Excerpts from Matthieu Huin's message of 2017-03-21 18:43:49 +0100: > Hello James, > > Thanks for opening the discussion on this topic. I'd like to mention that a > very common type of secrets that are used in Continuous Deployments > scenarios are SSH keys. Correct me if I am wrong, but PKCS#1 wouldn't > qualify if standard keys were to be stored.
You could store a key, just not a 4096 bit key. PKCS#1 has a header/padding of something like 12 bytes, and then you need a hash in there, so for SHA1 that's 160 bits or 20 bytes, SHA256 is 256 bites so 32 bytes. So with a 4096 bit (512 bytes) Zuul key, you can encrypt 480 bytes of plaintext, or 468 with sha256. That's enough for a 3072 bit (384 bytes) SSH key. An uncommon size, but RSA says' they're good past 2030: https://www.emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm It's a little cramped, but hey, this is the age of tiny houses, maybe we should make do with what we have. __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
