Commit Graph

4 Commits (bbaf222aa499f4ac1e949e334a1c5b1b2ccce490)

Author SHA1 Message Date
James E. Blair 9118c01ecf Support longer pkcs1-oaep secrets
We have run into a case where we need to store a secret longer
than 3760 bits.  We may eventually support a hybrid encryption
scheme, but for now, let's also support the alt.zuul.secrets protocol
where we split the secret into 3760 bit chunks and recombine it.

The encrypt_secret utility is updated to output a copy-pastable
YAML data structure to simplify dealing with long secrets.

Change-Id: Ied372572e5aa29fddfb7043bf07df4cd3e39566c
6 years ago
Tobias Henkel 39d6dcd180 Fix encrypt_secret for python3
This fixes the encrypt_secret tool for use with python3. This needs
some minor changes to imports, encodings and base64 encoding.

Change-Id: Id29ebedab2115d0d5d47049f2a0412e8c75aa8ef
6 years ago
Monty Taylor b934c1a052
Remove use of six library
It exists only for py2/py3 compat. We do not need it any more.

This will explicitly break Zuul v3 for python2, which is different than
simply ceasing to test it and no longer declaring we support it. Since
we're not testing it any longer, it's bound to degrade overtime without
us noticing, so hopefully a clean and explicit break will prevent people
from running under python2 and it working for a minute, then breaking

Change-Id: Ia16bb399a2869ab37a183f3f2197275bb3acafee
6 years ago
James E. Blair c49e5e713f Serve public keys through webapp
Add a utility script which uses the public key served over HTTP
to encrypt the secret.

Change-Id: If0e4e4f8509518c8440814e8088a343489b5c553
6 years ago