Re: [openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Hi Douglas ,
It would be great if you could respond to the email with the explanation
provided in yesterday's IRC meeting so that I can share it with my team.
Thanks and Regards,
Asha Seshagiri
On Mon, Jun 8, 2015 at 2:13 PM, Asha Seshagiri asha.seshag...@gmail.com
wrote:
Thanks Nate for your response.
I would need Barbican to generate the key in plain/text format which is
the human readable form so that I can use that key in Standard Crytp graphy
libraries in python which takes key as the argument.
Yeah , text/plain format means the bytes are in base64 format.
Thanks and Regards,
Asha Seshgiri
On Mon, Jun 8, 2015 at 8:37 AM, Nathan Reller nathan.s.rel...@gmail.com
wrote:
Asha,
When you say you want your key in ASCII does that also mean putting
the bytes in hex or base64 format? Isn't ASCII only 7 bits?
-Nate
On Mon, Jun 8, 2015 at 1:17 AM, Asha Seshagiri asha.seshag...@gmail.com
wrote:
Thanks John for your response.
I am aware that application/octet-stream works for the retrieval of
secret .
We are utilizing the key generated from Barbican in our AES encryption
algorithm . Hence we wanted the response in text/plain format from
Barbican
since AES encryption algorithm would need the key of ASCII format which
should be either 16,24 or 32 bytes.
The AES encyption algorithms would not accept the binary format and
even if
binary is converted into ascii , encoding is failing for few of the
keys
because some characters exceeeds the range of ASCII and for some keys
after
encoding length exceeds 32 bytes which is the maximum length for doing
AES
encryption.
Would like to know the reason behind Barbican not supporting the
retrieval
of the secret in text/plain format generated from the order resource in
plain/text format.
Thanks and Regards,
Asha Seshagiri
On Sun, Jun 7, 2015 at 11:43 PM, John Wood john.w...@rackspace.com
wrote:
Hello Asha,
The AES type key should require an application/octet-stream Accept
header
to retrieve the secret as it is a binary type. Please replace
‘text/plain’
with ‘application/octet-stream’ in your curl calls below.
Thanks,
John
From: Asha Seshagiri asha.seshag...@gmail.com
Date: Friday, June 5, 2015 at 2:42 PM
To: openstack-dev openstack-dev@lists.openstack.org
Cc: Douglas Mendizabal douglas.mendiza...@rackspace.com, John Wood
john.w...@rackspace.com, Reller, Nathan S.
nathan.rel...@jhuapl.edu,
Adam Harwell adam.harw...@rackspace.com, Paul Kehrer
paul.keh...@rackspace.com
Subject: Re: Barbican : Retrieval of the secret in text/plain format
generated from Barbican order resource
Hi All ,
I am currently working on use cases for database and file
Encryption.It is
really important for us to know since my Encryption use case would be
using
the key generated by Barbican through order resource as the key.
The encyption algorithms would not accept the binary format and even if
converted into ascii , encoding is failing for few of the keys because
some
characters exceeeds the range of ASCII and for some key after encoding
length exceeds 32 bytes which is the maximum length for doing AES
encryption.
It would be great if someone could respond to the query ,since it
would
block my further investigations on Encryption usecases using Babrican
Thanks and Regards,
Asha Seshagiri
On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri
asha.seshag...@gmail.com
wrote:
Hi All,
Unable to retrieve the secret in text/plain format generated from
Barbican order resource
Please find the curl command and responses for
Order creation with payload content type as text/plain :
[root@barbican-automation ~]# curl -X POST -H
'content-type:application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-d '{type : key, meta: {name: secretname2,algorithm:
aes,
bit_length:256, mode: cbc, payload_content_type:
text/plain}}'
-k https://169.53.235.102:9311/v1/orders
{order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
}
Retrieval of the order by ORDER ID in order to get to know the secret
generated by Barbican
[root@barbican-automation ~]# curl -H 'Accept: application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-k
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
{status: ACTIVE, sub_status: Unknown, updated:
2015-06-03T19:08:13, created: 2015-06-03T19:08:12, order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
,
secret_ref:
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e
,
creator_id: cedd848a8a9e410196793c601c03b99a, meta: {name:
secretname2, algorithm: aes, payload_content_type:
text/plain,
mode: cbc, bit_length: 256, expiration: null},
sub_status_message:
Unknown, type: key}[root@barbican-automation ~]#
Retrieval of the secret
Re: [openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Sure John . Thanks a lot John for your response.
