Awesome examples!Please review the patch with changes suggested by Matt. Added the examples section to explain the usage of agent authentication and a section to explain the details of the parameters used in the templates(asked b mrniranjan) on IRC. -- Abhishek On Fri, 2014-05-30 at 20:46 -0700, Matthew Harmsen wrote:On 05/30/14 13:13, Abhishek Koneru wrote:Please review the patch which updates the man pages for the pki key CLI commands. --Abhishek _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-develAbhishek, What is there, is fine. However, the man page as is, is not very useful since it presumes a great deal of knowledge! I would strongly urge you to provide an EXAMPLES section utilizing sample agent authentication. For example, at the very least, please provide the most basic scenario of showing exactly what one would specify in a default installation of a CA and KRA to simply perform a "key-find" and a "key-show" using client certification. I would also suggest that you add your name to the list of Authors of this man page. -- Matt
Currently, there are no command options to archive a symmetric key.
A symmetric key can be archived using the "archiveKey" request template.
To archive a secret using the request template stored in a file:
pki <agent authentication> key-archive --input <path to the template file>
pki -d <CERT_DB_DIR_PATH> -c <CERT_DB_PWD> -n <Certificate_Nickname> key-generate--clientKeyIDvek123456 --key-algorithm DES3 --usages encrypt,decrypt
pki key-template-show archiveKey --output-file <File_Path_to_store_the_template>
-- dataType - Type of the data to be stored which can be symmetricKey/passphrase/asymmetricKey.
-- pkiArchiveOptions - An object of type PKIArchiveOptions provided by the NSS/JSS library to securely transport a secret encoded in Base64 format.
pki key-template-show retrieveKey --output-file <File_Path_to_store_the_template>
-- sessionWrappedpassphrase - Base64 encoded string of - Passphrase encrypted with a session key.
ALSO:
The order inside of the downloaded template (e. g. - nonceData) differs from the description -- make the order identical.
The downloaded template contains a typo of 'recoring' which should be 'recovering'.
pki key-template-show generateKey --output-file <File_Path_to_store_the_template>
To create a key generation request using the template file:
NOTE: When using the "key-generate" command, it did not recognize the "--input" option, and would therefore fail to utilize the specified template. If this is a bug, please file a new PKI TRAC Ticket.