The latest articles on DEV Community by Quan Hoang (@cucxabong). https://dev.to/cucxabong https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F571150%2F8462c86a-a217-432e-8176-06005bae43ea.jpeg https://dev.to/cucxabong en Quan Hoang Mon, 01 Feb 2021 14:41:26 +0000 https://dev.to/cucxabong/recover-hashicorp-vault-recovery-key-1343 https://dev.to/cucxabong/recover-hashicorp-vault-recovery-key-1343 <h2> TL;DR </h2> <ul> <li>Generate recovery key</li> <li>Encrypt recovery key with random generated DEK key</li> <li>Encrypt DEK key with KMS service</li> <li>Serialize encrypted recovery key + encrypted DEK key + IV + KMS Key Info </li> <li>Persist binary data into storage backend</li> </ul> <h2> Motivation </h2> <p>I have worked with Vault in the last few couple of weeks, I stumped up-on major topics of a production Vault system such as SSO with Google Workspace, AWS authentication, identity management, dynamic ACL, dynamic secrets, and auto-unseal to make it work in our Kubernetes cluster. Thanks to Vault population with the great community and documentations, I could get it run as expected in our test cluster for evaluation.</p> <p>As you may know that when Vault configured with auto-unseal, when you init Vault by running <code>vault operator init</code> the first time, it will generate recovery key &amp; root token, you should saving/backup these secrets somewhere. <strong>Root token</strong> is a Vault token with super privileges &amp; can do anything within Vault system and <strong>recovery key</strong> will be used for features that require a quorum of users to perform (such as re-generate root token). And I was wonder</p> <h2> If I lost recovery key and root token, how can I access my Vault with highest privileges? </h2> <p>As mentioned before, the recovery key could be use to re-generate root token. So if we can somehow recover the recovery key, we could then use the recovery key to re-generate root token. In this blog post, I will walk through the process of recover recovery key by looking at the Vault source code. Let's begin</p> <p><a href="https://github.com/hashicorp/vault/blob/v1.6.2/vault/init.go#L371">The life of recovery key begin with</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">if</span> <span class="n">recoveryConfig</span><span class="o">.</span><span class="n">SecretShares</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="n">recoveryKey</span><span class="p">,</span> <span class="n">recoveryUnsealKeys</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">generateShares</span><span class="p">(</span><span class="n">recoveryConfig</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="s">"failed to generate recovery shares"</span><span class="p">,</span> <span class="s">"error"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">err</span> <span class="o">=</span> <span class="n">c</span><span class="o">.</span><span class="n">seal</span><span class="o">.</span><span class="n">SetRecoveryKey</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">recoveryKey</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">results</span><span class="o">.</span><span class="n">RecoveryShares</span> <span class="o">=</span> <span class="n">recoveryUnsealKeys</span> <span class="p">}</span> </code></pre> </div> <p>It was <a href="https://github.com/hashicorp/vault/blob/be65a227ef2e80f8588b3b13584b5c0d9238c1d7/vault/init.go#L124">generated by <code>*Core.generateShares</code></a> and passed into <code>*Core.seal.SetRecoveryKey</code> for encryption and long-term storage. Looking at further, we see that <code>*Core.seal</code> is a variable of type <code>Seal</code> which in turn is an Interface. <a href="https://github.com/hashicorp/vault/blob/v1.6.2/vault/seal_autoseal.go#L378">For auto-unseal feature, the implementation be like</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code> <span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="o">*</span><span class="n">autoSeal</span><span class="p">)</span> <span class="n">SetRecoveryKey</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">key</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">d</span><span class="o">.</span><span class="n">checkCore</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">if</span> <span class="n">key</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"recovery key to store is nil"</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Encrypt and marshal the keys</span> <span class="n">blobInfo</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">d</span><span class="o">.</span><span class="n">Encrypt</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">key</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">errwrap</span><span class="o">.