I would like Barbican to support the retrieval of the secret in plain/text
format generated from the order resource.Since it is very important for our
Encryption usecase which is dependent on the key generated from Barbican.
I would like to know your opinion.
Thanks and Regards,
Asha Seshagiri
On Mon, Jun 8, 2015 at 8:36 AM, John Wood john.w...@rackspace.com wrote:
Hello Asha,
Barbican is not yet supporting the conversion of secrets of one format
to another. If you have thoughts on desired conversions however, please
mentioned them in this thread, or else consider mentioning them in our
weekly IRC meeting (freenode #openstack-meeting-alt at 3pm CDT).
Thanks,
John
From: Asha Seshagiri asha.seshag...@gmail.com
Date: Monday, June 8, 2015 at 12:17 AM
To: John Wood john.w...@rackspace.com
Cc: openstack-dev openstack-dev@lists.openstack.org, Douglas Mendizabal
douglas.mendiza...@rackspace.com, Reller, Nathan S.
nathan.rel...@jhuapl.edu, Adam Harwell adam.harw...@rackspace.com,
Paul Kehrer paul.keh...@rackspace.com
Subject: Re: Barbican : Retrieval of the secret in text/plain format
generated from Barbican order resource
Thanks John for your response.
I am aware that application/octet-stream works for the retrieval of secret
.
We are utilizing the key generated from Barbican in our AES encryption
algorithm . Hence we wanted the response in text/plain format from
Barbican since AES encryption algorithm would need the key of ASCII format
which should be either 16,24 or 32 bytes.
The AES encyption algorithms would not accept the binary format and even
if binary is converted into ascii , encoding is failing for few of the
keys because some characters exceeeds the range of ASCII and for some keys
after encoding length exceeds 32 bytes which is the maximum length for
doing AES encryption.
Would like to know the reason behind Barbican not supporting
the retrieval of the secret in text/plain format generated from the order
resource in plain/text format.
Thanks and Regards,
Asha Seshagiri
On Sun, Jun 7, 2015 at 11:43 PM, John Wood john.w...@rackspace.com
wrote:
Hello Asha,
The AES type key should require an application/octet-stream Accept
header to retrieve the secret as it is a binary type. Please replace
‘text/plain’ with ‘application/octet-stream’ in your curl calls below.
Thanks,
John
From: Asha Seshagiri asha.seshag...@gmail.com
Date: Friday, June 5, 2015 at 2:42 PM
To: openstack-dev openstack-dev@lists.openstack.org
Cc: Douglas Mendizabal douglas.mendiza...@rackspace.com, John Wood
john.w...@rackspace.com, Reller, Nathan S. nathan.rel...@jhuapl.edu,
Adam Harwell adam.harw...@rackspace.com, Paul Kehrer
paul.keh...@rackspace.com
Subject: Re: Barbican : Retrieval of the secret in text/plain format
generated from Barbican order resource
Hi All ,
I am currently working on use cases for database and file Encryption.It
is really important for us to know since my Encryption use case would be
using the key generated by Barbican through order resource as the key.
The encyption algorithms would not accept the binary format and even if
converted into ascii , encoding is failing for few of the keys because some
characters exceeeds the range of ASCII and for some key after encoding
length exceeds 32 bytes which is the maximum length for doing AES
encryption.
It would be great if someone could respond to the query ,since it would
block my further investigations on Encryption usecases using Babrican
Thanks and Regards,
Asha Seshagiri
On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri asha.seshag...@gmail.com
wrote:
Hi All,
Unable to retrieve the secret in text/plain format generated from
Barbican order resource
Please find the curl command and responses for
*Order creation with payload content type as text/plain* :
[root@barbican-automation ~]# curl -X POST -H
'content-type:application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-d '{type : key, meta: {name: secretname2,algorithm:
aes, bit_length:256, mode: cbc, payload_content_type:
*text/plain*}}' -k https://169.53.235.102:9311/v1/orders
*{order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680*
}
*Retrieval of the order by ORDER ID in order to get to know the secret
generated by Barbican*
[root@barbican-automation ~]# curl -H 'Accept: application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-k
*https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680*
{status: ACTIVE, sub_status: Unknown, updated:
2015-06-03T19:08:13, created: 2015-06-03T19:08:12, order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680;,
secret_ref:
Re: [openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Thanks Nate for your response.
