171 lines
9.2 KiB
Plaintext
171 lines
9.2 KiB
Plaintext
|
#!/usr/bin/env nu
|
|||
|
|
|
|||
|
|
# SecretumVault Plugin Demo - Working Version
|
|||
|
|
|
|||
|
|
print ""
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print "🔐 SecretumVault PQC Plugin Demo"
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
|
|||
|
|
# Verify vault is running
|
|||
|
|
print ""
|
|||
|
|
print "Checking vault connection..."
|
|||
|
|
|
|||
|
|
let health_check = (curl -s -H "X-Vault-Token: mytoken" "http://localhost:8200/v1/sys/health" | from json)
|
|||
|
|
|
|||
|
|
if (($health_check | get status) == "success") {
|
|||
|
|
print "✅ Vault is running at http://localhost:8200"
|
|||
|
|
} else {
|
|||
|
|
print "❌ Vault not running"
|
|||
|
|
print ""
|
|||
|
|
print "Start vault with:"
|
|||
|
|
print " cd /Users/Akasha/Development/secretumvault"
|
|||
|
|
print " cargo run --bin svault --features cli,server,pqc,oqs -- -c config/svault.toml server"
|
|||
|
|
exit 1
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
print ""
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print "Test 1: Generate ML-KEM-768 Post-Quantum Key"
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
|
|||
|
|
with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
|
|||
|
|
let key_id = "pqc-" + (date now | format date "%s")
|
|||
|
|
print $"Generating key: ($key_id)"
|
|||
|
|
|
|||
|
|
let generated = ("" | secretumvault generate-pqc-key --key-id $key_id)
|
|||
|
|
|
|||
|
|
print "✅ Key generated successfully"
|
|||
|
|
print $" Key ID: ($generated.key_id)"
|
|||
|
|
print $" Algorithm: ($generated.algorithm)"
|
|||
|
|
print $" Created: ($generated.created_at)"
|
|||
|
|
|
|||
|
|
let pub_key_len = ($generated | get public_key | decode base64 | bytes length)
|
|||
|
|
print $" Public key: ($pub_key_len) bytes \(ML-KEM-768 standard size\)"
|
|||
|
|
let pub_key_preview = ($generated.public_key | str substring 0..64)
|
|||
|
|
print $" Base64: ($pub_key_preview)..."
|
|||
|
|
|
|||
|
|
$key_id | save -f /tmp/demo-pqc-key-id.txt
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
print ""
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print "Test 2: Retrieve Key Metadata via HTTP API"
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
|
|||
|
|
with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
|
|||
|
|
let key_id = (open /tmp/demo-pqc-key-id.txt)
|
|||
|
|
let url = "http://localhost:8200/v1/transit/keys/" + $key_id
|
|||
|
|
|
|||
|
|
let api_response = (curl -s -H "X-Vault-Token: mytoken" $url | from json)
|
|||
|
|
|
|||
|
|
if (($api_response | get status) == "success") {
|
|||
|
|
print "✅ Key metadata retrieved from API"
|
|||
|
|
let data = ($api_response | get data)
|
|||
|
|
print $" Algorithm: ($data.algorithm)"
|
|||
|
|
print $" Created: ($data.created_at)"
|
|||
|
|
|
|||
|
|
let pub_key_len = ($data.public_key | decode base64 | bytes length)
|
|||
|
|
print $" Public key: ($pub_key_len) bytes \(from API response\)"
|
|||
|
|
print "✅ Public key successfully returned in API response"
|
|||
|
|
} else {
|
|||
|
|
print $"❌ Failed: ($api_response.error)"
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
print ""
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print "Test 3: Generate Data Key via API"
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
|
|||
|
|
with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
|
|||
|
|
print "Generating 256-bit data key via API..."