</span><span class="n">Wrapf</span><span class="p">(</span><span class="s">"failed to encrypt keys for storage: {{err}}"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">value</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">proto</span><span class="o">.</span><span class="n">Marshal</span><span class="p">(</span><span class="n">blobInfo</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">errwrap</span><span class="o">.</span><span class="n">Wrapf</span><span class="p">(</span><span class="s">"failed to marshal value for storage: {{err}}"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">be</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">physical</span><span class="o">.</span><span class="n">Entry</span><span class="p">{</span> <span class="n">Key</span><span class="o">:</span> <span class="n">recoveryKeyPath</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">value</span><span class="p">,</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">d</span><span class="o">.</span><span class="n">core</span><span class="o">.</span><span class="n">physical</span><span class="o">.</span><span class="n">Put</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">be</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">d</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="s">"failed to write recovery key"</span><span class="p">,</span> <span class="s">"error"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="k">return</span> <span class="n">errwrap</span><span class="o">.</span><span class="n">Wrapf</span><span class="p">(</span><span class="s">"failed to write recovery key: {{err}}"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>I will not talk so much about generation process but will dive deeper into the later. From the code snippet, we can see that main functions tasks are:</p> <h2> Encrypt recovery key with <code>*autoSeal.Encrypt</code> </h2> <p>This function will set some internal metrics and then call to <code>wrapping.Wrapper.Encrypt</code> for actual encryption. Package <code>wrapping</code> <a href="https://github.com/hashicorp/go-kms-wrapping/tree/v0.6.0">a library support encrypt things through various KMS providers.</a></p> <p>From <code>README.md</code> we have some notes<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>For KMS providers that do not support encrypting arbitrarily large values, the library will generate an envelope data encryption key (DEK), encrypt the value with it using an authenticated cipher, and use the KMS to encrypt the DEK. .... Supports many KMSes: AEAD using AES-GCM and a provided key Alibaba Cloud KMS (uses envelopes) AWS KMS (uses envelopes) Azure KeyVault (uses envelopes) GCP CKMS (uses envelopes) Huawei Cloud KMS (uses envelopes) OCI KMS (uses envelopes) Tencent Cloud KMS (uses envelopes) Vault Transit mount Yandex.Cloud KMS (uses envelopes) Transparently supports multiple decryption targets, allowing for key rotation Supports Additional Authenticated Data (AAD) for all KMSes except Vault Transit. </code></pre> </div> <p>We will talk more about Envelopes later in <code>Protocol Buffer</code> section. Now back to the encryption wrapper function. Its implementation is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// https://github.com/hashicorp/go-kms-wrapping/blob/master/wrapper.go#L47</span> <span class="k">type</span> <span class="n">Wrapper</span> <span class="k">interface</span> <span class="p">{</span> <span class="c">// Type is the type of Wrapper</span> <span class="n">Type</span><span class="p">()</span> <span class="kt">string</span> <span class="c">// KeyID is the ID of the key currently used for encryption</span> <span class="n">KeyID</span><span class="p">()</span> <span class="kt">string</span> <span class="c">// HMACKeyID is the ID of the key currently used for HMACing (if any)</span> <span class="n">HMACKeyID</span><span class="p">()</span> <span class="kt">string</span> <span class="c">// Init allows performing any necessary setup calls before using this Wrapper</span> <span class="n">Init</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="c">// Finalize should be called when all usage of this Wrapper is done</span> <span class="n">Finalize</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="c">// Encrypt encrypts the given byte slice and puts information about the final result in the returned value. The second byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation.