Thanks Nate for your response. I would need Barbican to generate the key in plain/text format which is the human readable form so that I can use that key in Standard Crytp graphy libraries in python which takes key as the argument. Yeah , text/plain format means the bytes are in base64 format.
Thanks and Regards, Asha Seshgiri On Mon, Jun 8, 2015 at 8:37 AM, Nathan Reller <[email protected]> wrote: > Asha, > > When you say you want your key in ASCII does that also mean putting > the bytes in hex or base64 format? Isn't ASCII only 7 bits? > > -Nate > > On Mon, Jun 8, 2015 at 1:17 AM, Asha Seshagiri <[email protected]> > wrote: > > Thanks John for your response. > > I am aware that application/octet-stream works for the retrieval of > secret . > > We are utilizing the key generated from Barbican in our AES encryption > > algorithm . Hence we wanted the response in text/plain format from > Barbican > > since AES encryption algorithm would need the key of ASCII format which > > should be either 16,24 or 32 bytes. > > > > The AES encyption algorithms would not accept the binary format and even > if > > binary is converted into ascii , encoding is failing for few of the keys > > because some characters exceeeds the range of ASCII and for some keys > after > > encoding length exceeds 32 bytes which is the maximum length for doing > AES > > encryption. > > > > Would like to know the reason behind Barbican not supporting the > retrieval > > of the secret in text/plain format generated from the order resource in > > plain/text format. > > > > Thanks and Regards, > > Asha Seshagiri > > > > On Sun, Jun 7, 2015 at 11:43 PM, John Wood <[email protected]> > wrote: > >> > >> Hello Asha, > >> > >> The AES type key should require an application/octet-stream Accept > header > >> to retrieve the secret as it is a binary type. Please replace > ‘text/plain’ > >> with ‘application/octet-stream’ in your curl calls below. > >> > >> Thanks, > >> John > >> > >> > >> From: Asha Seshagiri <[email protected]> > >> Date: Friday, June 5, 2015 at 2:42 PM > >> To: openstack-dev <[email protected]> > >> Cc: Douglas Mendizabal <[email protected]>, John Wood > >> <[email protected]>, "Reller, Nathan S." < > [email protected]>, > >> Adam Harwell <[email protected]>, Paul Kehrer > >> <[email protected]> > >> Subject: Re: Barbican : Retrieval of the secret in text/plain format > >> generated from Barbican order resource > >> > >> Hi All , > >> > >> I am currently working on use cases for database and file Encryption.It > is > >> really important for us to know since my Encryption use case would be > using > >> the key generated by Barbican through order resource as the key. > >> The encyption algorithms would not accept the binary format and even if > >> converted into ascii , encoding is failing for few of the keys because > some > >> characters exceeeds the range of ASCII and for some key after encoding > >> length exceeds 32 bytes which is the maximum length for doing AES > >> encryption. > >> It would be great if someone could respond to the query ,since it would > >> block my further investigations on Encryption usecases using Babrican > >> > >> Thanks and Regards, > >> Asha Seshagiri > >> > >> > >> On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri < > [email protected]> > >> wrote: > >>> > >>> Hi All, > >>> > >>> Unable to retrieve the secret in text/plain format generated from > >>> Barbican order resource > >>> > >>> Please find the curl command and responses for > >>> > >>> Order creation with payload content type as text/plain : > >>> > >>> [root@barbican-automation ~]# curl -X POST -H > >>> 'content-type:application/json' -H > >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \ > >>> > -d '{"type" : "key", "meta": {"name": "secretname2","algorithm": > "aes", > >>> > "bit_length":256, "mode": "cbc", "payload_content_type": > "text/plain"}}' > >>> > -k https://169.53.235.102:9311/v1/orders > >>> > >>> {"order_ref": > >>> " > https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680 > "} > >>> > >>> Retrieval of the order by ORDER ID in order to get to know the secret > >>> generated by Barbican > >>> > >>> [root@barbican-automation ~]# curl -H 'Accept: application/json' -H > >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \ > >>> > -k > >>> > > https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680 > >>> {"status": "ACTIVE", "sub_status": "Unknown", "updated": > >>> "2015-06-03T19:08:13", "created": "2015-06-03T19:08:12", "order_ref": > >>> " > https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680 > ", > >>> "secret_ref": > >>> " > https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e > ", > >>> "creator_id": "cedd848a8a9e410196793c601c03b99a", "meta": {"name": > >>> "secretname2", "algorithm": "aes", "payload_content_type": > "text/plain", > >>> "mode": "cbc", "bit_length": 256, "expiration": null}, > "sub_status_message": > >>> "Unknown", "type": "key"}[root@barbican-automation ~]# > >>> > >>> > >>> Retrieval of the secret failing with the content type text/plain > >>> > >>> [root@barbican-automation ~]# curl -H 'Accept:text/plain' -H > >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" -k > >>> > https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload > >>> {"code": 500, "description": "Secret payload retrieval failure seen - > >>> please contact site administrator.", "title": "Internal Server Error"} > >>> > >>> I would like to know wheather this is a bug from Barbican side since > >>> Barbican allows creation of the order resource with text/plain as the > >>> payload_content type but the retrieval of the secret payload with the > >>> content type text/plain is not allowed. > >>> > >>> Any help would highly be appreciated. > >>> -- > >>> Thanks and Regards, > >>> Asha Seshagiri > >> > >> > >> > >> > >> -- > >> Thanks and Regards, > >> Asha Seshagiri > > > > > > > > > > -- > > Thanks and Regards, > > Asha Seshagiri > > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > [email protected]?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- *Thanks and Regards,* *Asha Seshagiri*
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
