Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Python bindings complain about the public key returned from kas_public_key on the platform #1210

Closed
caread850 opened this issue Jul 25, 2024 · 3 comments
Closed

Python bindings complain about the public key returned from kas_public_key on the platform #1210

caread850 opened this issue Jul 25, 2024 · 3 comments

Comments

@caread850
Copy link

Hi, I'm a new comer evaluating the platform for a larger scale application, I followed the instructions for:

  • Generating platform keys with init-temp-keys.sh
  • Running the docker-compose file
  • Running the keycloak provisioning
  • Starting the service

The service seems to be running fine, however, I am trying to encrypt/decrypt using the Python bindings and running into issues where it states:

Get kas public key failed, kas public key is: "-----BEGIN PUBLIC KEY-----...

After looking through the client code I can see that it is expecting to find -----BEGIN CERTIFICATE-----

Unsure if this is an issue with my installation, an issue with the platform or the client so I posted here.

Attached debug level logs from the Python client showing the KeyCloak communication and call to kas_public_key returning the public key.

debug_log.txt

Thanks!
@caread850
Copy link
Author

OK, I'm revisiting the platform and I can see in the OpenTDF C++ code it is expecting a certificate.

Then reading through the Go for the kas_public_key endpoint there is a point where it sends back either a certificate or a public key based on the algorithm sent with the GET to the kas_public_key.

So I can tell OpenTDF that the KAS URL includes something like /kas/kas_public_key?algorithm=ec:secp256r1 and this platform then gives OpenTDF a certificate.

However, when it attempts to use the cert, it states: RuntimeError: Error code 75497574. [asym_encryption.cpp:49] Failed to create X509 cert struct.error:04800066:PEM routines::bad end line.

Examining the response from the kas_public_key endpoint, it is one \n short in the certificate output, which would be causing OpenTDF not work correctly.

Also, how does offline encryption work with this? TDFv3 states that it is supported, but I can't for the life of me get it to stop calling the IdP and the KAS.

@damorris25
Copy link
Member

Python isn't actively being maintained and has been made private. I'd suggest focusing on Go (the core language), Java, or client_web (JS) - those are all public.

@caread850
Copy link
Author

Thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@damorris25 @caread850