Open Stack

Excerpts from Matthieu Huin's message of 2017-03-21 18:43:49 +0100:
> Hello James,
> 
> Thanks for opening the discussion on this topic. I'd like to mention that a
> very common type of secrets that are used in Continuous Deployments
> scenarios are SSH keys. Correct me if I am wrong, but PKCS#1 wouldn't
> qualify if standard keys were to be stored.

You could store a key, just not a 4096 bit key.

PKCS#1 has a header/padding of something like 12 bytes, and then you
need a hash in there, so for SHA1 that's 160 bits or 20 bytes, SHA256
is 256 bites so 32 bytes. So with a 4096 bit (512 bytes) Zuul key, you
can encrypt 480 bytes of plaintext, or 468 with sha256. That's enough
for a 3072 bit (384 bytes) SSH key. An uncommon size, but RSA says'
they're good past 2030:

https://www.emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm

It's a little cramped, but hey, this is the age of tiny houses, maybe we
should make do with what we have.