Accept header application/octet-stream is not honored while getting Asymmetric secrets
Bug #1365187 reported by
Arvind Tiwari
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Expired
|
Undecided
|
Unassigned |
Bug Description
1. Create Asymmetric key using order API.
2. Get individual keys from generate container.
Response is plain text PEM serialized format output, it has to honor the Accept type ("application/
Changed in barbican: | |
assignee: | nobody → Arvind Tiwari (arvind-tiwari) |
Changed in barbican: | |
milestone: | none → kilo-1 |
Changed in barbican: | |
status: | New → In Progress |
Changed in barbican: | |
milestone: | kilo-1 → none |
Changed in barbican: | |
assignee: | Arvind Tiwari (arvind-tiwari) → nobody |
status: | In Progress → New |
To post a comment you must log in.
Issue:
1. We are serializing the keys in PEM format and storing the PEM formatted keys after encryption with KEK.
2. We are getting PEM formatted keys back for get_secret keys . The unwrapping returns PEM formatted keys.
We can convert it to DER but if private keys is passwords protected. We need to have the password in hand. We don't have handle to password. In that case serialization from PEM to DER will fail. It will be good for non password protected keys.
Need to discuss this with team, how to solve this issue.
1. Let client do that conversion and we only support PEM formatted keys. No support for "application/ octet-stream"
2. Store the DER (binary) after wrapping with KEK. Client has to provide the passwork to get the key in PEM serialized format.