https://www.ibm.com/docs/en/zos/2.5.0?topic=programming-certificate-management-services-cms-api-reference) The APIs in this module can be used to create/manage your own key database files, and extract certificates stored in the key database file or RACF key ring. The helper package is installed alongside python zcrypto, and is only used to bundle together functionality. \n\n## Setup\nIt's best practice to install in a clean virtual environment with `--system-site-packages` to get access to other needed dependencies (cffi, cryptography, six, pycparser) required by pyOpenSSL.\n\nA C compiler is required to install this package from source. See [this](https://www.ibm.com/docs/en/python-zos/3.12?topic=using-cc-compilers-open-enterprise-sdk-python-312) page for supported compilers and required environment variables to use them.\n\n```\n# Install from PyPI\npython3 -m venv venv --system-site-packages\nsource venv/bin/activate\npip3 install py_zcrypto\n```\n\n```\n# Install from local\npython3 -m venv venv --system-site-packages\nsource venv/bin/activate\npip3 install ./py-zcrypto\n```\n\n## Usage\n### The `get_keypair` method shows how to get a public/private keypair using zcrypto. \n```\nimport py_zcrypto\nfrom helper import export_keypair\nfrom py_zcrypto import zcrypto\n\ndef get_keypair(ring_name, cert_name, key_name, password, keypair_name):\n '''\n Export keypair method will export the public/private keypair\n from your RACF keyring and convert the encoding to pem.\n Parameters:\n zcrypto_object (zcrypto) : A zcrypto object\n cert_name (string) : String name for the certificate file\n key_name (String) : String name for the key file\n password (String) : String password for the keyfile\n keypair_name (String) : String name for the public/private\n keypair from RACF\n Returns:\n Nothing. If successful will create 4 files;\n cert and key files (pem and der encoded)\n '''\n py_zcrypto_obj = zcrypto()\n try:\n py_zcrypto_obj.open_key_ring(ring_name)\n except py_zcrypto.GSKError as e:\n print(str(e))\n return\n\n export_keypair(py_zcrypto_obj, cert_name, key_name, password, keypair_name, \"output.pem\")\n\n py_zcrypto_obj.close_database()\n \n```\n## The `get_certificate_fromRACF` method shows how to export a CA certificate.\n```\nimport sys\nimport py_zcrypto\nfrom helper import convert_der_cert_to_pem\n\ndef get_certificate_fromRACF():\n '''\n Export a CA certificate from a RACF keyring and convert\n encoding to pem.\n Returns:\n return 0 if successful along with a der and pem encoded CA certificate.\n '''\n \n py_zcrypto_obj = py_zcrypto.zcrypto()\n try:\n py_zcrypto_obj.open_key_ring(\"ring_name\")\n except py_zcrypto.GSKError as e:\n print(str(e))\n return\n\n try:\n py_zcrypto_obj.export_cert_to_file(\"public_key_file.der\",\n \"CACert_name\")\n except py_zcrypto.GSKError as e:\n print(str(e))\n return\n\n convert_der_cert_to_pem(\"public_key_file.der\")\n return\n```\n## Notes\n- Error codes are Certificate Management Services (CMS) status codes in decimal format. These codes can be found in the header gskcms.h.\n\n- Additional details about the Certificate Management Services (CMS) API can be found [here](https://www.ibm.com/docs/en/zos/2.5.0?topic=programming-certificate-management-services-cms-api-reference)\n- Only use the pem encoded versions of certificates/public/private keys for python purposes.\n\n## Docstrings\nTo view a function docstring, type the method name followed by .doc\n```\nprint(Pythonzcrypto.__doc__)\n```\nTo view all methods available, read the package docstring:\n```\npython3 -c \"import py_zcrypto; print(help(py_zcrypto))\"\npython3 -c \"import helper; print(help(helper.helper))\"\n```\n\n",
"bugtrack_url": null,
"license": "License :: OSI Approved :: Apache Software License",
"summary": "Python interface for accessing RACF Keyrings and key databases on z/OS",
"version": "1.0.2",
"project_urls": {
"Source Code": "https://github.com/IBM/py-zcrypto/"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a5afacc4bdabb57b87399cf5c55ecf0c62eef501dd6997c6aff275a04ad90dc8",
"md5": "8f554a9437ade5fe5f3c9d00c592c2b6",
"sha256": "c4f8791b63b78abb07119baef784b98ecee93f8661ff1a3ea41a365e8bdc84db"
},
"downloads": -1,
"filename": "py_zcrypto-1.0.2.tar.gz",
"has_sig": false,
"md5_digest": "8f554a9437ade5fe5f3c9d00c592c2b6",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 11218,
"upload_time": "2024-09-13T18:21:23",
"upload_time_iso_8601": "2024-09-13T18:21:23.097826Z",
"url": "https://files.pythonhosted.org/packages/a5/af/acc4bdabb57b87399cf5c55ecf0c62eef501dd6997c6aff275a04ad90dc8/py_zcrypto-1.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-09-13 18:21:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "IBM",
"github_project": "py-zcrypto",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "py-zcrypto"
}
JSON