I would need Barbican to generate the key in plain/text format which is the
human readable form so that I can use that key in Standard Crytp graphy
libraries in python which takes key as the argument.
Yeah , text/plain format means the bytes are in base64 format.
Thanks and Regards,
Asha Seshgiri
On Mon, Jun 8, 2015 at 8:37 AM, Nathan Reller nathan.s.rel...@gmail.com
wrote:
Asha,
When you say you want your key in ASCII does that also mean putting
the bytes in hex or base64 format? Isn't ASCII only 7 bits?
-Nate
On Mon, Jun 8, 2015 at 1:17 AM, Asha Seshagiri asha.seshag...@gmail.com
wrote:
Thanks John for your response.
I am aware that application/octet-stream works for the retrieval of
secret .
We are utilizing the key generated from Barbican in our AES encryption
algorithm . Hence we wanted the response in text/plain format from
Barbican
since AES encryption algorithm would need the key of ASCII format which
should be either 16,24 or 32 bytes.
The AES encyption algorithms would not accept the binary format and even
if
binary is converted into ascii , encoding is failing for few of the keys
because some characters exceeeds the range of ASCII and for some keys
after
encoding length exceeds 32 bytes which is the maximum length for doing
AES
encryption.
Would like to know the reason behind Barbican not supporting the
retrieval
of the secret in text/plain format generated from the order resource in
plain/text format.
Thanks and Regards,
Asha Seshagiri
On Sun, Jun 7, 2015 at 11:43 PM, John Wood john.w...@rackspace.com
wrote:
Hello Asha,
The AES type key should require an application/octet-stream Accept
header
to retrieve the secret as it is a binary type. Please replace
‘text/plain’
with ‘application/octet-stream’ in your curl calls below.
Thanks,
John
From: Asha Seshagiri asha.seshag...@gmail.com
Date: Friday, June 5, 2015 at 2:42 PM
To: openstack-dev openstack-dev@lists.openstack.org
Cc: Douglas Mendizabal douglas.mendiza...@rackspace.com, John Wood
john.w...@rackspace.com, Reller, Nathan S.
nathan.rel...@jhuapl.edu,
Adam Harwell adam.harw...@rackspace.com, Paul Kehrer
paul.keh...@rackspace.com
Subject: Re: Barbican : Retrieval of the secret in text/plain format
generated from Barbican order resource
Hi All ,
I am currently working on use cases for database and file Encryption.It
is
really important for us to know since my Encryption use case would be
using
the key generated by Barbican through order resource as the key.
The encyption algorithms would not accept the binary format and even if
converted into ascii , encoding is failing for few of the keys because
some
characters exceeeds the range of ASCII and for some key after encoding
length exceeds 32 bytes which is the maximum length for doing AES
encryption.
It would be great if someone could respond to the query ,since it would
block my further investigations on Encryption usecases using Babrican
Thanks and Regards,
Asha Seshagiri
On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri
asha.seshag...@gmail.com
wrote:
Hi All,
Unable to retrieve the secret in text/plain format generated from
Barbican order resource
Please find the curl command and responses for
Order creation with payload content type as text/plain :
[root@barbican-automation ~]# curl -X POST -H
'content-type:application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-d '{type : key, meta: {name: secretname2,algorithm:
aes,
bit_length:256, mode: cbc, payload_content_type:
text/plain}}'
-k https://169.53.235.102:9311/v1/orders
{order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
}
Retrieval of the order by ORDER ID in order to get to know the secret
generated by Barbican
[root@barbican-automation ~]# curl -H 'Accept: application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-k
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
{status: ACTIVE, sub_status: Unknown, updated:
2015-06-03T19:08:13, created: 2015-06-03T19:08:12, order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
,
secret_ref:
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e
,
creator_id: cedd848a8a9e410196793c601c03b99a, meta: {name:
secretname2, algorithm: aes, payload_content_type:
text/plain,
mode: cbc, bit_length: 256, expiration: null},
sub_status_message:
Unknown, type: key}[root@barbican-automation ~]#
Retrieval of the secret failing with the content type text/plain
[root@barbican-automation ~]# curl -H 'Accept:text/plain' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 -k
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload
{code: 500, description: Secret payload
Re: [openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Hello Asha,
Barbican is not yet supporting the conversion of secrets of one format to
another. If you have thoughts on desired conversions however, please mentioned
them in this thread, or else consider mentioning them in our weekly IRC meeting
(freenode #openstack-meeting-alt at 3pm CDT).