</span> <span class="n">Encrypt</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">,</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">EncryptedBlobInfo</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="c">// Decrypt takes in the value and decrypts it into the byte slice. The byte slice is to pass any additional authenticated data; this may or may not be used depending on the particular implementation.</span> <span class="n">Decrypt</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="o">*</span><span class="n">EncryptedBlobInfo</span><span class="p">,</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Wrapper is an interface type (some thing link abstraction function), so each KMS will implement those methods differently (but with the specify function signature). For the sake of my knowledge, I will pick AWS KMS for explanation.</p> <p><a href="https://github.com/hashicorp/go-kms-wrapping/blob/master/wrappers/awskms/awskms.go#L170">AWS KMS implementation looks something like this</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Encrypt is used to encrypt the master key using the the AWS CMK.</span> <span class="c">// This returns the ciphertext, and/or any errors from this</span> <span class="c">// call. This should be called after the KMS client has been instantiated.</span> <span class="k">func</span> <span class="p">(</span><span class="n">k</span> <span class="o">*</span><span class="n">Wrapper</span><span class="p">)</span> <span class="n">Encrypt</span><span class="p">(</span><span class="n">_</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">plaintext</span><span class="p">,</span> <span class="n">aad</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="n">blob</span> <span class="o">*</span><span class="n">wrapping</span><span class="o">.</span><span class="n">EncryptedBlobInfo</span><span class="p">,</span> <span class="n">err</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="n">plaintext</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"given plaintext for encryption is nil"</span><span class="p">)</span> <span class="p">}</span> <span class="n">env</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">wrapping</span><span class="o">.</span><span class="n">NewEnvelope</span><span class="p">(</span><span class="no">nil</span><span class="p">)</span><span class="o">.</span><span class="n">Encrypt</span><span class="p">(</span><span class="n">plaintext</span><span class="p">,</span> <span class="n">aad</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"error wrapping data: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">k</span><span class="o">.</span><span class="n">client</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"nil client"</span><span class="p">)</span> <span class="p">}</span> <span class="n">input</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">kms</span><span class="o">.</span><span class="n">EncryptInput</span><span class="p">{</span> <span class="n">KeyId</span><span class="o">:</span> <span class="n">aws</span><span class="o">.</span><span class="n">String</span><span class="p">(</span><span class="n">k</span><span class="o">.</span><span class="n">keyID</span><span class="p">),</span> <span class="n">Plaintext</span><span class="o">:</span> <span class="n">env</span><span class="o">.</span><span class="n">Key</span><span class="p">,</span> <span class="p">}</span> <span class="n">output</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">k</span><span class="o">.</span><span class="n">client</span><span class="o">.</span><span class="n">Encrypt</span><span class="p">(</span><span class="n">input</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"error encrypting data: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="c">// Store the current key id</span> <span class="c">//</span> <span class="c">// When using a key alias, this will return the actual underlying key id</span> <span class="c">// used for encryption. This is helpful if you are looking to reencyrpt</span> <span class="c">// your data when it is not using the latest key id. See these docs relating</span> <span class="c">// to key rotation https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html</span> <span class="n">keyID</span> <span class="o">:=</span> <span class="n">aws</span><span class="o">.</span><span class="n">StringValue</span><span class="p">(</span><span class="n">output</span><span class="o">.</span><span class="n">KeyId</span><span class="p">)</span> <span class="n">k</span><span class="o">.</span><span class="n">currentKeyID</span><span class="o">.</span><span class="n">Store</span><span class="p">(</span><span class="n">keyID</span><span class="p">)</span> <span class="n">ret</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">wrapping</span><span class="o">.