Back to bug 1386303
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Matthew Harmsen | 2016-10-18 15:32:10 UTC | CC | alee, cfu, cheimes, edewata, ftweedal, jmagne, mharmsen, nkinder | |
| Matthew Harmsen | 2016-10-18 22:14:43 UTC | Target Release | --- | 7.4 |
| Ann Marie Rubin | 2017-05-01 18:52:09 UTC | CC | arubin | |
| Ade Lee | 2017-05-06 14:11:29 UTC | Status | NEW | MODIFIED |
| Matthew Harmsen | 2017-05-08 15:56:50 UTC | Status | MODIFIED | POST |
| Matthew Harmsen | 2017-05-09 17:15:33 UTC | Assignee | rhcs-maint | alee |
| Matthew Harmsen | 2017-05-10 02:36:26 UTC | Status | POST | MODIFIED |
| Fixed In Version | pki-core-10.4.1-4.el7 | |||
| errata-xmlrpc | 2017-05-10 02:39:24 UTC | Status | MODIFIED | ON_QA |
| Sumedh Sidhaye | 2017-05-16 09:05:50 UTC | Status | ON_QA | VERIFIED |
| CC | ssidhaye | |||
| Ade Lee | 2017-07-19 19:55:03 UTC | Doc Text | Cause: When asymmetric keys were generated on an HSM in the new Asymmetric Key Generation REST service on the KRA, the wrong flags were used, making the generated keys unextractable. Consequence: Barbican users were unable to retrieve generated private keys if those keys had been generated on an HSM. They were able to retrieve the keys without any issue from an NSS token. Fix: We fixed the generation code to use the correct flags as required for each HSM (Lunasa and Thales). Result: Private keys generated on an HSM are now extractable. | |
| Doc Type | If docs needed, set a value | Bug Fix | ||
| Ann Marie Rubin | 2017-07-19 19:57:11 UTC | CC | arubin | |
| Marc Muehlfeld | 2017-07-25 08:38:13 UTC | Docs Contact | mmuehlfe | |
| Doc Text | Cause: When asymmetric keys were generated on an HSM in the new Asymmetric Key Generation REST service on the KRA, the wrong flags were used, making the generated keys unextractable. Consequence: Barbican users were unable to retrieve generated private keys if those keys had been generated on an HSM. They were able to retrieve the keys without any issue from an NSS token. Fix: We fixed the generation code to use the correct flags as required for each HSM (Lunasa and Thales). Result: Private keys generated on an HSM are now extractable. | Extracting private keys generated on an HSM no longer fails Previously, when generating asymmetric keys on a Lunasa or Thales hardware security module (HSM) using the new Asymmetric Key Generation REST service on the key recovery agent (KRA), PKI Server set incorrect flags. As a consequence, users were unable to retrieve the generated private keys. The code has been updated to set the correct flags for keys generated on these HSMs. As a result, users can now retrieve private keys in the mentioned scenario. | ||
| Flags | needinfo?(alee) | |||
| Ade Lee | 2017-07-26 15:59:52 UTC | Flags | needinfo?(alee) | |
| errata-xmlrpc | 2017-08-01 22:48:25 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-08-01 18:48:25 UTC | |||
| Dinesh Prasanth | 2020-10-04 21:18:12 UTC | Link ID | Github dogtagpki/pki/issues/2642 |
Back to bug 1386303