Thanks,
John
From: Asha Seshagiri asha.seshag...@gmail.commailto:asha.seshag...@gmail.com
Date: Monday, June 8, 2015 at 12:17 AM
To: John Wood john.w...@rackspace.commailto:john.w...@rackspace.com
Cc: openstack-dev
openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org,
Douglas Mendizabal
douglas.mendiza...@rackspace.commailto:douglas.mendiza...@rackspace.com,
Reller, Nathan S.
nathan.rel...@jhuapl.edumailto:nathan.rel...@jhuapl.edu, Adam Harwell
adam.harw...@rackspace.commailto:adam.harw...@rackspace.com, Paul Kehrer
paul.keh...@rackspace.commailto:paul.keh...@rackspace.com
Subject: Re: Barbican : Retrieval of the secret in text/plain format generated
from Barbican order resource
Thanks John for your response.
I am aware that application/octet-stream works for the retrieval of secret .
We are utilizing the key generated from Barbican in our AES encryption
algorithm . Hence we wanted the response in text/plain format from Barbican
since AES encryption algorithm would need the key of ASCII format which should
be either 16,24 or 32 bytes.
The AES encyption algorithms would not accept the binary format and even if
binary is converted into ascii , encoding is failing for few of the keys
because some characters exceeeds the range of ASCII and for some keys after
encoding length exceeds 32 bytes which is the maximum length for doing AES
encryption.
Would like to know the reason behind Barbican not supporting the retrieval of
the secret in text/plain format generated from the order resource in plain/text
format.
Thanks and Regards,
Asha Seshagiri
On Sun, Jun 7, 2015 at 11:43 PM, John Wood
john.w...@rackspace.commailto:john.w...@rackspace.com wrote:
Hello Asha,
The AES type key should require an application/octet-stream Accept header to
retrieve the secret as it is a binary type. Please replace ‘text/plain’ with
‘application/octet-stream’ in your curl calls below.
Thanks,
John
From: Asha Seshagiri asha.seshag...@gmail.commailto:asha.seshag...@gmail.com
Date: Friday, June 5, 2015 at 2:42 PM
To: openstack-dev
openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org
Cc: Douglas Mendizabal
douglas.mendiza...@rackspace.commailto:douglas.mendiza...@rackspace.com,
John Wood john.w...@rackspace.commailto:john.w...@rackspace.com, Reller,
Nathan S. nathan.rel...@jhuapl.edumailto:nathan.rel...@jhuapl.edu, Adam
Harwell adam.harw...@rackspace.commailto:adam.harw...@rackspace.com, Paul
Kehrer paul.keh...@rackspace.commailto:paul.keh...@rackspace.com
Subject: Re: Barbican : Retrieval of the secret in text/plain format generated
from Barbican order resource
Hi All ,
I am currently working on use cases for database and file Encryption.It is
really important for us to know since my Encryption use case would be using the
key generated by Barbican through order resource as the key.
The encyption algorithms would not accept the binary format and even if
converted into ascii , encoding is failing for few of the keys because some
characters exceeeds the range of ASCII and for some key after encoding length
exceeds 32 bytes which is the maximum length for doing AES encryption.