</span><span class="n">EncryptedBlobInfo</span><span class="p">{</span> <span class="n">Ciphertext</span><span class="o">:</span> <span class="n">env</span><span class="o">.</span><span class="n">Ciphertext</span><span class="p">,</span> <span class="n">IV</span><span class="o">:</span> <span class="n">env</span><span class="o">.</span><span class="n">IV</span><span class="p">,</span> <span class="n">KeyInfo</span><span class="o">:</span> <span class="o">&amp;</span><span class="n">wrapping</span><span class="o">.</span><span class="n">KeyInfo</span><span class="p">{</span> <span class="n">Mechanism</span><span class="o">:</span> <span class="n">AWSKMSEnvelopeAESGCMEncrypt</span><span class="p">,</span> <span class="c">// Even though we do not use the key id during decryption, store it</span> <span class="c">// to know exactly the specific key used in encryption in case we</span> <span class="c">// want to rewrap older entries</span> <span class="n">KeyID</span><span class="o">:</span> <span class="n">keyID</span><span class="p">,</span> <span class="n">WrappedKey</span><span class="o">:</span> <span class="n">output</span><span class="o">.</span><span class="n">CiphertextBlob</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="k">return</span> <span class="n">ret</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>This function do 3 main things</p> <ul> <li>Encrypt <code>plaintext</code> with a (generated randomly) Data Encryption Key (DEK)</li> <li>Encrypt above DEK key with KMS</li> <li>Put everything into a <code>wrapping.EncryptedBlobInfo</code> for storage &amp; decryption later</li> </ul> <p>2 later steps are straightforward when we look at the source. The encryption step is <a href="https://github.com/hashicorp/go-kms-wrapping/blob/v0.6.0/envelope.go#L18">passed into another function</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">e</span> <span class="o">*</span><span class="n">Envelope</span><span class="p">)</span> <span class="n">Encrypt</span><span class="p">(</span><span class="n">plaintext</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">,</span> <span class="n">aad</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">EnvelopeInfo</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="c">// Generate DEK</span> <span class="n">key</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">GenerateRandomBytes</span><span class="p">(</span><span class="m">32</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">iv</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">uuid</span><span class="o">.</span><span class="n">GenerateRandomBytes</span><span class="p">(</span><span class="m">12</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="n">aead</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">e</span><span class="o">.</span><span class="n">aeadEncrypter</span><span class="p">(</span><span class="n">key</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">EnvelopeInfo</span><span class="p">{</span> <span class="n">Ciphertext</span><span class="o">:</span> <span class="n">aead</span><span class="o">.</span><span class="n">Seal</span><span class="p">(</span><span class="no">nil</span><span class="p">,</span> <span class="n">iv</span><span class="p">,</span> <span class="n">plaintext</span><span class="p">,</span> <span class="n">aad</span><span class="p">),</span> <span class="n">Key</span><span class="o">:</span> <span class="n">key</span><span class="p">,</span> <span class="n">IV</span><span class="o">:</span> <span class="n">iv</span><span class="p">,</span> <span class="p">},</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>This function will:</p> <ul> <li>Generate random DEK for encryption</li> <li>Generate random nonce (Initalization Vector) for block cipher (eas in this case)</li> <li>Encrypt <code>plaintext</code> with the key</li> </ul> <p>So now we have all the things needed to put it into persistent storage. Head up to the next.</p> <h2> Serialize encrypted data into binary re-presentation </h2> <p>Vault store data in the protobuf binary format. To make it work, we need to have a <code>.proto</code> file that specify structural messages, the we use <code>protoc</code> to compile that file to the programming language structures/helper functions. Those code will help in serialize/deserialize between language object and binary data. <a href="https://github.com/hashicorp/go-kms-wrapping/blob/v0.6.0/github.com.hashicorp.go.kms.wrapping.types.pb.go">We will look at the compiled version for Go</a><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// EncryptedBlobInfo contains information about the encrypted value along with</span> <span class="c">// information about the key used to encrypt it</span> <span class="k">type</span> <span class="n">EncryptedBlobInfo</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">state</span> <span class="n">protoimpl</span><span class="o">.