[openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Asha Seshagiri
asha.seshagiri at gmail.com
Tue Jun 9 15:37:23 UTC 2015
Hi Douglas ,
It would be great if you could respond to the email with the explanation
provided in yesterday's IRC meeting so that I can share it with my team.
Thanks and Regards,
Asha Seshagiri
On Mon, Jun 8, 2015 at 2:13 PM, Asha Seshagiri <asha.seshagiri at gmail.com>
wrote:
> Thanks Nate for your response.
> I would need Barbican to generate the key in plain/text format which is
> the human readable form so that I can use that key in Standard Crytp graphy
> libraries in python which takes key as the argument.
> Yeah , text/plain format means the bytes are in base64 format.
>
> Thanks and Regards,
> Asha Seshgiri
>
> On Mon, Jun 8, 2015 at 8:37 AM, Nathan Reller <nathan.s.reller at gmail.com>
> wrote:
>
>> Asha,
>>
>> When you say you want your key in ASCII does that also mean putting
>> the bytes in hex or base64 format? Isn't ASCII only 7 bits?
>>
>> -Nate
>>
>> On Mon, Jun 8, 2015 at 1:17 AM, Asha Seshagiri <asha.seshagiri at gmail.com>
>> wrote:
>> > Thanks John for your response.
>> > I am aware that application/octet-stream works for the retrieval of
>> secret .
>> > We are utilizing the key generated from Barbican in our AES encryption
>> > algorithm . Hence we wanted the response in text/plain format from
>> Barbican
>> > since AES encryption algorithm would need the key of ASCII format which
>> > should be either 16,24 or 32 bytes.
>> >
>> > The AES encyption algorithms would not accept the binary format and
>> even if
>> > binary is converted into ascii , encoding is failing for few of the
>> keys
>> > because some characters exceeeds the range of ASCII and for some keys
>> after
>> > encoding length exceeds 32 bytes which is the maximum length for doing
>> AES
>> > encryption.
>> >
>> > Would like to know the reason behind Barbican not supporting the
>> retrieval
>> > of the secret in text/plain format generated from the order resource in
>> > plain/text format.
>> >
>> > Thanks and Regards,
>> > Asha Seshagiri
>> >
>> > On Sun, Jun 7, 2015 at 11:43 PM, John Wood <john.wood at rackspace.com>
>> wrote:
>> >>
>> >> Hello Asha,
>> >>
>> >> The AES type key should require an application/octet-stream Accept
>> header
>> >> to retrieve the secret as it is a binary type. Please replace
>> ‘text/plain’
>> >> with ‘application/octet-stream’ in your curl calls below.
>> >>
>> >> Thanks,
>> >> John
>> >>
>> >>
>> >> From: Asha Seshagiri <asha.seshagiri at gmail.com>
>> >> Date: Friday, June 5, 2015 at 2:42 PM
>> >> To: openstack-dev <openstack-dev at lists.openstack.org>
>> >> Cc: Douglas Mendizabal <douglas.mendizabal at RACKSPACE.COM>, John Wood
>> >> <john.wood at rackspace.com>, "Reller, Nathan S." <
>> Nathan.Reller at jhuapl.edu>,
>> >> Adam Harwell <adam.harwell at RACKSPACE.COM>, Paul Kehrer
>> >> <paul.kehrer at RACKSPACE.COM>
>> >> Subject: Re: Barbican : Retrieval of the secret in text/plain format
>> >> generated from Barbican order resource
>> >>
>> >> Hi All ,
>> >>
>> >> I am currently working on use cases for database and file
>> Encryption.It is
>> >> really important for us to know since my Encryption use case would be
>> using
>> >> the key generated by Barbican through order resource as the key.
>> >> The encyption algorithms would not accept the binary format and even if
>> >> converted into ascii , encoding is failing for few of the keys because
>> some
>> >> characters exceeeds the range of ASCII and for some key after encoding
>> >> length exceeds 32 bytes which is the maximum length for doing AES
>> >> encryption.
>> >> It would be great if someone could respond to the query ,since it
>> would
>> >> block my further investigations on Encryption usecases using Babrican
>> >>
>> >> Thanks and Regards,
>> >> Asha Seshagiri
>> >>
>> >>
>> >> On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri <
>> asha.seshagiri at gmail.com>
>> >> wrote:
>> >>>
>> >>> Hi All,
>> >>>
>> >>> Unable to retrieve the secret in text/plain format generated from
>> >>> Barbican order resource
>> >>>
>> >>> Please find the curl command and responses for
>> >>>
>> >>> Order creation with payload content type as text/plain :
>> >>>
>> >>> [root at barbican-automation ~]# curl -X POST -H
>> >>> 'content-type:application/json' -H
>> >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \
>> >>> > -d '{"type" : "key", "meta": {"name": "secretname2","algorithm":
>> "aes",
>> >>> > "bit_length":256, "mode": "cbc", "payload_content_type":
>> "text/plain"}}'
>> >>> > -k https://169.53.235.102:9311/v1/orders
>> >>>
>> >>> {"order_ref":
>> >>> "
>> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
>> "}
>> >>>
>> >>> Retrieval of the order by ORDER ID in order to get to know the secret
>> >>> generated by Barbican
>> >>>
>> >>> [root at barbican-automation ~]# curl -H 'Accept: application/json' -H
>> >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \
>> >>> > -k
>> >>> >
>> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
>> >>> {"status": "ACTIVE", "sub_status": "Unknown", "updated":
>> >>> "2015-06-03T19:08:13", "created": "2015-06-03T19:08:12", "order_ref":
>> >>> "
>> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
>> ",
>> >>> "secret_ref":
>> >>> "
>> https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e
>> ",
>> >>> "creator_id": "cedd848a8a9e410196793c601c03b99a", "meta": {"name":
>> >>> "secretname2", "algorithm": "aes", "payload_content_type":
>> "text/plain",
>> >>> "mode": "cbc", "bit_length": 256, "expiration": null},
>> "sub_status_message":
>> >>> "Unknown", "type": "key"}[root at barbican-automation ~]#
>> >>>
>> >>>
>> >>> Retrieval of the secret failing with the content type text/plain
>> >>>
>> >>> [root at barbican-automation ~]# curl -H 'Accept:text/plain' -H
>> >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" -k
>> >>>
>> https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload
>> >>> {"code": 500, "description": "Secret payload retrieval failure seen -
>> >>> please contact site administrator.", "title": "Internal Server Error"}
>> >>>
>> >>> I would like to know wheather this is a bug from Barbican side since
>> >>> Barbican allows creation of the order resource with text/plain as the
>> >>> payload_content type but the retrieval of the secret payload with the
>> >>> content type text/plain is not allowed.
>> >>>
>> >>> Any help would highly be appreciated.
>> >>> --
>> >>> Thanks and Regards,
>> >>> Asha Seshagiri
>> >>
>> >>
>> >>
>> >>
>> >> --
>> >> Thanks and Regards,
>> >> Asha Seshagiri
>> >
>> >
>> >
>> >
>> > --
>> > Thanks and Regards,
>> > Asha Seshagiri
>> >
>> >
>> __________________________________________________________________________
>> > OpenStack Development Mailing List (not for usage questions)
>> > Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> >
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
>
>
> --
> *Thanks and Regards,*
> *Asha Seshagiri*
>
--
*Thanks and Regards,*
*Asha Seshagiri*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150609/970e547f/attachment.html>
More information about the OpenStack-dev
mailing list