Alauda Container Platform

Pubkey [v1]

/auth/v1/pubkey

get Get public key

Parameters

  • Authorization (in header): string

    Given Bearer token will use this as authorization for the API

Response

PasswordPublicKeyResponse

  • pubkey: string
  • pubkey_encode: string
  • ts: string

TOC

API usageRequest exampleResponse fieldsEncryption workflowEnd-to-end exampleUse encrypted value in later requests

API usage

Use this API to get the RSA public key and timestamp used for encrypting password parameters.

Request example

GET /auth/v1/pubkey

Response fields

FieldTypeDescription
tsstringExpiration timestamp used in encryption payloads.
pubkeystringPEM-format RSA public key.
pubkey_encodestringBase64-encoded bytes of the same public key content.

Encryption workflow

  1. Call /auth/v1/pubkey to get ts and pubkey.
  2. Build a JSON payload with your plaintext password: {"ts":"<ts>","password":"<plain password>"}.
  3. Encrypt the payload with the returned public key using RSA PKCS#1 v1.5.
  4. Base64-encode the encrypted bytes.
  5. Use the Base64 result as the value of password fields (for example password or old_password) in subsequent requests.

End-to-end example

# 1) Get pubkey and timestamp
curl -s -H "Authorization: Bearer ${TOKEN}" \
  "${APISERVER}/auth/v1/pubkey" > /tmp/pubkey.json

# 2) Extract fields
TS=$(jq -r '.ts' /tmp/pubkey.json)
jq -r '.pubkey' /tmp/pubkey.json > /tmp/password_pubkey.pem

# 3) Build plaintext JSON payload
printf '{"ts":"%s","password":"%s"}' "${TS}" "${PLAIN_PASSWORD}" > /tmp/password_payload.json

# 4) Encrypt with RSA PKCS#1 v1.5, then Base64 encode
ENC_PASSWORD=$(openssl pkeyutl \
  -encrypt \
  -pubin \
  -inkey /tmp/password_pubkey.pem \
  -in /tmp/password_payload.json \
  -pkeyopt rsa_padding_mode:pkcs1 | base64 | tr -d '\n')

echo "${ENC_PASSWORD}"

Use encrypted value in later requests

{
  "password": "<base64 encrypted value>"
}

If ts is expired, request /auth/v1/pubkey again and regenerate encrypted parameters.