2

I am trying to back up my Vault keys I am using to encrypt/decrypt my data. The official doc says that in order to read the keys I should execute the following command line:

$ vault read transit/keys/orders
Key                       Value
---                       -----
allow_plaintext_backup    false
deletion_allowed          false
derived                   false
exportable                false
keys                      map[1:1604988997 2:1604993553 3:1604993556 4:1604993569]
latest_version            4
min_available_version     0
min_decryption_version    1
min_encryption_version    0
name                      orders
supports_decryption       true
supports_derivation       true
supports_encryption       true
supports_signing          false
type                      aes256-gcm96

As you can tell I have got 4 "keys". To make sure that these numeric strings are the right keys I decided to conduct the following maneuver : Consider the plain 4111 1111 1111 1111

1- Convert the plain text into base64 and encrypt it with the key n°4 :

$ vault write transit/encrypt/orders plaintext=$(base64 <<< "4111 1111 1111 1111")
Key            Value
---            -----
ciphertext     vault:v4:F6hjhlJM8xczv8J20zQTRMWn3RflTd6UhcWLD9NOsEt+MQJjy4LlyAY5SY6UyydN
key_version    4

2- Take the cipher text generated above and decrypt it programatically using the key n°4 1604993569 and AES256-GCM96

At this stage if I want to achieve what has been mentioned above using Java Cryptography Extension I find myself blocked because the official doc gives information about :

  • Encryption algorithm : AES
  • Key size : 256 bits
  • Mode : GCM
  • GCM Nonce/IV : 96
  • GCM tag : not mentioned in the official doc

I have two questions now : What is the GCM tag I should use in this case (could not figure out that from the source code)? Is the numerical string "1604993569" the raw format of the 4th key or is it encoded in some format?

404NotFound
  • 65
  • 7

2 Answers2

3

I have two questions now : What is the GCM tag I should use in this case (could not figure out that from the source code)? Is the numerical string "1604993569" the raw format of the 4th key or is it encoded in some format?

  1. The GCM tag is the AEAD authentication value, used by AES-GCM to verify the GMAC message authentication code, and thus the validity of the cipher-text. It is stored as part of the cipher-text, usually the tag is appended to the cipher-text itself, and will be stripped off during the decryption process.

  2. The 1604993569 value is not the raw format of the key. The key is 32-bytes in length. 1604993569 is the time since the UNIX epoch of the underlying key rotation, i.e. Tuesday, 10 November 2020 07:32:49 UTC. You have four of them as the key was rotated four times.

The tag size is variable pending implementation, but usually 16-bytes, likely the last 16-bytes of your cipher-text.

Your keys are marked as exportable=false, you cannot export these keys from Vault without a hack, you cannot change this retrospectively.

I'm not surprised you're struggling, Vault's documentation can leave a lot to be desired at times.

Woodstock
  • 22,184
  • 15
  • 80
  • 118
2

Regarding the official API description https://www.vaultproject.io/api/secret/transit there are three steps to retrieve the keys:

step 1: make the keys exportable (yours are not at the moment):

exportable                false

$ vault write transit/keys/guillaume/config exportable=true

step 2: export the key(s):

Export Key

This endpoint returns the named key. The keys object shows the value of the key for each version. If version is specified, the specific version will be returned. If latest is provided as the version, the current key will be provided. Depending on the type of key, different information may be returned. The key must be exportable to support this operation and the version must still be valid. Method Path GET /transit/export/:key_type/:name(/:version) »Parameters

key_type (string: <required>) – Specifies the type of the key to export. This is specified as part of the URL. Valid values are:
    encryption-key
    signing-key
    hmac-key

name (string: <required>) – Specifies the name of the key to read information about. This is specified as part of the URL.

version (string: "") – Specifies the version of the key to read. If omitted, all versions of the key will be returned. This is specified as part of the URL. If the version is set to latest, the current key will be returned.

»Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/transit/export/encryption-key/my-key/1

»Sample Response

{
  "data": {
    "name": "foo",
    "keys": {
      "1": "eyXYGHbTmugUJn6EtYD/yVEoF6pCxm4R/cMEutUm3MY=",
      "2": "Euzymqx6iXjS3/NuGKDCiM2Ev6wdhnU+rBiKnJ7YpHE="
    }
  }
}

step 3: convert the Base64 encoded keys to their binary (byte array) form

Michael Fehr
  • 5,827
  • 2
  • 19
  • 40