Python Developer Solutions
Encryption and Key Management for Compliance
A variety of compliance regulations now require that Enterprise customers separate encryption keys from the data that they protect. For Python developers this means storing encryption keys on an external appliance designed for this purpose, and securely retrieving encryption keys in Python applications as they are needed for encryption and decryption tasks. Alliance Key Manager is an affordable solution that meets all compliance regulations for the secure creation, management, storage, and distribution of encryption keys. Alliance Key Manager is FIPS-140-2 certified (certificate number 1449) and is perfect for use in Python applications.
Where there are some AES encryption libraries for Python (see PyCrypto), encryption can be a challenge for Python developers. The Alliance AES Encryption libraries for Linux and Unix platform provide the Python developer a way to incorporate NIST-certified AES encryption into their Python applications.
Python Encryption Key Retrieval
Any application that can create a secure and authenticated TLS connection to the Alliance Key Manager can request and receive encryption keys for use in their applications. Python directly supports TLS communications with the TLS Lite library and can retrieve keys from AKM. You can store the client side certificate and private key files on your local system and reference them in your Python application, make the TLS connection, format the key retrieval request, and retrieve an encryption key for use in your applications.
Wire Protocol Eliminates Libraries
The interface to the Alliance Key Manager is a “wire” protocol. This means that there is no client side software required for key retrieval. You will not need to write wrapper code around shared libraries, or use similar techniques for key retrieval. The Python language has all of the required features needed to retrieve keys using TLS Lite. This also means that you will not have complex package update requirements for your Linux or Unix operating environment.
Alliance Key Manager Documentation and Sample Code
The Alliance Key Manager product CD contains documentation on the use of the Alliance Key Manager.
Encryption Key Management APIs
Most Enterprise customers use the Linux security administrator’s command line application, or the Alliance Windows key management application, to create and manage encryption keys on the Alliance Key Manager appliance. However there are certain applications that need to perform key management functions under program control. Through the Linux command line console application, Alliance Key Manager provides commands to enable all of the normal encryption key management functions including creating encryption keys, rotating keys, revoking keys, and so forth. More than 80 commands are provided for every aspect of key management. You can create your own Python interfaces to the command line application to manage keys.
AES Encryption Libraries
Townsend Security provides NIST-certified AES encryption libraries on a wide variety of platforms including Windows, Linux and Unix. On Linux and Unix systems the software is delivered as a shared library in the package format appropriate for the OS, on Windows the software is delivered as a .NET assembly or DLL. You can use Python “ctype” interfaces to access these AES encryption functions. These AES libraries are NIST certified through the AES Validation program, and interoperate with Townsend AES libraries on a variety of other platforms including Linux, Unix, IBM i (AS/400, iSeries), and IBM System z Mainframe platforms. You can encrypt on one platform and decrypt on a different platform without exposing the data during transport.
Tokenization for Python Developers
Tokenization is an alternative data protection method that preserves the format of the original data. The Townsend Alliance Token Manager solution provides tokenization services to Python applications and applications on all over major operating systems.