</span><span class="n">MessageState</span> <span class="n">sizeCache</span> <span class="n">protoimpl</span><span class="o">.</span><span class="n">SizeCache</span> <span class="n">unknownFields</span> <span class="n">protoimpl</span><span class="o">.</span><span class="n">UnknownFields</span> <span class="c">// Ciphertext is the encrypted bytes</span> <span class="n">Ciphertext</span> <span class="p">[]</span><span class="kt">byte</span> <span class="s">`protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`</span> <span class="c">// IV is the initialization value used during encryption</span> <span class="n">Iv</span> <span class="p">[]</span><span class="kt">byte</span> <span class="s">`protobuf:"bytes,2,opt,name=iv,proto3" json:"iv,omitempty"`</span> <span class="c">// HMAC is the bytes of the HMAC, if any</span> <span class="n">Hmac</span> <span class="p">[]</span><span class="kt">byte</span> <span class="s">`protobuf:"bytes,3,opt,name=hmac,proto3" json:"hmac,omitempty"`</span> <span class="c">// Wrapped can be used by the client to indicate whether Ciphertext</span> <span class="c">// actually contains wrapped data or not. This can be useful if you want to</span> <span class="c">// reuse the same struct to pass data along before and after wrapping.</span> <span class="n">Wrapped</span> <span class="kt">bool</span> <span class="s">`protobuf:"varint,4,opt,name=wrapped,proto3" json:"wrapped,omitempty"`</span> <span class="c">// KeyInfo contains information about the key that was used to create this value</span> <span class="n">KeyInfo</span> <span class="o">*</span><span class="n">KeyInfo</span> <span class="s">`protobuf:"bytes,5,opt,name=key_info,json=keyInfo,proto3" json:"key_info,omitempty"`</span> <span class="c">// ValuePath can be used by the client to store information about where the</span> <span class="c">// value came from</span> <span class="n">ValuePath</span> <span class="kt">string</span> <span class="s">`protobuf:"bytes,6,opt,name=ValuePath,proto3" json:"ValuePath,omitempty"`</span> <span class="p">}</span> <span class="c">// KeyInfo contains information regarding which Wrapper key was used to</span> <span class="c">// encrypt the entry</span> <span class="k">type</span> <span class="n">KeyInfo</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">state</span> <span class="n">protoimpl</span><span class="o">.</span><span class="n">MessageState</span> <span class="n">sizeCache</span> <span class="n">protoimpl</span><span class="o">.</span><span class="n">SizeCache</span> <span class="n">unknownFields</span> <span class="n">protoimpl</span><span class="o">.</span><span class="n">UnknownFields</span> <span class="c">// Mechanism is the method used by the wrapper to encrypt and sign the</span> <span class="c">// data as defined by the wrapper.</span> <span class="n">Mechanism</span> <span class="kt">uint64</span> <span class="s">`protobuf:"varint,1,opt,name=Mechanism,proto3" json:"Mechanism,omitempty"`</span> <span class="n">HMACMechanism</span> <span class="kt">uint64</span> <span class="s">`protobuf:"varint,2,opt,name=HMACMechanism,proto3" json:"HMACMechanism,omitempty"`</span> <span class="c">// This is an opaque ID used by the wrapper to identify the specific key to</span> <span class="c">// use as defined by the wrapper. This could be a version, key label, or</span> <span class="c">// something else.</span> <span class="n">KeyID</span> <span class="kt">string</span> <span class="s">`protobuf:"bytes,3,opt,name=KeyID,proto3" json:"KeyID,omitempty"`</span> <span class="n">HMACKeyID</span> <span class="kt">string</span> <span class="s">`protobuf:"bytes,4,opt,name=HMACKeyID,proto3" json:"HMACKeyID,omitempty"`</span> <span class="c">// These value are used when generating our own data encryption keys</span> <span class="c">// and encrypting them using the wrapper</span> <span class="n">WrappedKey</span> <span class="p">[]</span><span class="kt">byte</span> <span class="s">`protobuf:"bytes,5,opt,name=WrappedKey,proto3" json:"WrappedKey,omitempty"`</span> <span class="c">// Mechanism specific flags</span> <span class="n">Flags</span> <span class="kt">uint64</span> <span class="s">`protobuf:"varint,6,opt,name=Flags,proto3" json:"Flags,omitempty"`</span> <span class="p">}</span> </code></pre> </div> <p>After encrypt, we should have encrypted key in form of <br> <code>wrapping.EncryptedBlobInfo</code>, we