It would be great if someone could respond to the query ,since it would block
my further investigations on Encryption usecases using Babrican
Thanks and Regards,
Asha Seshagiri
On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri
asha.seshag...@gmail.commailto:asha.seshag...@gmail.com wrote:
Hi All,
Unable to retrieve the secret in text/plain format generated from Barbican
order resource
Please find the curl command and responses for
Order creation with payload content type as text/plain :
[root@barbican-automation ~]# curl -X POST -H 'content-type:application/json'
-H X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-d '{type : key, meta: {name: secretname2,algorithm: aes,
bit_length:256, mode: cbc, payload_content_type: text/plain}}' -k
https://169.53.235.102:9311/v1/orders
{order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680}
Retrieval of the order by ORDER ID in order to get to know the secret generated
by Barbican
[root@barbican-automation ~]# curl -H 'Accept: application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-k https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
{status: ACTIVE, sub_status: Unknown, updated: 2015-06-03T19:08:13,
created: 2015-06-03T19:08:12, order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680;,
secret_ref:
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e;,
creator_id: cedd848a8a9e410196793c601c03b99a,
Re: [openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Asha,
When you say you want your key in ASCII does that also mean putting
the bytes in hex or base64 format? Isn't ASCII only 7 bits?
-Nate
On Mon, Jun 8, 2015 at 1:17 AM, Asha Seshagiri asha.seshag...@gmail.com wrote:
Thanks John for your response.
I am aware that application/octet-stream works for the retrieval of secret .
We are utilizing the key generated from Barbican in our AES encryption
algorithm . Hence we wanted the response in text/plain format from Barbican
since AES encryption algorithm would need the key of ASCII format which
should be either 16,24 or 32 bytes.
The AES encyption algorithms would not accept the binary format and even if
binary is converted into ascii , encoding is failing for few of the keys
because some characters exceeeds the range of ASCII and for some keys after
encoding length exceeds 32 bytes which is the maximum length for doing AES
encryption.
Would like to know the reason behind Barbican not supporting the retrieval
of the secret in text/plain format generated from the order resource in
plain/text format.
Thanks and Regards,
Asha Seshagiri
On Sun, Jun 7, 2015 at 11:43 PM, John Wood john.w...@rackspace.com wrote:
Hello Asha,
The AES type key should require an application/octet-stream Accept header
to retrieve the secret as it is a binary type. Please replace ‘text/plain’
with ‘application/octet-stream’ in your curl calls below.
Thanks,
John
From: Asha Seshagiri asha.seshag...@gmail.com
Date: Friday, June 5, 2015 at 2:42 PM
To: openstack-dev openstack-dev@lists.openstack.org
Cc: Douglas Mendizabal douglas.mendiza...@rackspace.com, John Wood
john.w...@rackspace.com, Reller, Nathan S. nathan.rel...@jhuapl.edu,
Adam Harwell adam.harw...@rackspace.com, Paul Kehrer
paul.keh...@rackspace.com
Subject: Re: Barbican : Retrieval of the secret in text/plain format
generated from Barbican order resource
Hi All ,
I am currently working on use cases for database and file Encryption.It is
really important for us to know since my Encryption use case would be using
the key generated by Barbican through order resource as the key.
The encyption algorithms would not accept the binary format and even if
converted into ascii , encoding is failing for few of the keys because some
characters exceeeds the range of ASCII and for some key after encoding
length exceeds 32 bytes which is the maximum length for doing AES
encryption.
It would be great if someone could respond to the query ,since it would
block my further investigations on Encryption usecases using Babrican
Thanks and Regards,
Asha Seshagiri
On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri asha.seshag...@gmail.com
wrote:
Hi All,
Unable to retrieve the secret in text/plain format generated from
Barbican order resource
Please find the curl command and responses for
Order creation with payload content type as text/plain :
[root@barbican-automation ~]# curl -X POST -H
'content-type:application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-d '{type : key, meta: {name: secretname2,algorithm: aes,
bit_length:256, mode: cbc, payload_content_type: text/plain}}'
-k https://169.53.235.102:9311/v1/orders
{order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680}
Retrieval of the order by ORDER ID in order to get to know the secret
generated by Barbican
[root@barbican-automation ~]# curl -H 'Accept: application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-k
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
{status: ACTIVE, sub_status: Unknown, updated:
2015-06-03T19:08:13, created: 2015-06-03T19:08:12, order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680;,
secret_ref:
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e;,
creator_id: cedd848a8a9e410196793c601c03b99a, meta: {name:
secretname2, algorithm: aes, payload_content_type: text/plain,
mode: cbc, bit_length: 256, expiration: null}, sub_status_message:
Unknown, type: key}[root@barbican-automation ~]#
Retrieval of the secret failing with the content type text/plain
[root@barbican-automation ~]# curl -H 'Accept:text/plain' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 -k
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload
{code: 500, description: Secret payload retrieval failure seen -
please contact site administrator., title: Internal Server Error}
I would like to know wheather this is a bug from Barbican side since
Barbican allows creation of the order resource with text/plain as the
payload_content type but the retrieval of the secret payload with the
content type text/plain is not allowed.
