Hi all,
This is in support of
Ticket https://fedorahosted.org/pki/ticket/2532
This is preliminary set of patches - just so you can see what I'm doing
in case I need to change anything.
Note: With the changes, you can archive a secret like this:
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
`hostname` -p 8443 key-archive --passphrase "ooga booga" --clientKeyID
"test_1"
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
`hostname` -p 8443 key-archive --passphrase "ooga booga" --clientKeyID
"test_2" --express
The first invocation will archive a secret and create an archival
request in LDAP. The second will create one only in memory - and will
not store it in LDAP.
You can of course, see the requests created using -
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
`hostname` -p 8443 key-request-find
For retrieving the secret, you can do either:
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
aleeredhat.laptop -p 8443 key-retrieve --keyID 0x5
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
aleeredhat.laptop -p 8443 key-retrieve --keyID 0x5 --express
The first will retrieve the secret while creating a retrieval request.
The second will create a retrieval request only in memory, and will not
write it to LDAP.
In both cases, there should be audit logs both for retrieval and
archival.
Thanks,
Ade