Hello Asha,

The AES type key should require an application/octet-stream Accept header to 
retrieve the secret as it is a binary type. Please replace 'text/plain' with 
'application/octet-stream' in your curl calls below.

Thanks,
John


From: Asha Seshagiri <asha.seshag...@gmail.com<mailto:asha.seshag...@gmail.com>>
Date: Friday, June 5, 2015 at 2:42 PM
To: openstack-dev 
<openstack-dev@lists.openstack.org<mailto:openstack-dev@lists.openstack.org>>
Cc: Douglas Mendizabal 
<douglas.mendiza...@rackspace.com<mailto:douglas.mendiza...@rackspace.com>>, 
John Wood <john.w...@rackspace.com<mailto:john.w...@rackspace.com>>, "Reller, 
Nathan S." <nathan.rel...@jhuapl.edu<mailto:nathan.rel...@jhuapl.edu>>, Adam 
Harwell <adam.harw...@rackspace.com<mailto:adam.harw...@rackspace.com>>, Paul 
Kehrer <paul.keh...@rackspace.com<mailto:paul.keh...@rackspace.com>>
Subject: Re: Barbican : Retrieval of the secret in text/plain format generated 
from Barbican order resource

Hi All ,

I am currently working on use cases for database and file Encryption.It is 
really important for us to know since my Encryption use case would be using the 
key generated by Barbican through order resource as the key.
The encyption algorithms would not accept the binary format and even if 
converted into ascii , encoding is failing for few of the keys because some 
characters exceeeds the range of ASCII and for some key  after encoding length 
exceeds 32 bytes  which is the maximum length for doing AES encryption.
It would be great if  someone could respond to the query ,since it would block 
my further investigations on Encryption usecases using Babrican

Thanks and Regards,
Asha Seshagiri


On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri 
<asha.seshag...@gmail.com<mailto:asha.seshag...@gmail.com>> wrote:
Hi All,

Unable to retrieve the secret in text/plain format  generated from Barbican 
order resource

Please find the curl command and responses for

Order creation with payload content type as text/plain :

[root@barbican-automation ~]# curl -X POST -H 'content-type:application/json' 
-H "X-Auth-Token:9b211b06669249bb89665df068828ee8" \
> -d '{"type" : "key", "meta": {"name": "secretname2","algorithm": "aes", 
> "bit_length":256,  "mode": "cbc", "payload_content_type": "text/plain"}}'  -k 
> https://169.53.235.102:9311/v1/orders

{"order_ref": 
"https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680"}

Retrieval of the order by ORDER ID in order to get to know the secret generated 
by Barbican

[root@barbican-automation ~]# curl -H 'Accept: application/json' -H 
"X-Auth-Token:9b211b06669249bb89665df068828ee8" \
> -k  https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
{"status": "ACTIVE", "sub_status": "Unknown", "updated": "2015-06-03T19:08:13", 
"created": "2015-06-03T19:08:12", "order_ref": 
"https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680";, 
"secret_ref": 
"https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e";, 
"creator_id": "cedd848a8a9e410196793c601c03b99a", "meta": {"name": 
"secretname2", "algorithm": "aes", "payload_content_type": "text/plain", 
"mode": "cbc", "bit_length": 256, "expiration": null}, "sub_status_message": 
"Unknown", "type": "key"}[root@barbican-automation ~]#


Retrieval of the secret failing with the content type text/plain

[root@barbican-automation ~]# curl -H 'Accept:text/plain' -H 
"X-Auth-Token:9b211b06669249bb89665df068828ee8" -k 
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload
{"code": 500, "description": "Secret payload retrieval failure seen - please 
contact site administrator.", "title": "Internal Server Error"}

I would like to know wheather this is a bug from Barbican side  since Barbican 
allows creation of the order resource with text/plain as the payload_content 
type but the retrieval of the secret payload with the content type text/plain 
is not allowed.

Any help would highly be appreciated.
--
Thanks and Regards,
Asha Seshagiri



--
Thanks and Regards,
Asha Seshagiri
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to