diff --git a/enclave/qtsm-sdk-c/samples/README.md b/enclave/qtsm-sdk-c/samples/README.md index b897d1184c01db083f9ab44a17ef545355b83e65..e9891610aefe7f9c9a65cb5a486f324fa8007a35 100644 --- a/enclave/qtsm-sdk-c/samples/README.md +++ b/enclave/qtsm-sdk-c/samples/README.md @@ -23,7 +23,7 @@ Please compiling the `libqtsm` firstly. ## Preparation - Build up a project and then you can get a `${ProjectID}` -- Create a IAM account for the secure operator and generate the secure operator's `${SecureAK}` and `${SecureSK}` +- Create a IAM account for the secure operator and generate the secure operator's `${SecureOPSAK}` and `${SecureOPSSK}` - Grant the KMS encryption right to the secure operator - Create a IAM account for the SRE operator and generate the SRE operator's `${SREAK}` and `${SRESK}` - Grant the KMS decryption right to the SRE operator @@ -34,10 +34,11 @@ Please compiling the `libqtsm` firstly. You can use the `scripts/encryptAndDecrypt.py` to encrypt one plaintext and put the ciphertext into a bucket in the Huawei OBS serice. - Encrypt one plaintext -`python3 script/encryptAndDecrypt.py encrypt -a ${SecureAK} -s ${SecureSK} -e ${KMSEndpoint} -p ${Plaintext} -w ${ProjectID} -k ${KeyID}` +`python3 script/encryptAndDecrypt.py encrypt -a ${SecureOPSAK} -s ${SecureOPSSK} -e ${KMSEndpoint} -p ${Plaintext} -w ${ProjectID} -k ${KeyID}` Then, you can get the `${Ciphertext}` after executing. - Put the `${Ciphertext}` into the OBS bucket (`${OBSBucket}`) with the key `${CiphertextKey}` +- pass the `${SREAK}` and `${SRESK}` by environment variables(`SREAK` and `SRESK`) ## Fill out the `config.json` @@ -45,8 +46,6 @@ You need to specify contents in the `src/config.json`. ```json { "IAM":{ - "AK": "${SREAK}", - "SK": "${SRESK}", "KeyId" : "${KeyID}", "ProjectId" : "${ProjectID}" }, diff --git a/enclave/qtsm-sdk-c/samples/src/test.py b/enclave/qtsm-sdk-c/samples/src/test.py index f5621010a5d0f5bff637b464a7893b517c5a13d5..f11d27523f93bb51410399787bf3f8ab271d70f3 100644 --- a/enclave/qtsm-sdk-c/samples/src/test.py +++ b/enclave/qtsm-sdk-c/samples/src/test.py @@ -2,13 +2,12 @@ import json import subprocess +import os def get_config(): with open("/root/builder/qtsm-sdk-c/samples/src/config.json") as f: Config = json.load(f) IAM = Config['IAM'] - AK = IAM['AK'] - SK = IAM['SK'] KeyId = IAM['KeyId'] ProjectId = IAM['ProjectId'] allProjectId = "/v1.0/" + ProjectId + "/kms/" @@ -21,9 +20,11 @@ def get_config(): KMSEndpoint = Endpoint['KMSEndpoint'] VsockSetting = Config['VsockSetting'] VsockPort = VsockSetting['VsockPort'] - return [AK, SK, VsockPort, Ciphertext, Plaintext, OBSBucket, KeyId, KMSEndpoint, OBSEndpoint, allProjectId] + return [VsockPort, Ciphertext, Plaintext, OBSBucket, KeyId, KMSEndpoint, OBSEndpoint, allProjectId] +sreak = os.environ.get("`SREAK") +sresk = os.environ.get("SRESK") res = get_config() command="/root/builder/qtsm-sdk-c/samples/enclave_demo_bin -a {0} -s {1} -p {2} -c {3} -l {4} -b {5} -k {6} -m {7} -o {8} -j {9}" - .format(res[0], res[1], res[2], res[3], res[4], res[5], res[6], res[7], res[8], res[9]) + .format(sreak, sresk, res[0], res[1], res[2], res[3], res[4], res[5], res[6], res[7]) subprocess.call(command, shell=True)