Any help would highly be appreciated.
--
Thanks and Regards,
Asha Seshagiri
--
Thanks and Regards,
Asha Seshagiri
--
Thanks and Regards,
Asha Seshagiri
Re: [openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Hello Asha,
The AES type key should require an application/octet-stream Accept header to
retrieve the secret as it is a binary type. Please replace 'text/plain' with
'application/octet-stream' in your curl calls below.
Thanks,
John
From: Asha Seshagiri asha.seshag...@gmail.commailto:asha.seshag...@gmail.com
Date: Friday, June 5, 2015 at 2:42 PM
To: openstack-dev
openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org
Cc: Douglas Mendizabal
douglas.mendiza...@rackspace.commailto:douglas.mendiza...@rackspace.com,
John Wood john.w...@rackspace.commailto:john.w...@rackspace.com, Reller,
Nathan S. nathan.rel...@jhuapl.edumailto:nathan.rel...@jhuapl.edu, Adam
Harwell adam.harw...@rackspace.commailto:adam.harw...@rackspace.com, Paul
Kehrer paul.keh...@rackspace.commailto:paul.keh...@rackspace.com
Subject: Re: Barbican : Retrieval of the secret in text/plain format generated
from Barbican order resource
Hi All ,
I am currently working on use cases for database and file Encryption.It is
really important for us to know since my Encryption use case would be using the
key generated by Barbican through order resource as the key.
The encyption algorithms would not accept the binary format and even if
converted into ascii , encoding is failing for few of the keys because some
characters exceeeds the range of ASCII and for some key after encoding length
exceeds 32 bytes which is the maximum length for doing AES encryption.
It would be great if someone could respond to the query ,since it would block
my further investigations on Encryption usecases using Babrican
Thanks and Regards,
Asha Seshagiri
On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri
asha.seshag...@gmail.commailto:asha.seshag...@gmail.com wrote:
Hi All,
Unable to retrieve the secret in text/plain format generated from Barbican
order resource
Please find the curl command and responses for
Order creation with payload content type as text/plain :
[root@barbican-automation ~]# curl -X POST -H 'content-type:application/json'
-H X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-d '{type : key, meta: {name: secretname2,algorithm: aes,
bit_length:256, mode: cbc, payload_content_type: text/plain}}' -k
https://169.53.235.102:9311/v1/orders
{order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680}
Retrieval of the order by ORDER ID in order to get to know the secret generated
by Barbican
[root@barbican-automation ~]# curl -H 'Accept: application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-k https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
{status: ACTIVE, sub_status: Unknown, updated: 2015-06-03T19:08:13,
created: 2015-06-03T19:08:12, order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680;,
secret_ref:
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e;,
creator_id: cedd848a8a9e410196793c601c03b99a, meta: {name:
secretname2, algorithm: aes, payload_content_type: text/plain,
mode: cbc, bit_length: 256, expiration: null}, sub_status_message:
Unknown, type: key}[root@barbican-automation ~]#
Retrieval of the secret failing with the content type text/plain
[root@barbican-automation ~]# curl -H 'Accept:text/plain' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 -k
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload
{code: 500, description: Secret payload retrieval failure seen - please
contact site administrator., title: Internal Server Error}
I would like to know wheather this is a bug from Barbican side since Barbican
allows creation of the order resource with text/plain as the payload_content
type but the retrieval of the secret payload with the content type text/plain
is not allowed.
Any help would highly be appreciated.
--
Thanks and Regards,
Asha Seshagiri
--
Thanks and Regards,
Asha Seshagiri
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Thanks John for your response.
