Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encrypt/Decrypt/Sign/Verify using RSA in Transit backend #3489

Merged
merged 19 commits into from
Nov 3, 2017
Merged

Encrypt/Decrypt/Sign/Verify using RSA in Transit backend #3489

merged 19 commits into from
Nov 3, 2017

Conversation

vishalnayak
Copy link
Member

@vishalnayak vishalnayak commented Oct 25, 2017
edited
Loading

@vishalnayak vishalnayak force-pushed the encrypt-rsa branch 2 times, most recently from 8c41bcb to da8df10 Compare October 25, 2017 16:57
@vishalnayak vishalnayak changed the title [WIP] Encrypt/Decrypt/Sign/Verify using RSA in Transit backend Encrypt/Decrypt/Sign/Verify using RSA in Transit backend Oct 26, 2017
@vishalnayak vishalnayak added this to the 0.8.4 milestone Oct 26, 2017
chrishoffman
chrishoffman previously approved these changes Nov 2, 2017
View reviewed changes
Copy link
Contributor

@chrishoffman chrishoffman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks really good! No comments.

jefferai
jefferai reviewed Nov 2, 2017
View reviewed changes
builtin/logical/transit/path_export.go
}
}

return "", fmt.Errorf("unknown key type %v", policy.Type)
}

func encodeRSAPrivateKey(key *rsa.PrivateKey) string {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC this actually depends on the format. For PKCS1 yes, but PKCS8 I believe should just be PRIVATE KEY because the type is encoded into the binary block. Might be worth mentioning that in the comment for the future as Go 1.10 will have PKCS8 encoding support and we will be adding it to PKI in this release.

jefferai
jefferai reviewed Nov 2, 2017
View reviewed changes
builtin/logical/transit/path_keys.go Outdated
}
// Not making the header 'RSA PUBLIC KEY' since the format is
// of generic public key and not specifically of RSA. If its
// 'RSA PUBLIC KEY', 'openssl' complains.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just PUBLIC KEY is correct since openssl (and x509) use PKIX and the type is encoded into the marshaled bytes. Can remove this comment!

jefferai
jefferai previously approved these changes Nov 3, 2017
View reviewed changes
@vishalnayak vishalnayak merged commit ced60db into master Nov 3, 2017
@vishalnayak vishalnayak deleted the encrypt-rsa branch November 3, 2017 14:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jefferai jefferai jefferai left review comments

@chrishoffman chrishoffman chrishoffman left review comments

@briankassouf briankassouf Awaiting requested review from briankassouf

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.9.0
Development

Successfully merging this pull request may close these issues.
3 participants
@vishalnayak @jefferai @chrishoffman