Breadcrumbs

Storing Public Key, Private Key and Certificate in OpenStackBarbican

  1. Create a new directory in the stack user folder. It will be used for storing the keys and certificate created in the next steps.

›_ Console

# mkdir ~/ssl

# cd ~/ssl

  1. Create a self-signed certificate and private key using the command below.

›_ Console

# openssl req -x509 -newkey rsa:4096 -keyout privateFlamingo.pem -out certFlamingo.pem -sha256 -days 365 -nodes

You can generate a key and a certificate by using other utilities as well.

  1. Verify that the private key and certificate file are generated.

›_ Console

# ll


18_PrivKeyAndCertCreated.png


Certificate and private key created

  1. Generate a public key from the private key.

›_ Console

# openssl rsa -in privateFlamingo.pem -pubout -out publicFlamingo.pem


19_PubKeyFromPrivKeyCreated.png


Public key created from private key

  1. Store the public key in OpenStack Barbican.

›_ Console

# openstack secret store --algorithm rsa --secret-type public --payload-content-type application/octet-stream --payload-content-encoding base64 --payload "$(base64 < publicFlamingo.pem)" --bit-length 2048 --name PubFlamingoTest


20_StorePubKeyBarbican.png


Public key stored in Barbican

  1. You can also verify the encryption operation logging in the PKCS#11 log file cs_pkcs11_R3.log during public secret generation, as shown below.

21_PubKeyStored_Logs_PKCS11.png


Secret encryption in PKCS#11 logs

  1. Retrieve the value of the public key.

›_ Console

# openstack secret get -p -c Payload -f value <secret_href>


22_GetPubKeyValue.png


Retrieving public key value from Barbican

  1. Store the private key in OpenStack Barbican.

›_ Console

# openstack secret store --algorithm rsa --secret-type private --payload-content-type application/octet-stream --payload-content-encoding base64 --payload "$(base64 < privateFlamingo.pem)" --bit-length 2048 --name PrivFlamingoTest


24_StorePrivKeyBarbican.png


Private key stored in Barbican

  1. Retrieve the value of the private key.

›_ Console

# openstack secret get -p -c Payload -f value <secret_href>


26_GetPrivKeyValue.png


Retrieving private key value from Barbican

  1. Store the certificate in OpenStack Barbican.

›_ Console

# openstack secret store --algorithm rsa --secret-type certificate --payload-content-type application/octet-stream --payload-content-encoding base64 --payload "$(base64 < certFlamingo.pem)" --bit-length 2048 --name CertificateFlamingoTest


28_StoreCertificateBarbican.png


Certificate stored in Barbican

  1. Retrieve the value of the certificate from OpenStack Barbican.

›_ Console

# openstack secret get -p -c Payload -f value <secret_href>


30_GetCertificateValue.png


Retrieving certificate value from Barbican

  1. List all created secrets.

›_ Console

# openstack secret list


32_SecretList.png


Listing all secrets