|
|
Line 7: |
Line 7: |
| ==== Libraries ==== | | ==== Libraries ==== |
| * PyCrypto | | * PyCrypto |
| + | * PyKCS11 (what does this use for underlying crypto?) |
| | | |
| ==== Encryption Algorithms ==== | | ==== Encryption Algorithms ==== |
Revision as of 19:36, 25 April 2014
This page documents security related details for the Barbican project in the OpenStack Juno release.
Implemented Crypto
Used Crypto
Libraries
- PyCrypto
- PyKCS11 (what does this use for underlying crypto?)
Encryption Algorithms
Algorithm |
Purpose |
Configurable |
Implementation |
Details |
Source
|
AES |
Example crypto plug-in |
No |
PyCrypto |
- Uses a 128 bit hardcoded default key. The key can be over-ridden by config.
- TODO - fill in details on what this is used for (if anything other than an example)
|
- barbican/crypto/plugin.py:SimpleCryptoPlugin
|
AES |
utility class |
Yes |
PyCrypto |
- Used as the default encryption/decryption algorithm for symmetric crypto utility class.
- Caller can specify a different algorithm.
- Caller specifies the key size.
- This class isn't currently used anywhere within Barbican.
|
- barbican/openstack/common/crypto/utils.py:SymmetricCrypto
|
DES |
Example crypto plug-in |
? |
? |
- TODO - Mentioned in SYMMETRIC_ALGORITHMS, but I don't see that this is actually used/implemented anywhere. What is this for? Do we even need to mention DES in the code here?
|
- barbican/crypto/plugin.py:PluginSupportTypes
|
Hashing Algorithms
Algorithm |
Purpose |
Configurable |
Implementation |
Details |
Source
|
sha256 |
HKDF |
Yes |
PyCrypto |
- Used as the default algorithm for HMAC-based Key Derivation Function (HKDF) utility class.
- Caller can specify a different hashing algorithm.
- This class isn't currently used anywhere within Barbican.
|
- barbican/openstack/common/crypto/utils.py:HKDF
|
sha256 |
symmetric crypto signing |
Yes |
PyCrypto |
- Used as the default signing (HMAC) algorithm for symmetric crypto utility class.
- Caller can specify a different hashing algorithm.
- This class isn't currently used anywhere within Barbican.
|
- barbican/openstack/common/crypto/utils.py:SymmetricCrypto
|
Sensitive Data
Keys/Certificates
Passwords
Potential Improvements