nethsm: Support key import from PEM files

The nethsm SDK v1.1.0 added support for importing keys from PEM files. This patch adds an import-key subcommand to pynitrokey. Fixes: #537
Nitrokey · May 3, 2024 · 3d24951 · 3d24951
1 parent 66b43d5
commit 3d24951
Showing 1 changed file with 50 additions and 0 deletions.
diff --git a/pynitrokey/cli/nethsm.py b/pynitrokey/cli/nethsm.py
@@ -720,6 +720,56 @@ def add_key(
         print(f"Key {key_id} added to NetHSM {nethsm.host}")
 
 
+@nethsm.command()
+@click.option(
+    "-m",
+    "--mechanism",
+    "mechanisms",
+    type=MECHANISM_TYPE,
+    multiple=True,
+    help="The mechanisms for the new key",
+)
+@click.option(
+    "--tags",
+    type=str,
+    multiple=True,
+    help="The tags for the new key",
+)
+@click.option(
+    "-k",
+    "--key-id",
+    help="The ID of the new key",
+)
+@click.argument("filename")
+@click.pass_context
+def import_key(
+    ctx: Context,
+    mechanisms: list[str],
+    tags: list[str],
+    key_id: Optional[str],
+    filename: str,
+) -> None:
+    """Import a key pair from a PEM file into the NetHSM.
+
+    If the key ID is not set, it is generated by the NetHSM.
+
+    This command requires authentication as a user with the Administrator
+    role."""
+    mechanisms = list(mechanisms)
+
+    with open(filename) as f:
+        private_key = f.read()
+
+    with connect(ctx) as nethsm:
+        key_id = nethsm.add_key_pem(
+            key_id=key_id,
+            mechanisms=[nethsm_sdk.KeyMechanism.from_string(m) for m in mechanisms],
+            tags=tags,
+            private_key=private_key,
+        )
+        print(f"Key {key_id} added to NetHSM {nethsm.host}")
+
+
 @nethsm.command()
 @click.option(
     "type",