other than the extra method that needs to be removed as we discussed, it looks fine.
conditional ACK on the removal of the method.

Christina

On 08/07/2014 07:53 PM, John Magne wrote:
[PATCH] Implement enrollment with server side keygen.

This patch implements server side keygen when so configured in the CS.cfg.

1. In this case, the encryption cert's private key is generated on the KRA and archived by the KRA.
2. The private key is then injected onto the token.
3. This will allow us to later implement certificate and key recovery.
4. Fixed some minor issues discovered with the code that interfaces with the TKS and DRM.
5. Final certificate tested to work with Relyea's "SmartCard" utility to perform legal crypto operations.



_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel