Jump to: navigation, search

Security/Icehouse/Keystone

< Security‎ | Icehouse
Revision as of 02:06, 6 April 2014 by Nkinder (talk | contribs) (Created page with "=== Implemented Crypto === None. === Used Crypto === ==== Encryption Algorithms ==== {| class="wikitable sortable" |- ! Algorithm !! Purpose !! Configurable !! Implementation...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Implemented Crypto

None.

Used Crypto

Encryption Algorithms

Algorithm Purpose Configurable Implementation Details Source
AES Memcache backend encryption No PyCrypto
  • Optionally used for encrypting the token backend.
  • keystoneclient/middleware/memcache_crypt.py
RSA PKI token signing Yes OpenSSL
  • 2048, sha1 defaults
  • Configurable via openssl.conf.
  • Keys/Certs can be created outside of Keystone and dropped into place.
  • keystone/common/openssl.py
  • keystoneclient/common/cms.py

Hashing Algorithms

Algorithm Purpose Configurable Implementation Details Source
md5 Token hashing No Python hashlib module
  • Hash is used as an internal identifier in the token backend.
  • The data being hashed is the entire cryptographically signed token (which uses the configured signing key). The chance for collisions should be low.
  • keystoneclient/utils.py
  • keystoneclient/common/cms.py

Sensitive Data

  • Passwords
  • Tokens
  • Keys/Certificates
Retrieved from "https://wiki.openstack.org/w/index.php?title=Security/Icehouse/Keystone&oldid=47841"