Sure John . Thanks a lot John for your response. I would like Barbican to support the retrieval of the secret in plain/text format generated from the order resource.Since it is very important for our Encryption usecase which is dependent on the key generated from Barbican.
I would like to know your opinion. Thanks and Regards, Asha Seshagiri On Mon, Jun 8, 2015 at 8:36 AM, John Wood <[email protected]> wrote: > Hello Asha, > > Barbican is not yet supporting the conversion of secrets of one format > to another. If you have thoughts on desired conversions however, please > mentioned them in this thread, or else consider mentioning them in our > weekly IRC meeting (freenode #openstack-meeting-alt at 3pm CDT). > > Thanks, > John > > > > From: Asha Seshagiri <[email protected]> > Date: Monday, June 8, 2015 at 12:17 AM > To: John Wood <[email protected]> > Cc: openstack-dev <[email protected]>, Douglas Mendizabal > <[email protected]>, "Reller, Nathan S." < > [email protected]>, Adam Harwell <[email protected]>, > Paul Kehrer <[email protected]> > > Subject: Re: Barbican : Retrieval of the secret in text/plain format > generated from Barbican order resource > > Thanks John for your response. > I am aware that application/octet-stream works for the retrieval of secret > . > We are utilizing the key generated from Barbican in our AES encryption > algorithm . Hence we wanted the response in text/plain format from > Barbican since AES encryption algorithm would need the key of ASCII format > which should be either 16,24 or 32 bytes. > > The AES encyption algorithms would not accept the binary format and even > if binary is converted into ascii , encoding is failing for few of the > keys because some characters exceeeds the range of ASCII and for some keys > after encoding length exceeds 32 bytes which is the maximum length for > doing AES encryption. > > Would like to know the reason behind Barbican not supporting > the retrieval of the secret in text/plain format generated from the order > resource in plain/text format. > > Thanks and Regards, > Asha Seshagiri > > On Sun, Jun 7, 2015 at 11:43 PM, John Wood <[email protected]> > wrote: > >> Hello Asha, >> >> The AES type key should require an application/octet-stream Accept >> header to retrieve the secret as it is a binary type. Please replace >> ‘text/plain’ with ‘application/octet-stream’ in your curl calls below. >> >> Thanks, >> John >> >> >> From: Asha Seshagiri <[email protected]> >> Date: Friday, June 5, 2015 at 2:42 PM >> To: openstack-dev <[email protected]> >> Cc: Douglas Mendizabal <[email protected]>, John Wood < >> [email protected]>, "Reller, Nathan S." <[email protected]>, >> Adam Harwell <[email protected]>, Paul Kehrer < >> [email protected]> >> Subject: Re: Barbican : Retrieval of the secret in text/plain format >> generated from Barbican order resource >> >> Hi All , >> >> I am currently working on use cases for database and file Encryption.It >> is really important for us to know since my Encryption use case would be >> using the key generated by Barbican through order resource as the key. >> The encyption algorithms would not accept the binary format and even if >> converted into ascii , encoding is failing for few of the keys because some >> characters exceeeds the range of ASCII and for some key after encoding >> length exceeds 32 bytes which is the maximum length for doing AES >> encryption. >> It would be great if someone could respond to the query ,since it would >> block my further investigations on Encryption usecases using Babrican >> >> Thanks and Regards, >> Asha Seshagiri >> >> >> On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri <[email protected]> >> wrote: >> >>> Hi All, >>> >>> Unable to retrieve the secret in text/plain format generated from >>> Barbican order resource >>> >>> Please find the curl command and responses for >>> >>> *Order creation with payload content type as text/plain* : >>> >>> [root@barbican-automation ~]# curl -X POST -H >>> 'content-type:application/json' -H >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \ >>> > -d '{"type" : "key", "meta": {"name": "secretname2","algorithm": >>> "aes", "bit_length":256, "mode": "cbc", "payload_content_type": >>> *"text/plain"*}}' -k https://169.53.235.102:9311/v1/orders >>> >>> *{"order_ref": >>> "https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680 >>> <https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680>* >>> "} >>> >>> *Retrieval of the order by ORDER ID in order to get to know the secret >>> generated by Barbican* >>> >>> [root@barbican-automation ~]# curl -H 'Accept: application/json' -H >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \ >>> > -k >>> > *https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680 >>> <https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680>* >>> {"status": "ACTIVE", "sub_status": "Unknown", "updated": >>> "2015-06-03T19:08:13", "created": "2015-06-03T19:08:12", "order_ref": " >>> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680";, >>> "secret_ref": >>> "*https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e >>> <https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e>*", >>> "creator_id": "cedd848a8a9e410196793c601c03b99a", "meta": {"name": >>> "secretname2", "algorithm": "aes", "payload_content_type": "text/plain", >>> "mode": "cbc", "bit_length": 256, "expiration": null}, >>> "sub_status_message": "Unknown", "type": "key"}[root@barbican-automation >>> ~]# >>> >>> >>> *Retrieval of the secret failing with the content type text/plain* >>> >>> [root@barbican-automation ~]# curl -H 'Accept:text/plain' -H >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" -k >>> *https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload >>> <https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload>* >>> *{"code": 500, "description": "Secret payload retrieval failure seen - >>> please contact site administrator.", "title": "Internal Server Error"}* >>> >>> I would like to know wheather this is a bug from Barbican side since >>> Barbican allows creation of the order resource with text/plain as the >>> payload_content type but the retrieval of the secret payload with the >>> content type text/plain is not allowed. >>> >>> Any help would highly be appreciated. >>> -- >>> *Thanks and Regards,* >>> *Asha Seshagiri* >>> >> >> >> >> -- >> *Thanks and Regards,* >> *Asha Seshagiri* >> > > > > -- > *Thanks and Regards,* > *Asha Seshagiri* > -- *Thanks and Regards,* *Asha Seshagiri*
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
