This page documents security related details for the Barbican project in the OpenStack Juno release.
Implemented Crypto
Used Crypto
Libraries
Encryption Algorithms
Algorithm |
Purpose |
Configurable |
Implementation |
Details |
Source
|
AES |
Example crypto plug-in |
No |
PyCrypto |
- Uses a 128 bit hardcoded default key. The key can be over-ridden by config.
- TODO - fill in details on what this is used for (if anything other than an example)
|
- barbican/crypto/plugin.py:SimpleCryptoPlugin
|
AES |
utility class |
Yes |
PyCrypto |
- Used as the default encryption/decryption algorithm for symmetric crypto utility class.
- Caller can specify a different algorithm.
- Caller specifies the key size.
- This class isn't currently used anywhere within Barbican.
|
- barbican/openstack/common/crypto/utils.py:SymmetricCrypto
|
Hashing Algorithms
Algorithm |
Purpose |
Configurable |
Implementation |
Details |
Source
|
sha256 |
HKDF |
Yes |
PyCrypto |
- Used as the default algorithm for HMAC-based Key Derivation Function (HKDF) utility class.
- Caller can specify a different hashing algorithm.
- This class isn't currently used anywhere within Barbican.
|
- barbican/openstack/common/crypto/utils.py:HKDF
|
sha256 |
symmetric crypto signing |
Yes |
PyCrypto |
- Used as the default signing (HMAC) algorithm for symmetric crypto utility class.
- Caller can specify a different hashing algorithm.
- This class isn't currently used anywhere within Barbican.
|
- barbican/openstack/common/crypto/utils.py:SymmetricCrypto
|
Sensitive Data
Keys/Certificates
Passwords
Potential Improvements