OpenStack currently implements encryption of Cinder volumes using Castellan-based key managers. However, requiring a key escrow can be difficult to manage and error prone, making features like bring-your-own-key quite difficult. Further, efforts to solve this problem by implementing a push model end up requiring invasive OpenStack API changes.
A much simpler solution is available using Tang, an easy and secure alternative to key escrow. A Tang server implements the McCallum-Relyea key exchange, which ensures that the volume cannot be decrypted without access to the Tang server. Tang provides a protocol in which the server has zero knowledge of keys, does not require SSL/TLS or authentication and is highly performant.
In this talk, we'll show how volume encryption can be implemented using Tang instead of key escrow. We'll also show how bring-your-own key can be implemented by having an on-premises, lightweight Tang server.
In this talk we will discover how Castellan-based key managers, such as Barbican, interact with Cinder and Nova. Then, we will discuss the recent advancement in the field of key management - known as the Elliptic Curve McCallum-Relyea exchange - and outline its cryptographic properties. Finally, we will discuss the use of this technique to deliver important features such as bring-your-own-key.