I am aware that application/octet-stream works for the retrieval of secret
.
We are utilizing the key generated from Barbican in our AES encryption
algorithm . Hence we wanted the response in text/plain format from
Barbican since AES encryption algorithm would need the key of ASCII format
which should be either 16,24 or 32 bytes.
The AES encyption algorithms would not accept the binary format and even if
binary is converted into ascii , encoding is failing for few of the keys
because some characters exceeeds the range of ASCII and for some keys
after encoding length exceeds 32 bytes which is the maximum length for
doing AES encryption.
Would like to know the reason behind Barbican not supporting
the retrieval of the secret in text/plain format generated from the order
resource in plain/text format.
Thanks and Regards,
Asha Seshagiri
On Sun, Jun 7, 2015 at 11:43 PM, John Wood john.w...@rackspace.com wrote:
Hello Asha,
The AES type key should require an application/octet-stream Accept
header to retrieve the secret as it is a binary type. Please replace
‘text/plain’ with ‘application/octet-stream’ in your curl calls below.
Thanks,
John
From: Asha Seshagiri asha.seshag...@gmail.com
Date: Friday, June 5, 2015 at 2:42 PM
To: openstack-dev openstack-dev@lists.openstack.org
Cc: Douglas Mendizabal douglas.mendiza...@rackspace.com, John Wood
john.w...@rackspace.com, Reller, Nathan S. nathan.rel...@jhuapl.edu,
Adam Harwell adam.harw...@rackspace.com, Paul Kehrer
paul.keh...@rackspace.com
Subject: Re: Barbican : Retrieval of the secret in text/plain format
generated from Barbican order resource
Hi All ,
I am currently working on use cases for database and file Encryption.It
is really important for us to know since my Encryption use case would be
using the key generated by Barbican through order resource as the key.
The encyption algorithms would not accept the binary format and even if
converted into ascii , encoding is failing for few of the keys because some
characters exceeeds the range of ASCII and for some key after encoding
length exceeds 32 bytes which is the maximum length for doing AES
encryption.
It would be great if someone could respond to the query ,since it would
block my further investigations on Encryption usecases using Babrican
Thanks and Regards,
Asha Seshagiri
On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri asha.seshag...@gmail.com
wrote:
Hi All,
Unable to retrieve the secret in text/plain format generated from
Barbican order resource
Please find the curl command and responses for
*Order creation with payload content type as text/plain* :
[root@barbican-automation ~]# curl -X POST -H
'content-type:application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-d '{type : key, meta: {name: secretname2,algorithm: aes,
bit_length:256, mode: cbc, payload_content_type: *text/plain*}}'
-k https://169.53.235.102:9311/v1/orders
*{order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680*
}
*Retrieval of the order by ORDER ID in order to get to know the secret
generated by Barbican*
[root@barbican-automation ~]# curl -H 'Accept: application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-k
*https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680*
{status: ACTIVE, sub_status: Unknown, updated:
2015-06-03T19:08:13, created: 2015-06-03T19:08:12, order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680;,
secret_ref:
*https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e*,
creator_id: cedd848a8a9e410196793c601c03b99a, meta: {name:
secretname2, algorithm: aes, payload_content_type: text/plain,
mode: cbc, bit_length: 256, expiration: null},
sub_status_message: Unknown, type: key}[root@barbican-automation
~]#
*Retrieval of the secret failing with the content type text/plain*
[root@barbican-automation ~]# curl -H 'Accept:text/plain' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 -k
*https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload*
*{code: 500, description: Secret payload retrieval failure seen -
please contact site administrator., title: Internal Server Error}*
I would like to know wheather this is a bug from Barbican side since
Barbican allows creation of the order resource with text/plain as the
payload_content type but the retrieval of the secret payload with the
content type text/plain is not allowed.
Any help would highly be appreciated.
--
*Thanks and Regards,*
*Asha Seshagiri*
--
Re: [openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Hi All ,
I am currently working on use cases for database and file Encryption.It is
really important for us to know since my Encryption use case would be using
the key generated by Barbican through order resource as the key.
