Covercrypt Policy Management¶
Extract or view policies of existing keys, and create a binary policy from specifications.
create¶
Create a policy binary file from policy specifications.
The policy specifications must be passed as a JSON in a file, for example:
{
"Security Level::<": [
"Protected",
"Confidential",
"Top Secret::+"
],
"Department": [
"R&D",
"HR",
"MKG",
"FIN"
]
}
These specifications create a policy where:
- the policy is defined with 2 policy axes:
Security Level
andDepartment
- the
Security Level
axis is hierarchical as indicated by the::<
suffix, - the
Security Level
axis has 3 possible values:Protected
,Confidential
, andTop Secret
, - the
Department
axis has 4 possible values:R&D
,HR
,MKG
, andFIN
, - all partitions which are
Top Secret
will be encrypted using post-quantum hybridized cryptography, as indicated by the::+
suffix on the value, - all other partitions will use classic cryptography.
Usage:
Options:
-s, --specifications <POLICY_SPECIFICATIONS_FILE>
The policy specifications filename.
The policy is expressed as a JSON object describing the Policy axes.
See the documentation for details
[default: policy_specifications.json]
-p, --policy <POLICY_BINARY_FILE>
The output binary policy file generated from the specifications file
[default: policy.bin]
-h, --help
Print help (see a summary with '-h')
view¶
View the policy of an existing public or private master key.
- Use the
--key-id
switch to extract the policy from a key stored in the KMS. - Use the
--key-file
switch to extract rhe policy from a Key exported as TTLV.
Usage:
Options:
-i, --key-id <KEY_ID>
The public or private master key ID if the key is stored in the KMS
-f, --key-file <KEY_FILE>
If `key-id` is not provided, the file containing the public or private master key in TTLV format
-d, --detailed
Show all the policy details rather than just the specifications
-h, --help
Print help (see a summary with '-h')
specs¶
Extract the policy specifications from a public or private master key to a policy specifications file.
- Use the
--key-id
switch to extract the policy from a key stored in the KMS. - Use the
--key-file
switch to extract the policy from a Key exported as TTLV.
Usage:
Options:
-i, --key-id <KEY_ID>
The public or private master key ID if the key is stored in the KMS
-f, --key-file <KEY_FILE>
If `key-id` is not provided, the file containing the public or private master key in JSON TTLV format
-s, --specifications <POLICY_SPECS_FILE>
The output policy specifications file
[default: policy_specifications.json]
-h, --help
Print help (see a summary with '-h')
binary¶
Extract the policy from a public or private master key to a policy binary file.
- Use the
--key-id
switch to extract the policy from a key stored in the KMS. - Use the
--key-file
switch to extract the policy from a Key exported as TTLV.
Usage:
Options:
-i, --key-id <KEY_ID>
The public or private master key ID if the key is stored in the KMS
-f, --key-file <KEY_FILE>
If `key-id` is not provided, the file containing the public or private master key in TTLV format
-p, --policy <POLICY_BINARY_FILE>
The output binary policy file
[default: policy.bin]
-h, --help
Print help (see a summary with '-h')
help¶
Print the help message or the help of the given subcommand(s).