PEM RSA keys vs DER DSA keys?
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Barbican |
Won't Fix
|
Undecided
|
Rajat Sharma | ||
Bug Description
Steps to reproduce:
1. Generate a DSA key:
openstack secret order create --bit-length 1024 --algorithm DSA --name "DSA key" asymmetric
2. Generate an RSA key:
openstack secret order create --bit-length 1024 --algorithm RSA --name "RSA key" asymmetric
There's a bit of trouble accessing the DSA key by using the container href in the order because of: https:/
However, if you find the secret href another way, try to do:
openstack secret get --payload <RSA key href>
and
openstack secret get --payload <DSA key href>
The RSA key will print out ok in PEM format, but the DSA key will likely get some sort of error, like:
'utf8' codec can't decode byte 0x82 in position 1: invalid start byte
which will give you a clue that it's not in PEM format.
It doesn't seem right that key generation should return two different formats for the keys that were generated essentially the same way?
| Changed in barbican: | |
| status: | New → Confirmed |
| Changed in barbican: | |
| assignee: | nobody → Rajat Sharma (tajar29) |
| Rajat Sharma (tajar29) wrote | #1 |
| Kaitlin Farr (kaitlin-farr) wrote | #2 |
| Changed in barbican: | |
| status: | Confirmed → In Progress |
| Grzegorz Grasza (xek) wrote | #3 |
| Changed in barbican: | |
| status: | In Progress → Won't Fix |
I have tested this with "Store_crypto" plugin and as per my understanding the reason behind this is that it is not converting der to pem like it do in "KMIP" plugin.