should take care about fields</p> <p><strong>EncryptedBlobInfo.Ciphertext</strong> : Contain encrypted recovery key value<br> <strong>EncryptedBlobInfo.KeyInfo</strong>: Contain information about DEK key</p> <p><strong>EncryptedBlobInfo.KeyInfo.KeyID</strong>: (KMS) Key ID used to encrypte DEK<br> <strong>EncryptedBlobInfo.KeyInfo.WrappedKey</strong>: The encrypted value of DEK</p> <p>Understand those above fields could help us on decryption process later. For those using different languages, <a href="https://github.com/hashicorp/go-kms-wrapping/blob/v0.6.0/github.com.hashicorp.go.kms.wrapping.types.proto">you could down load the definition</a> and adjust base on your languages</p> <h2> Write binary data into storage backend </h2> <p>After above steps, we're ready to store the encrypted recovery key into our backend of choice <a href="https://github.com/hashicorp/vault/blob/sdk/v0.1.13/sdk/physical/physical.go#L38">by <code>d.core.physical.Put(ctx, be)</code></a></p> <p>Again, this is an interface that will specific to the backend storage implementation. I will use <a href="https://github.com/hashicorp/vault/blob/sdk/v0.1.13/physical/consul/consul.go#L438"><code>consul</code> for the explanation</a>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Put is used to insert or update an entry</span> <span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">ConsulBackend</span><span class="p">)</span> <span class="n">Put</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">entry</span> <span class="o">*</span><span class="n">physical</span><span class="o">.</span><span class="n">Entry</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">metrics</span><span class="o">.</span><span class="n">MeasureSince</span><span class="p">([]</span><span class="kt">string</span><span class="p">{</span><span class="s">"consul"</span><span class="p">,</span> <span class="s">"put"</span><span class="p">},</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">())</span> <span class="n">c</span><span class="o">.</span><span class="n">permitPool</span><span class="o">.</span><span class="n">Acquire</span><span class="p">()</span> <span class="k">defer</span> <span class="n">c</span><span class="o">.</span><span class="n">permitPool</span><span class="o">.</span><span class="n">Release</span><span class="p">()</span> <span class="n">pair</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">api</span><span class="o">.</span><span class="n">KVPair</span><span class="p">{</span> <span class="n">Key</span><span class="o">:</span> <span class="n">c</span><span class="o">.</span><span class="n">path</span> <span class="o">+</span> <span class="n">entry</span><span class="o">.</span><span class="n">Key</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">entry</span><span class="o">.</span><span class="n">Value</span><span class="p">,</span> <span class="p">}</span> <span class="n">writeOpts</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">api</span><span class="o">.</span><span class="n">WriteOptions</span><span class="p">{}</span> <span class="n">writeOpts</span> <span class="o">=</span> <span class="n">writeOpts</span><span class="o">.</span><span class="n">WithContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">c</span><span class="o">.</span><span class="n">kv</span><span class="o">.</span><span class="n">Put</span><span class="p">(</span><span class="n">pair</span><span class="p">,</span> <span class="n">writeOpts</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">if</span> <span class="n">strings</span><span class="o">.</span><span class="n">Contains</span><span class="p">(</span><span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">(),</span> <span class="s">"Value exceeds"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="n">errwrap</span><span class="o">.</span><span class="n">Wrapf</span><span class="p">(</span><span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%s: {{err}}"</span><span class="p">,</span> <span class="n">physical</span><span class="o">.</span><span class="n">ErrValueTooLarge</span><span class="p">),</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>The function just do 1 thing is write the key/value pair into consul system using Consul KV API Client.</p> <h3> Closing </h3> <p>For the above knowledge, I wanted to see if we could do the reverse process to get the recovery key from the storage object on my own. <a href="//github.com/cucxabong/hashicorp-vault-utils">So I write a small program to do it</a>. It now support AWS KMS and Consul backend only. Any contribution is always be welcomed</p> devops linux opensource go