Hi Douglas , It would be great if you could respond to the email with the explanation provided in yesterday's IRC meeting so that I can share it with my team.
Thanks and Regards, Asha Seshagiri On Mon, Jun 8, 2015 at 2:13 PM, Asha Seshagiri <[email protected]> wrote: > Thanks Nate for your response. > I would need Barbican to generate the key in plain/text format which is > the human readable form so that I can use that key in Standard Crytp graphy > libraries in python which takes key as the argument. > Yeah , text/plain format means the bytes are in base64 format. > > Thanks and Regards, > Asha Seshgiri > > On Mon, Jun 8, 2015 at 8:37 AM, Nathan Reller <[email protected]> > wrote: > >> Asha, >> >> When you say you want your key in ASCII does that also mean putting >> the bytes in hex or base64 format? Isn't ASCII only 7 bits? >> >> -Nate >> >> On Mon, Jun 8, 2015 at 1:17 AM, Asha Seshagiri <[email protected]> >> wrote: >> > Thanks John for your response. >> > I am aware that application/octet-stream works for the retrieval of >> secret . >> > We are utilizing the key generated from Barbican in our AES encryption >> > algorithm . Hence we wanted the response in text/plain format from >> Barbican >> > since AES encryption algorithm would need the key of ASCII format which >> > should be either 16,24 or 32 bytes. >> > >> > The AES encyption algorithms would not accept the binary format and >> even if >> > binary is converted into ascii , encoding is failing for few of the >> keys >> > because some characters exceeeds the range of ASCII and for some keys >> after >> > encoding length exceeds 32 bytes which is the maximum length for doing >> AES >> > encryption. >> > >> > Would like to know the reason behind Barbican not supporting the >> retrieval >> > of the secret in text/plain format generated from the order resource in >> > plain/text format. >> > >> > Thanks and Regards, >> > Asha Seshagiri >> > >> > On Sun, Jun 7, 2015 at 11:43 PM, John Wood <[email protected]> >> wrote: >> >> >> >> Hello Asha, >> >> >> >> The AES type key should require an application/octet-stream Accept >> header >> >> to retrieve the secret as it is a binary type. Please replace >> ‘text/plain’ >> >> with ‘application/octet-stream’ in your curl calls below. >> >> >> >> Thanks, >> >> John >> >> >> >> >> >> From: Asha Seshagiri <[email protected]> >> >> Date: Friday, June 5, 2015 at 2:42 PM >> >> To: openstack-dev <[email protected]> >> >> Cc: Douglas Mendizabal <[email protected]>, John Wood >> >> <[email protected]>, "Reller, Nathan S." < >> [email protected]>, >> >> Adam Harwell <[email protected]>, Paul Kehrer >> >> <[email protected]> >> >> Subject: Re: Barbican : Retrieval of the secret in text/plain format >> >> generated from Barbican order resource >> >> >> >> Hi All , >> >> >> >> I am currently working on use cases for database and file >> Encryption.It is >> >> really important for us to know since my Encryption use case would be >> using >> >> the key generated by Barbican through order resource as the key. >> >> The encyption algorithms would not accept the binary format and even if >> >> converted into ascii , encoding is failing for few of the keys because >> some >> >> characters exceeeds the range of ASCII and for some key after encoding >> >> length exceeds 32 bytes which is the maximum length for doing AES >> >> encryption. >> >> It would be great if someone could respond to the query ,since it >> would >> >> block my further investigations on Encryption usecases using Babrican >> >> >> >> Thanks and Regards, >> >> Asha Seshagiri >> >> >> >> >> >> On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri < >> [email protected]> >> >> wrote: >> >>> >> >>> Hi All, >> >>> >> >>> Unable to retrieve the secret in text/plain format generated from >> >>> Barbican order resource >> >>> >> >>> Please find the curl command and responses for >> >>> >> >>> Order creation with payload content type as text/plain : >> >>> >> >>> [root@barbican-automation ~]# curl -X POST -H >> >>> 'content-type:application/json' -H >> >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \ >> >>> > -d '{"type" : "key", "meta": {"name": "secretname2","algorithm": >> "aes", >> >>> > "bit_length":256, "mode": "cbc", "payload_content_type": >> "text/plain"}}' >> >>> > -k https://169.53.235.102:9311/v1/orders >> >>> >> >>> {"order_ref": >> >>> " >> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680 >> "} >> >>> >> >>> Retrieval of the order by ORDER ID in order to get to know the secret >> >>> generated by Barbican >> >>> >> >>> [root@barbican-automation ~]# curl -H 'Accept: application/json' -H >> >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" \ >> >>> > -k >> >>> > >> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680 >> >>> {"status": "ACTIVE", "sub_status": "Unknown", "updated": >> >>> "2015-06-03T19:08:13", "created": "2015-06-03T19:08:12", "order_ref": >> >>> " >> https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680 >> ", >> >>> "secret_ref": >> >>> " >> https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e >> ", >> >>> "creator_id": "cedd848a8a9e410196793c601c03b99a", "meta": {"name": >> >>> "secretname2", "algorithm": "aes", "payload_content_type": >> "text/plain", >> >>> "mode": "cbc", "bit_length": 256, "expiration": null}, >> "sub_status_message": >> >>> "Unknown", "type": "key"}[root@barbican-automation ~]# >> >>> >> >>> >> >>> Retrieval of the secret failing with the content type text/plain >> >>> >> >>> [root@barbican-automation ~]# curl -H 'Accept:text/plain' -H >> >>> "X-Auth-Token:9b211b06669249bb89665df068828ee8" -k >> >>> >> https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload >> >>> {"code": 500, "description": "Secret payload retrieval failure seen - >> >>> please contact site administrator.", "title": "Internal Server Error"} >> >>> >> >>> I would like to know wheather this is a bug from Barbican side since >> >>> Barbican allows creation of the order resource with text/plain as the >> >>> payload_content type but the retrieval of the secret payload with the >> >>> content type text/plain is not allowed. >> >>> >> >>> Any help would highly be appreciated. >> >>> -- >> >>> Thanks and Regards, >> >>> Asha Seshagiri >> >> >> >> >> >> >> >> >> >> -- >> >> Thanks and Regards, >> >> Asha Seshagiri >> > >> > >> > >> > >> > -- >> > Thanks and Regards, >> > Asha Seshagiri >> > >> > >> __________________________________________________________________________ >> > OpenStack Development Mailing List (not for usage questions) >> > Unsubscribe: >> [email protected]?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> [email protected]?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > > -- > *Thanks and Regards,* > *Asha Seshagiri* > -- *Thanks and Regards,* *Asha Seshagiri*
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
