caread850
commented
2 months ago OK, I'm revisiting the platform and I can see in the OpenTDF C++ code it is expecting a certificate.
Then reading through the Go for the kas_public_key endpoint there is a point where it sends back either a certificate or a public key based on the algorithm sent with the GET to the kas_public_key.
So I can tell OpenTDF that the KAS URL includes something like /kas/kas_public_key?algorithm=ec:secp256r1 and this platform then gives OpenTDF a certificate.
However, when it attempts to use the cert, it states: RuntimeError: Error code 75497574. [asym_encryption.cpp:49] Failed to create X509 cert struct.error:04800066:PEM routines::bad end line.
Examining the response from the kas_public_key endpoint, it is one \n short in the certificate output, which would be causing OpenTDF not work correctly.
Also, how does offline encryption work with this? TDFv3 states that it is supported, but I can't for the life of me get it to stop calling the IdP and the KAS.
damorris25
Hi, I'm a new comer evaluating the platform for a larger scale application, I followed the instructions for:
The service seems to be running fine, however, I am trying to encrypt/decrypt using the Python bindings and running into issues where it states:
Get kas public key failed, kas public key is: "-----BEGIN PUBLIC KEY-----...After looking through the client code I can see that it is expecting to find
-----BEGIN CERTIFICATE-----Unsure if this is an issue with my installation, an issue with the platform or the client so I posted here.
Attached debug level logs from the Python client showing the KeyCloak communication and call to kas_public_key returning the public key.
debug_log.txt
Thanks!