Skip to content

Instantly share code, notes, and snippets.

@dmendiza

dmendiza/01.sh

Last active August 29, 2015 14:18
Show Gist options
  • Save dmendiza/13c892c6299a92dcbdf8 to your computer and use it in GitHub Desktop.
Save dmendiza/13c892c6299a92dcbdf8 to your computer and use it in GitHub Desktop.
Download ZIP
private Use Cases
Raw
01.sh
# Use Case 1
# Generate private RSA Key in PKCS#8 format and store using POST+PUT
# Media-Type: application/pkcs8
# Create the RSA keypair
openssl genrsa -out private.pem 2048
# Convert from "traditional" to PKCS#8
openssl pkcs8 -topk8 -nocrypt -in private.pem -out private.pk8
# Submit a metadata-only POST
curl -vv -H "X-Auth-Token: $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{"name": "RSA Private Key",
"secret_type": "private",
"algorithm": "RSA",
"bit_lengtt": 2048 }' \
http://localhost:9311/v1/secrets | python -m json.tool
# Submit pkcs8 private key
curl -vv -X PUT -H "X-Auth-Token: $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/octet-stream' \
--data-binary @private.pk8 \
http://localhost:9311/v1/secrets/ce002fd9-fd31-4aa1-ba9f-9c507ea3b526
# Response fails
{
"code": 415,
"description": "Unexpected content type: application/pkcs8. Expected content types are: ['application/octet-stream', 'text/plain']",
"title": "Unsupported Media Type"
}
# Expected response
{
"algorithm": "RSA",
"bit_length": null,
"content_types": {
"default": "application/pkcs8"
},
"created": "2015-04-09T20:37:42.764788",
"creator_id": "3a7e3d2421384f56a8fb6cf082a8efab",
"expiration": null,
"mode": null,
"name": "RSA Private Key",
"secret_ref": "http://localhost:9311/v1/secrets/ce002fd9-fd31-4aa1-ba9f-9c507ea3b526",
"secret_type": "private",
"status": "ACTIVE",
"updated": "2015-04-09T20:39:47.583588"
}
# Get metadata
curl -vv -H "X-Auth-Token: $TOKEN" \
-H 'Accept: application/json' \
http://localhost:9311/v1/secrets/ce002fd9-fd31-4aa1-ba9f-9c507ea3b526 |
python -m json.tool
# Get payload
curl -vv -H "X-Auth-Token: $TOKEN" \
-H 'Accept: application/pkcs8' \
-o retrieved_private.pk8 \
http://localhost:9311/v1/secrets/ce002fd9-fd31-4aa1-ba9f-9c507ea3b526/payload
diff private.pk8 retrieved_private.pk8 # shows no difference
Raw
02.sh
# Use Case 2
# Generate private RSA Key in PKCS#8 format and store using single POST
# Media-Type: application/pkcs8
# Transport-Encoding: base64
# Create the RSA keypair
openssl genrsa -out private.pem 2048
# Convert from "traditional" to PKCS#8
openssl pkcs8 -topk8 -nocrypt -in private.pem -out private.pk8
# Base64 encode the private.pk8 file for transfer
PRIVATE_BASE64=$(base64 < private.pk8)
curl -vv -H "X-Auth-Token: $TOKEN" \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d '{"name": "RSA Public Key",
"secret_type": "private",
"payload": "'"$PRIVATE_BASE64"'",
"payload_content_type": "application/octet-stream",
"payload_content_encoding": "base64",
"algorithm": "RSA",
"bit_length": 2048 }' \
http://localhost:9311/v1/secrets | python -m json.tool
# Response fails
{
"code": 400,
"description": "Secret creation issue seen - Problem decoding payload.",
"title": "Bad Request"
}
# Expected response
{
"algorithm": "RSA",
"bit_length": null,
"content_types": {
"default": "application/octet-stream"
},
"created": "2015-04-09T20:37:42.764788",
"creator_id": "3a7e3d2421384f56a8fb6cf082a8efab",
"expiration": null,
"mode": null,
"name": "RSA Private Key",
"secret_ref": "http://localhost:9311/v1/secrets/ce002fd9-fd31-4aa1-ba9f-9c507ea3b526",
"secret_type": "private",
"status": "ACTIVE",
"updated": "2015-04-09T20:39:47.583588"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment