← Back to team overview

openstack team mailing list archive

PKI Token Queston

 

Hello,

I have enabled PKI tokens on my Keystone Server

[ssl]
#enable = True
enable = False
##certfile = /etc/keystone/ssl/certs/keystone.pem
##keyfile = /etc/keystone/ssl/private/keystonekey.pem
#certfile = /etc/keystone/ssl/certs/signing_cert.pem
#keyfile = /etc/keystone/ssl/private/signing_key.pem
#ca_certs = /etc/keystone/ssl/certs/ca.pem
#cert_required = False

[signing]
#token_format = UUID
token_format = PKI
certfile = /etc/keystone/ssl/certs/signing_cert.pem
keyfile = /etc/keystone/ssl/private/signing_key.pem
ca_certs = /etc/keystone/ssl/certs/ca.pem
key_size = 1024
valid_days = 3650
ca_password = None

When I perform a REST API call to Keystone from Java to get a token, I was expecting to get an encrypted token that further had to be decoded with a public key and then base64 decoded. However, the key I get back is only base64 encoded. Why isn't it encoded with the private key?

Mark