9:53 p.m.
[PATCH] Implement enrollment with server side keygen.
This patch implements server side keygen when so configured in the CS.cfg.
1. In this case, the encryption cert's private key is generated on the KRA and
archived by the KRA.
2. The private key is then injected onto the token.
3. This will allow us to later implement certificate and key recovery.
4. Fixed some minor issues discovered with the code that interfaces with the TKS and DRM.
5. Final certificate tested to work with Relyea's "SmartCard" utility to
perform legal crypto operations.
7:05 p.m.
other than the extra method that needs to be removed as we discussed, it
looks fine.
conditional ACK on the removal of the method.
Christina
On 08/07/2014 07:53 PM, John Magne wrote:
[PATCH] Implement enrollment with server side keygen.
This patch implements server side keygen when so configured in the CS.cfg.
1. In this case, the encryption cert's private key is generated on the KRA and
archived by the KRA.
2. The private key is then injected onto the token.
3. This will allow us to later implement certificate and key recovery.
4. Fixed some minor issues discovered with the code that interfaces with the TKS and
DRM.
5. Final certificate tested to work with Relyea's "SmartCard" utility to
perform legal crypto operations.
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
7:12 p.m.
New subject: [pki-devel][PATCH] 0018-Implement-enrollment-with-server-side-keygen.patch
ACKED by cfu,
Pushed to master after conditional changes.
Closing ticket #886.
----- Original Message -----
From: "Christina Fu" <cfu(a)redhat.com>
To: pki-devel(a)redhat.com
Sent: Friday, August 8, 2014 5:05:13 PM
Subject: Re: [Pki-devel]
[pki-devel][PATCH] 0018-Implement-enrollment-with-server-side-keygen.patch
other than the extra method that needs to be removed as we discussed, it
looks fine.
conditional ACK on the removal of the method.
Christina
On 08/07/2014 07:53 PM, John Magne wrote:
[PATCH] Implement enrollment with server side keygen.
This patch implements server side keygen when so configured in the CS.cfg.
1. In this case, the encryption cert's private key is generated on the KRA
and archived by the KRA.
2. The private key is then injected onto the token.
3. This will allow us to later implement certificate and key recovery.
4. Fixed some minor issues discovered with the code that interfaces with the
TKS and DRM.
5. Final certificate tested to work with Relyea's "SmartCard" utility to
perform legal crypto operations.
_______________________________________________
Pki-devel mailing list Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
3820
days inactive
3821
days old
2 comments
2 participants
participants (2)
-
Christina Fu -
John Magne