Breadcrumbs

Storing Public Key, Private Key and Certificate in OpenStack Barbican

  1. Create a self-signed certificate using the command below.

›_ Console

# openssl req -x509 -newkey rsa:4096 -keyout private.pem -out cert.pem -sha256 -days 365 -nodes

The key and certificate can be generated using other utilities as well.

  1. Verify the private key and certificate file are generated.

›_ Console

# ll


PrivKeyCertificateCreated.png


Certificate and private key created

  1. Generate the public key from private key.

›_ Console

# openssl rsa -in private.pem -pubout -out public.pem


PubKeyFromPrivKeyCreated.png


Public key created form private key

  1. Store the public key in OpenStack Barbican.

›_ Console

# openstack secret store --algorithm rsa --secret-type public --payload-content-type application/octet-stream --payload-content-encoding base64 --payload "$(base64 < public.pem)" --bit-length 2048 --name pubtest


StorePubKeyBarbican.png


Public key stored in Barbican

  1. You can also verify the encryption operation logging in PKCS#11 log file cs_pkcs11_R2.log during public secret generation as shown below.

PubKeyStored_Logs_PKCS11.png


PKCS#11 logs showing secret encryption


  1. Get value of the public key.

›_ Console

# openstack secret get -p -c Payload -f value <secret_href>


GetPubKeyValue.png


Get value of the public key from Barbican

  1. Store private key in OpenStack Barbican.

›_ Console

# openstack secret store --algorithm rsa --secret-type private --payload-content-type application/octet-stream --payload-content-encoding base64 --payload "$(base64 < private.pem)" --bit-length 2048 --name privatekeytest


StorePrivKeyBarbican.png


Private key stored in Barbican

  1. Get value of the private key.

›_ Console

# openstack secret get -p -c Payload -f value <secret_href>


GetPrivKeyValue.png


Get value of the public key from Barbican

  1. Store the certificate in OpenStack Barbican.

›_ Console

# openstack secret store --algorithm rsa --secret-type certificate --payload-content-type application/octet-stream --payload-content-encoding base64 --payload "$(base64 < cert.pem)" --bit-length 2048 --name utimacocertificatetest


StoreCertificateBarbican.png


Certificate stored in Barbican

  1. Get value of the certificate from OpenStack Barbican.

›_ Console

# openstack secret get -p -c Payload -f value <secret_href>


GetCertificateValue.png


Get value of certificate from Barbican

  1. List all secrets.

›_ Console

# openstack secret list


SecretList.png


Listing all secrets