Accept header application/octet-stream is not honored while getting Asymmetric secrets

Issue:
1. We are serializing the keys in PEM format and storing the PEM formatted keys after encryption with KEK.
2. We are getting PEM formatted keys back for get_secret keys . The unwrapping returns PEM formatted keys.

We can convert it to DER but if private keys is passwords protected. We need to have the password in hand. We don't have handle to password. In that case serialization from PEM to DER will fail. It will be good for non password protected keys.

Need to discuss this with team, how to solve this issue.

1. Let client do that conversion and we only support PEM formatted keys. No support for "application/octet-stream"
2. Store the DER (binary) after wrapping with KEK. Client has to provide the passwork to get the key in PEM serialized format.

Hello Arvind, I'm not convinced the keys should be retrieved in a binary format. Since they are PEM format, it seems that the content type should be text/plain. Maybe a feature could be added to allow for retrieving as binary, in which case PEM would converted to DER perhaps, but that is a feature.

So I'm thinking the immediate issue is to set the content type to text/plain and return the PEM data as such.

Does that make sense?

Thanks,
John

Lets talk in the summit. Is that OK?

I'm not sure this was fully discussed yet. Moving to incomplete.

This will be addressed by the Content Types blueprint by Nathan Reller https://review.openstack.org/#/c/145073/

Though now I'm not sure if I should set this bug as invalid, or should I leave it as incomplete for a while.

[Expired for Barbican because there has been no activity for 60 days.]