10:42 a.m.
Please review the following patches for *Bug 744207*
<https://bugzilla.redhat.com/show_bug.cgi?id=744207> -Key archival fails
when KRA is configured with lunasa:
JSS:
https://bugzilla.redhat.com/attachment.cgi?id=581108&action=diff&...
DRM/KRA:
https://bugzilla.redhat.com/attachment.cgi?id=581109&action=diff&...
The JSS patch alone allows key archival (both RSA and ECC) to work with
lunasa token
where the lunasa token has to be KE-capable. Work done specifically on
the following model:
Model: Luna SA v5 w/ PED auth and CKE
Part No: 908-000093-001
The DRM/KRA patch are just some debugging to make recovery debugging
easier with an addition of non-static salt.
The recovery is not working currently, failing with wrapping operation
during PBE creation:
*Bug 817423* <https://bugzilla.redhat.com/show_bug.cgi?id=817423> -Key
recovery fails when KRA is configured with lunasa
which will be fixed at a later time.
To test these patches for key archival on the said model of lunasa, one
must turn on the prototype mode for recovery.
thanks,
Christina
5:11 p.m.
ACK
Patches address wrapping on Luna and improve error handling and logging.
----- Original Message -----
From: "Christina Fu" <cfu(a)redhat.com>
To: pki-devel(a)redhat.com
Sent: Tuesday, May 1, 2012 8:42:47 AM
Subject: [Pki-devel] patches for review - Bug 744207 - Key archival fails when KRA is
configured with lunasa
Please review the following patches for Bug 744207 - Key archival fails when KRA is
configured with lunasa:
JSS:
https://bugzilla.redhat.com/attachment.cgi?id=581108&action=diff&...
DRM/KRA:
https://bugzilla.redhat.com/attachment.cgi?id=581109&action=diff&...
The JSS patch alone allows key archival (both RSA and ECC) to work with lunasa token
where the lunasa token has to be KE-capable. Work done specifically on the following
model:
Model: Luna SA v5 w/ PED auth and CKE
Part No: 908-000093-001
The DRM/KRA patch are just some debugging to make recovery debugging easier with an
addition of non-static salt.
The recovery is not working currently, failing with wrapping operation during PBE
creation:
Bug 817423 - Key recovery fails when KRA is configured with lunasa
which will be fixed at a later time.
To test these patches for key archival on the said model of lunasa, one must turn on the
prototype mode for recovery.
thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
7:51 p.m.
New subject: patch pushed - Re: patches for review - Bug 744207 - Key archival fails when KRA is configured with lunasa
patch pushed to
DOGTAG_9_BRANCH
kra]$ git push
Counting objects: 17, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (7/7), done.
Writing objects: 100% (9/9), 976 bytes, done.
Total 9 (delta 5), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/pki.git
98fed48..f103db3 DOGTAG_9_BRANCH -> DOGTAG_9_BRANCH
JSS is to be in next build
On 05/01/2012 03:11 PM, John Magne wrote:
ACK
Patches address wrapping on Luna and improve error handling and logging.
----- Original Message -----
From: "Christina Fu"<cfu(a)redhat.com>
To: pki-devel(a)redhat.com
Sent: Tuesday, May 1, 2012 8:42:47 AM
Subject: [Pki-devel] patches for review - Bug 744207 - Key archival fails when KRA is
configured with lunasa
Please review the following patches for Bug 744207 - Key archival fails when KRA is
configured with lunasa:
JSS:
https://bugzilla.redhat.com/attachment.cgi?id=581108&action=diff&...
DRM/KRA:
https://bugzilla.redhat.com/attachment.cgi?id=581109&action=diff&...
The JSS patch alone allows key archival (both RSA and ECC) to work with lunasa token
where the lunasa token has to be KE-capable. Work done specifically on the following
model:
Model: Luna SA v5 w/ PED auth and CKE
Part No: 908-000093-001
The DRM/KRA patch are just some debugging to make recovery debugging easier with an
addition of non-static salt.
The recovery is not working currently, failing with wrapping operation during PBE
creation:
Bug 817423 - Key recovery fails when KRA is configured with lunasa
which will be fixed at a later time.
To test these patches for key archival on the said model of lunasa, one must turn on the
prototype mode for recovery.
thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
4648
days inactive
4650
days old
2 comments
2 participants
participants (2)
-
Christina Fu -
John Magne