Breadcrumbs

Storing Public Key, Private Key and Certificate in OpenStackBarbican

  1. Create a self-signed certificate using the command below.

›_ Console

# openssl req -x509 -newkey rsa:4096 -keyout private.pem -out cert.pem -sha256 -days 365 -nodes
image-20250612-103949.png
Create a self-signed certificate

You can generate a key and a certificate by using other utilities as well.

  1. Verify that the private key and certificate file are generated.

›_ Console

# ls
image-20250612-104118.png
File listing

  1. Generate a public key from a private key.

image-20250612-104154.png
Creation of Public Key

  1. Store the public key in OpenStack Barbican.

›_ Console

# openssl rsa -in private.pem -out public.pem -pubout

# openstack secret store --algorithm rsa --secret-type public –payloa-dcontent-type application/octet-stream --payload-content-encoding base64 -

-payload "$(base64 < public.pem)" --bit-length 2048 --name pubtest
image-20250612-104241.png
Store Public Key in Openstack Barbican

  1. You can also verify the encryption operation logging in the PKCS11 log file cs_pkcs11_R3.log during public secret generation, as shown below.

image-20250612-104320.png
pkcs#11 Logs

  1. Get the value of the public key.

›_ Console

# openstack secret get -p -c Payload -f value

http://barbican:9311/v1/secrets/85c202ff-05b6-4923-9ce6-a6cee3cde2d9
image-20250612-104413.png
Get Public Key from Openstack Barbican

  1. Store the Private key in OpenStack Barbican.

›_ Console

# openstack secret store --algorithm rsa --secret-type private –payload-content-type application/octet-stream --payload-content-encoding base64 -

-payload "$(base64 < private.pem)" --bit-length 2048 --name privatekeytest
image-20250612-104502.png
Store Private Key in Openstack Barbican

  1. Get the value of the Private key.

›_ Console

# openstack secret get -p -c Payload -f value

http://barbican:9311/v1/secrets/39e9bf4e-638a-4e4c-9cb3-2caebfb88b11
image-20250612-104555.png
Get Private key from Openstack Barbican

  1. Store the certificate on OpenStack Barbican.

›_ Console

# openstack secret store --algorithm rsa --bit-length 2048  --secret-type certificate --payload-content-type application/octet-stream –payload-content-encoding base64 --payload "$(base64 < cert.pem)” --name certificatetestutimaco
image-20250612-104700.png
Store certificate in OpenStack Barbican

  1. Get the value of the certificate from OpenStack Barbican.

›_ Console

# openstack secret get -p -c Payload -f value

http://barbican:9311/v1/secrets/9bba64eb-c875-4d72-9058-2b30fa907c17
image-20250612-104816.png
Get Certificate from Openstack Barbican 

  1. You can verify all the secrets.

›_ Console

# openstack secret list
image-20250612-104918.png
Secret List