Breadcrumbs

Generating a Symmetric Key in Barbican

  1. Generate a new 256-bit key and store it in Barbican using openstack order create command.

›_ Console

# openstack secret order create --name app_key_flamingo --algorithm aes --mode ctr --bit-length 256 --payload-content-type=application/octet-stream key


13_SymmetricKeyCreated.png


Symmetric key created and stored on Barbican

  1. You can also verify the encryption operation logging in the PKCS#11 log file cs_pkcs11_R3.log during secret generation, as shown below.

14_SymmetricKeyCreated_Logs_PKCS11.png


Key encryption in PKCS#11 logs

  1. Retrieve the metadata of the order to identify the location of the generated key, shown here as the Secret href value.

›_ Console

# openstack secret order get <order_href>


15_GetSecretOrder.png


Retrieving order metadata

  1. Retrieve the secret metadata.

›_ Console

# openstack secret get <secret_href>


16_GetSecretFromOrder.png


Retrieving secret metadata

  1. Alternatively, you can list the symmetric key that has been generated by using the openstack secret list command.

›_ Console

# openstack secret list


17_SymmetricKey_SecretList_Marked.png


Symmetric key in secret list