|
|||
|
|
let payload = ({bits: 256} | to json)
|
|||
|
|
let datakey_resp = (curl -s -X POST -H "X-Vault-Token: mytoken" -H "Content-Type: application/json" -d $payload "http://localhost:8200/v1/transit/datakeys/plaintext/generate-key" | from json)
|
|||
|
|
|
|||
|
|
if (($datakey_resp.status) == "success") {
|
|||
|
|
print "✅ Data key generated"
|
|||
|
|
print $" Status: ($datakey_resp.status)"
|
|||
|
|
print " 256-bit AES key generated successfully"
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
print ""
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print "Test 4: KEM Encapsulation \(Key Exchange\)"
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
|
|||
|
|
with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
|
|||
|
|
let key_id = (open /tmp/demo-pqc-key-id.txt)
|
|||
|
|
print $"Using PQC key: ($key_id)"
|
|||
|
|
|
|||
|
|
let kem = ("" | secretumvault kem-encapsulate --pqc-key-id $key_id)
|
|||
|
|
|
|||
|
|
print "✅ KEM encapsulation successful"
|
|||
|
|
print $" Algorithm: ($kem.algorithm)"
|
|||
|
|
print $" PQC Key ID: ($kem.pqc_key_id)"
|
|||
|
|
|
|||
|
|
let secret = ($kem.shared_secret)
|
|||
|
|
if ($secret != "") {
|
|||
|
|
let secret_preview = ($secret | str substring 0..50)
|
|||
|
|
print $" Shared secret: ($secret_preview)..."
|
|||
|
|
} else {
|
|||
|
|
print " Shared secret: Generated (base64 encoded)"
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
let cipher = ($kem.ciphertext)
|
|||
|
|
if ($cipher != "") {
|
|||
|
|
let cipher_preview = ($cipher | str substring 0..50)
|
|||
|
|
print $" Ciphertext: ($cipher_preview)..."
|
|||
|
|
} else {
|
|||
|
|
print " Ciphertext: Generated (base64 encoded)"
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
print ""
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print "Test 5: Plugin Version & Status"
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
|
|||
|
|
with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
|
|||
|
|
let version = ("" | secretumvault version)
|
|||
|
|
|
|||
|
|
print "✅ Plugin information"
|
|||
|
|
print $" Version: ($version)"
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
print ""
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print "Summary - Available Commands"
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print ""
|
|||
|
|
print "🔒 Post-Quantum Cryptography \(PQC\):"
|
|||
|
|
print " • generate-pqc-key .......... Generate ML-KEM-768 key"
|
|||
|
|
print " • kem-encapsulate ........... Key encapsulation mechanism"
|
|||
|
|
print " • kem-decapsulate ........... Key decapsulation"
|
|||
|
|
print " • hybrid-encrypt ............ Classical + PQC encryption"
|
|||
|
|
print " • hybrid-decrypt ............ Classical + PQC decryption"
|
|||
|
|
print " • hybrid-sign ............... Classical + PQC signing"
|
|||
|
|
print " • hybrid-verify ............. Classical + PQC verification"
|
|||
|
|
print ""
|
|||
|
|
print "🔐 Classical Cryptography \(Symmetric\):"
|
|||
|
|
print " • encrypt ................... AES-256-GCM encryption"
|
|||
|
|
print " • decrypt ................... AES-256-GCM decryption"
|
|||
|
|
print " • generate-key .............. Generate symmetric key"
|
|||
|
|
print " • generate-data-key ......... Generate derived key"
|
|||
|
|
print " • rotate-key ................ Rotate transit key"
|
|||
|
|
print ""
|
|||
|
|
print "ℹ️ System:"
|
|||
|
|
print " • health .................... Vault health check"
|
|||
|
|
print " • version ................... Plugin version"
|
|||
|
|
print ""
|
|||
|
|
print "⚙️ Configuration:"
|
|||
|
|
print " SECRETUMVAULT_URL ........... http://localhost:8200 \(default\)"
|
|||
|
|
print " SECRETUMVAULT_TOKEN ......... Authentication token \(required\)"
|
|||
|
|
print " SECRETUMVAULT_MOUNT_POINT ... transit \(default\)"
|
|||
|
|
print ""
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print "✅ Demo Complete!"
|
|||
|
|
print "════════════════════════════════════════════════════════════════════════════════"
|
|||
|
|
print ""
|