Skip to content
This repository has been archived by the owner on Dec 31, 2023. It is now read-only.

docs: update README for attestation verification scripts #151

Merged
merged 4 commits into from Jul 29, 2021
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
54 changes: 37 additions & 17 deletions samples/attestations/README.rst
Expand Up @@ -4,7 +4,7 @@ Google Cloud Key Management Service Python Samples
===============================================================================

.. image:: https://gstatic.com/cloudssh/images/open-btn.png
:target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=kms/attestations/README.rst
:target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/googleapis/python-kms&page=editor&open_in_editor=samples/attestations/README.rst


This directory contains samples for Google Cloud Key Management Service. The `Cloud Key Management Service`_ allows you to create, import, and manage cryptographic keys and perform cryptographic operations in a single centralized cloud service.
Expand All @@ -14,6 +14,10 @@ This directory contains samples for Google Cloud Key Management Service. The `Cl

.. _Google Cloud Key Management Service: https://cloud.google.com/kms/docs/





Setup
-------------------------------------------------------------------------------

Expand All @@ -32,36 +36,57 @@ Install Dependencies
.. _Python Development Environment Setup Guide:
https://cloud.google.com/python/setup

#. Create a virtualenv. Samples are compatible with Python 3.6+.
#. Create a virtualenv. Samples are compatible with Python 2.7 and 3.4+.

.. code-block:: bash

$ virtualenv env
$ source env/bin/activate

#. Install the dependencies needed to run the samples.

.. code-block:: bash

$ pip install -r requirements.txt

.. _pip: https://pip.pypa.io/
.. _virtualenv: https://virtualenv.pypa.io/

Samples
-------------------------------------------------------------------------------

Verify attestations and certificate chains for keys generated by Cloud HSM
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

.. image:: https://gstatic.com/cloudssh/images/open-btn.png
:target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=samples/attestations/verify_attestation_chains.py,samples/attestations/README.rst
parthea marked this conversation as resolved.
Show resolved Hide resolved



Samples
-------------------------------------------------------------------------------

To run this sample:

.. code-block:: bash

$ python verify_attestation_chains.py

usage: verify_attestation_chains.py [-h] [--certificates CERTIFICATES]
[--attestation ATTESTATION]

This application verifies HSM attestations using certificate chains
obtained from Cloud HSM and the HSM manufacturer.

For more information, visit https://cloud.google.com/kms/docs/attest-key.

optional arguments:
-h, --help show this help message and exit
--certificates CERTIFICATES
The certificate chains filename.
--attestation ATTESTATION
The attestation filename.



Verify attestations for keys generated by Cloud HSM
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

.. image:: https://gstatic.com/cloudssh/images/open-btn.png
:target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=kms/attestations/verify_attestation.py,kms/attestations/README.rst
:target: https://console.cloud.google.com/cloudshell/open?git_repo=https://github.com/GoogleCloudPlatform/python-docs-samples&page=editor&open_in_editor=samples/attestations/verify_attestation.py,samples/attestations/README.rst



Expand All @@ -72,12 +97,11 @@ To run this sample:

$ python verify_attestation.py


usage: verify_attestation.py [-h] attestation_file bundle_file

This application verifies HSM attestations using certificate bundles obtained
from Cloud HSM. For more information, visit
https://cloud.google.com/kms/docs/attest-key.
from Cloud HSM. For more information, visit https://cloud.google.com/kms/docs
/attest-key.

positional arguments:
attestation_file Name of attestation file.
Expand All @@ -90,8 +114,4 @@ To run this sample:







.. _Google Cloud SDK: https://cloud.google.com/sdk/
3 changes: 2 additions & 1 deletion samples/attestations/README.rst.in
Expand Up @@ -19,4 +19,5 @@ samples:
file: verify_attestation.py
show_help: True

folder: kms/attestations
folder: samples/attestations

3 changes: 2 additions & 1 deletion samples/attestations/verify_attestation_chains.py
Expand Up @@ -13,7 +13,8 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""This application verifies HSM certificate chains.
"""This application verifies HSM attestations using certificate chains
obtained from Cloud HSM and the HSM manufacturer.

For more information, visit https://cloud.google.com/kms/docs/attest-key.
"""
Expand Down