[openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Asha Seshagiri
asha.seshagiri at gmail.com
Mon Jun 8 19:13:14 UTC 2015
Thanks Nate for your response.
I would need Barbican to generate the key in plain/text format which is the
human readable form so that I can use that key in Standard Crytp graphy
libraries in python which takes key as the argument.
Yeah , text/plain format means the bytes are in base64 format.
Thanks and Regards,
Asha Seshgiri
On Mon, Jun 8, 2015 at 8:37 AM, Nathan Reller <nathan.s.reller at gmail.com>
wrote:
> Asha,
>
> When you say you want your key in ASCII does that also mean putting
> the bytes in hex or base64 format? Isn't ASCII only 7 bits?
>
> -Nate
>
> On Mon, Jun 8, 2015 at 1:17 AM, Asha Seshagiri <asha.seshagiri at gmail.com>
> wrote:
> > Thanks John for your response.
> > I am aware that application/octet-stream works for the retrieval of
> secret .
> > We are utilizing the key generated from Barbican in our AES encryption
> > algorithm . Hence we wanted the response in text/plain format from
> Barbican
> > since AES encryption algorithm would need the key of ASCII format which
> > should be either 16,24 or 32 bytes.
> >
> > The AES encyption algorithms would not accept the binary format and even
> if
> > binary is converted into ascii , encoding is failing for few of the keys
> > because some characters exceeeds the range of ASCII and for some keys
> after
> > encoding length exceeds 32 bytes which is the maximum length for doing
> AES
> > encryption.
> >
> > Would like to know the reason behind Barbican not supporting the
> retrieval
> > of the secret in text/plain format generated from the order resource in
> > plain/text format.
> >
> > Thanks and Regards,
> > Asha Seshagiri
> >
> > On Sun, Jun 7, 2015 at 11:43 PM, John Wood <john.wood at rackspace.com>
> wrote:
> >>
> >> Hello Asha,
> >>
> >> The AES type key should require an application/octet-stream Accept
> header
> >> to retrieve the secret as it is a binary type. Please replace
> ‘text/plain’
> >> with ‘application/octet-stream’ in your curl calls below.
> >>
> >> Thanks,
> >> John
> >>
> >>
> >> From: Asha Seshagiri <asha.seshagiri at gmail.com>
> >> Date: Friday, June 5, 2015 at 2:42 PM
> >> To: openstack-dev <openstack-dev at lists.openstack.org>
> >> Cc: Douglas Mendizabal <douglas.mendizabal at RACKSPACE.COM>, John Wood
> >> <john.wood at rackspace.com>, "Reller, Nathan S." <
> Nathan.Reller at jhuapl.edu>,
> >> Adam Harwell <adam.harwell at RACKSPACE.COM>, Paul Kehrer
> >> <paul.kehrer at RACKSPACE.COM>
> >> Subject: Re: Barbican : Retrieval of the secret in text/plain format
> >> generated from Barbican order resource
> >>
> >> Hi All ,
> >>
> >> I am currently working on use cases for database and file Encryption.It
> is
> >> really important for us to know since my Encryption use case would be
> using
> >> the key generated by Barbican through order resource as the key.
> >> The encyption algorithms would not accept the binary format and even if
> >> converted into ascii , encoding is failing for few of the keys because
> some
> >> characters exceeeds the range of ASCII and for some key after encoding
> >> length exceeds 32 bytes which is the maximum length for doing AES
> >> encryption.
> >> It would be great if someone could respond to the query ,since it would
> >> block my further investigations on Encryption usecases using Babrican
> >>
> >> Thanks and Regards,
> >> Asha Seshagiri
> >>
> >>
> >> On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri <
> asha.seshagiri at gmail.com>
> >> wrote:
> >>>
> >>> Hi All,
> >>>
> >>> Unable to retrieve the secret in text/plain format generated from
> >>> Barbican order resource
> >>>
> >>> Please find the curl command and responses for
> >>>
> >>> Order creation with payload content type as text/plain :
> >>>
> >>> [root at barbican-automation ~]# curl -X POST -H
> >>> 'content-type:application/json' -H
> >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \
> >>> > -d '{"type" : "key", "meta": {"name": "secretname2","algorithm":
> "aes",
> >>> > "bit_length":256, "mode": "cbc", "payload_content_type":
> "text/plain"}}'
> >>> > -k https://169.53.235.102:9311/v1/orders
> >>>
> >>> {"order_ref":
> >>> "
> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
> "}
> >>>
> >>> Retrieval of the order by ORDER ID in order to get to know the secret
> >>> generated by Barbican
> >>>
> >>> [root at barbican-automation ~]# curl -H 'Accept: application/json' -H
> >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \
> >>> > -k
> >>> >
> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
> >>> {"status": "ACTIVE", "sub_status": "Unknown", "updated":
> >>> "2015-06-03T19:08:13", "created": "2015-06-03T19:08:12", "order_ref":
> >>> "
> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
> ",
> >>> "secret_ref":
> >>> "
> https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e
> ",
> >>> "creator_id": "cedd848a8a9e410196793c601c03b99a", "meta": {"name":
> >>> "secretname2", "algorithm": "aes", "payload_content_type":
> "text/plain",
> >>> "mode": "cbc", "bit_length": 256, "expiration": null},
> "sub_status_message":
> >>> "Unknown", "type": "key"}[root at barbican-automation ~]#
> >>>
> >>>
> >>> Retrieval of the secret failing with the content type text/plain
> >>>
> >>> [root at barbican-automation ~]# curl -H 'Accept:text/plain' -H
> >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" -k
> >>>
> https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload
> >>> {"code": 500, "description": "Secret payload retrieval failure seen -
> >>> please contact site administrator.", "title": "Internal Server Error"}
> >>>
> >>> I would like to know wheather this is a bug from Barbican side since
> >>> Barbican allows creation of the order resource with text/plain as the
> >>> payload_content type but the retrieval of the secret payload with the
> >>> content type text/plain is not allowed.
> >>>
> >>> Any help would highly be appreciated.
> >>> --
> >>> Thanks and Regards,
> >>> Asha Seshagiri
> >>
> >>
> >>
> >>
> >> --
> >> Thanks and Regards,
> >> Asha Seshagiri
> >
> >
> >
> >
> > --
> > Thanks and Regards,
> > Asha Seshagiri
> >
> >
> __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
--
*Thanks and Regards,*
*Asha Seshagiri*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150608/01c43f6a/attachment.html>
More information about the OpenStack-dev
mailing list