Jump to: navigation, search

Difference between revisions of "Security/Juno/Barbican"

< Security‎ | Juno
(Encryption Algorithms)
(Used Crypto)
Line 14: Line 14:
 
|-
 
|-
 
| AES || symmetric crypto || yes || PyCrypto ||
 
| AES || symmetric crypto || yes || PyCrypto ||
*
+
* Used as the default encryption/decryption algorithm for symmetric crypto utility class.
 +
* Caller can specify a different algorithm.
 +
* Caller specifies the key size.
 +
* TODO - what uses this utility class in Barbican, and do any override the default algorithm?
 
||
 
||
 
* barbican/openstack/common/crypto/utils.py:SymmetricCrypto
 
* barbican/openstack/common/crypto/utils.py:SymmetricCrypto
Line 25: Line 28:
 
|-
 
|-
 
| sha256 || HKDF || Yes || PyCrypto ||
 
| sha256 || HKDF || Yes || PyCrypto ||
* Used as the default algorithm for HMAC-based Key Derivation Function (HKDF) utility method.
+
* Used as the default algorithm for HMAC-based Key Derivation Function (HKDF) utility class.
 
* Caller can specify a different hashing algorithm.
 
* Caller can specify a different hashing algorithm.
* TODO - what uses this utility method in Barbican, and do any override the default algorithm?
+
* TODO - what uses this utility class in Barbican, and do any override the default algorithm?
 
||
 
||
 
* barbican/openstack/common/crypto/utils.py:HKDF
 
* barbican/openstack/common/crypto/utils.py:HKDF
 
|-
 
|-
 
| sha256 || symmetric crypto signing || Yes || PyCrypto ||
 
| sha256 || symmetric crypto signing || Yes || PyCrypto ||
* Used as the default signing (HMAC) algorithm for symmetric crypto utility method.
+
* Used as the default signing (HMAC) algorithm for symmetric crypto utility class.
 
* Caller can specify a different hashing algorithm.
 
* Caller can specify a different hashing algorithm.
* TODO - what uses this utility method in Barbican, and do any override the default algorithm?
+
* TODO - what uses this utility class in Barbican, and do any override the default algorithm?
 
||
 
||
 
* barbican/openstack/common/crypto/utils.py:SymmetricCrypto
 
* barbican/openstack/common/crypto/utils.py:SymmetricCrypto

Revision as of 19:13, 25 April 2014

This page documents security related details for the Barbican project in the OpenStack Juno release.

Implemented Crypto

Used Crypto

Libraries

  • PyCrypto

Encryption Algorithms

Algorithm Purpose Configurable Implementation Details Source
AES symmetric crypto yes PyCrypto
  • Used as the default encryption/decryption algorithm for symmetric crypto utility class.
  • Caller can specify a different algorithm.
  • Caller specifies the key size.
  • TODO - what uses this utility class in Barbican, and do any override the default algorithm?
  • barbican/openstack/common/crypto/utils.py:SymmetricCrypto

Hashing Algorithms

Algorithm Purpose Configurable Implementation Details Source
sha256 HKDF Yes PyCrypto
  • Used as the default algorithm for HMAC-based Key Derivation Function (HKDF) utility class.
  • Caller can specify a different hashing algorithm.
  • TODO - what uses this utility class in Barbican, and do any override the default algorithm?
  • barbican/openstack/common/crypto/utils.py:HKDF
sha256 symmetric crypto signing Yes PyCrypto
  • Used as the default signing (HMAC) algorithm for symmetric crypto utility class.
  • Caller can specify a different hashing algorithm.
  • TODO - what uses this utility class in Barbican, and do any override the default algorithm?
  • barbican/openstack/common/crypto/utils.py:SymmetricCrypto

Sensitive Data

Keys/Certificates

Passwords

Potential Improvements

Retrieved from "https://wiki.openstack.org/w/index.php?title=Security/Juno/Barbican&oldid=50056"