Bug 1458047
Summary: | change the way aes clients refer to aes keysets | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Matthew Harmsen <mharmsen> |
Component: | pki-core | Assignee: | Ade Lee <alee> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.4 | CC: | lmiksik, pbokoc, rpattath |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.4.1-9.el7 | Doc Type: | No Doc Update |
Doc Text: |
Feature:
This BZ tracks some changes on the client side for the AES feature in https://bugzilla.redhat.com/show_bug.cgi?id=1445535
Reason: See https://bugzilla.redhat.com/show_bug.cgi?id=1445535
Result: See https://bugzilla.redhat.com/show_bug.cgi?id=1445535 and the AES feature design page.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 22:52:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Matthew Harmsen
2017-06-01 21:02:44 UTC
Fixed in master: commit d5c331a42955365b76a1549aec047e613d3185dc Author: Ade Lee <alee> Date: Tue Jun 6 16:16:40 2017 -0400 Server side changes to correctly parse the new PKIArchiveOptions The server is modified to read the new OIDs in the PKIArchiveOptions and handle them correctly. Change-Id: I328df4d6588b3c2c26a387ab2e9ed742d36824d4 commit 38df4274214938ceece85627abb6d4fe77b960ff Author: Ade Lee <alee> Date: Fri May 26 13:06:18 2017 -0400 Refactor client to not use keysets It is simpler to simply tell the client which algorithm to use for key wrapping and encryption, rather than use key sets. Therefore: * KRAInfo and CAInfo are refactored to provide the algorithms required for key wrapping and encryption. * Client is modified to use these parameters to determine which algorithms to use. * We specify the OIDs that will be used in the PKIARchiveOptions more correctly. The options are basically: AES-128-CBC, DES3-CBC, AES KeyWrap/Pad Change-Id: Ic3fca902bbc45f7f72bcd4676c994f8a89c3a409 [root@nocp1 ~]# rpm -q pki-kra pki-kra-10.4.1-10.el7.noarch [root@nocp1 ~]# rpm -qi pki-kra Name : pki-kra Version : 10.4.1 Release : 10.el7 Architecture: noarch Install Date: Wed 21 Jun 2017 11:00:26 AM EDT Group : System Environment/Daemons Size : 562173 License : GPLv2 Signature : (none) Source RPM : pki-core-10.4.1-10.el7.src.rpm Build Date : Tue 20 Jun 2017 01:23:22 AM EDT Build Host : ppc-046.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://pki.fedoraproject.org/ Summary : Certificate System - Key Recovery Authority Key archival and recovery worked as expected wusing SCP03 V6(DES3) and V7(AES) tokens. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2110 |