The encyption algorithms would not accept the binary format and even if
converted into ascii , encoding is failing for few of the keys because some
characters exceeeds the range of ASCII and for some key after encoding
length exceeds 32 bytes which is the maximum length for doing AES
encryption.
It would be great if someone could respond to the query ,since it would
block my further investigations on Encryption usecases using Babrican
Thanks and Regards,
Asha Seshagiri
On Wed, Jun 3, 2015 at 3:51 PM, Asha Seshagiri asha.seshag...@gmail.com
wrote:
Hi All,
Unable to retrieve the secret in text/plain format generated from
Barbican order resource
Please find the curl command and responses for
*Order creation with payload content type as text/plain* :
[root@barbican-automation ~]# curl -X POST -H
'content-type:application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-d '{type : key, meta: {name: secretname2,algorithm: aes,
bit_length:256, mode: cbc, payload_content_type: *text/plain*}}'
-k https://169.53.235.102:9311/v1/orders
*{order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680*
}
*Retrieval of the order by ORDER ID in order to get to know the secret
generated by Barbican*
[root@barbican-automation ~]# curl -H 'Accept: application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-k
*https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680*
{status: ACTIVE, sub_status: Unknown, updated:
2015-06-03T19:08:13, created: 2015-06-03T19:08:12, order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680;,
secret_ref:
*https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e*,
creator_id: cedd848a8a9e410196793c601c03b99a, meta: {name:
secretname2, algorithm: aes, payload_content_type: text/plain,
mode: cbc, bit_length: 256, expiration: null},
sub_status_message: Unknown, type: key}[root@barbican-automation
~]#
*Retrieval of the secret failing with the content type text/plain*
[root@barbican-automation ~]# curl -H 'Accept:text/plain' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 -k
*https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload*
*{code: 500, description: Secret payload retrieval failure seen -
please contact site administrator., title: Internal Server Error}*
I would like to know wheather this is a bug from Barbican side since
Barbican allows creation of the order resource with text/plain as the
payload_content type but the retrieval of the secret payload with the
content type text/plain is not allowed.
Any help would highly be appreciated.
--
*Thanks and Regards,*
*Asha Seshagiri*
--
*Thanks and Regards,*
*Asha Seshagiri*
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] Barbican : Retrieval of the secret in text/plain format generated from Barbican order resource
Hi All,
Unable to retrieve the secret in text/plain format generated from Barbican
order resource
Please find the curl command and responses for
*Order creation with payload content type as text/plain* :
[root@barbican-automation ~]# curl -X POST -H
'content-type:application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-d '{type : key, meta: {name: secretname2,algorithm: aes,
bit_length:256, mode: cbc, payload_content_type: *text/plain*}}'
-k https://169.53.235.102:9311/v1/orders
*{order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680*
}
*Retrieval of the order by ORDER ID in order to get to know the secret
generated by Barbican*
[root@barbican-automation ~]# curl -H 'Accept: application/json' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 \
-k
*https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680*
{status: ACTIVE, sub_status: Unknown, updated:
2015-06-03T19:08:13, created: 2015-06-03T19:08:12, order_ref:
https://169.53.235.102:9311/v1/orders/727113f9-fcda-4366-9f85-93b15edd4680;,
secret_ref:
*https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e*,
creator_id: cedd848a8a9e410196793c601c03b99a, meta: {name:
secretname2, algorithm: aes, payload_content_type: text/plain,
mode: cbc, bit_length: 256, expiration: null},
sub_status_message: Unknown, type: key}[root@barbican-automation ~]#
*Retrieval of the secret failing with the content type text/plain*
[root@barbican-automation ~]# curl -H 'Accept:text/plain' -H
X-Auth-Token:9b211b06669249bb89665df068828ee8 -k
*https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload
https://169.53.235.102:9311/v1/secrets/5c25525d-a162-4b0b-9954-90c4ce426c4e/payload*
*{code: 500, description: Secret payload retrieval failure seen -
please contact site administrator., title: Internal Server Error}*
I would like to know wheather this is a bug from Barbican side since
Barbican allows creation of the order resource with text/plain as the
payload_content type but the retrieval of the secret payload with the
content type text/plain is not allowed.
Any help would highly be appreciated.
--
*Thanks and Regards,*
*Asha Seshagiri*
__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
