This page documents security related details for the Barbican project in the OpenStack Juno release.
Implemented Crypto
Used Crypto
Libraries
Encryption Algorithms
Algorithm |
Purpose |
Configurable |
Implementation |
Details |
Source
|
AES |
symmetric crypto |
yes |
PyCrypto |
- Used as the default encryption/decryption algorithm for symmetric crypto utility class.
- Caller can specify a different algorithm.
- Caller specifies the key size.
- TODO - what uses this utility class in Barbican, and do any override the default algorithm?
|
- barbican/openstack/common/crypto/utils.py:SymmetricCrypto
|
Hashing Algorithms
Algorithm |
Purpose |
Configurable |
Implementation |
Details |
Source
|
sha256 |
HKDF |
Yes |
PyCrypto |
- Used as the default algorithm for HMAC-based Key Derivation Function (HKDF) utility class.
- Caller can specify a different hashing algorithm.
- TODO - what uses this utility class in Barbican, and do any override the default algorithm?
|
- barbican/openstack/common/crypto/utils.py:HKDF
|
sha256 |
symmetric crypto signing |
Yes |
PyCrypto |
- Used as the default signing (HMAC) algorithm for symmetric crypto utility class.
- Caller can specify a different hashing algorithm.
- TODO - what uses this utility class in Barbican, and do any override the default algorithm?
|
- barbican/openstack/common/crypto/utils.py:SymmetricCrypto
|
Sensitive Data
Keys/Certificates
Passwords
Potential Improvements