Bug 1490241

Summary: PKCS12: upgrade to at least AES and SHA2 (FIPS) [rhel-7.4.z]
Product: Red Hat Enterprise Linux 7 Reporter: Oneata Mircea Teodor <toneata>
Component: pki-coreAssignee: Fraser Tweedale <ftweedal>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: urgent Docs Contact: Petr Bokoc <pbokoc>
Priority: urgent    
Version: 7.4CC: akahat, alee, arubin, cfu, cheimes, edewata, ftweedal, jmagne, mharmsen, msauton, nkinder, pbokoc, rpattath
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: pki-core-10.4.1-14.el7_4 Doc Type: Enhancement
Doc Text:
This update introduces AES encryption during KRA PKCS #12 recovery of encrypted keys.
 Story Points: ---
Clone Of: 1446786 Environment:
Last Closed: 2017-11-30 15:32:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1446786, 1490487, 1490489    
Bug Blocks:    

Description Oneata Mircea Teodor 2017-09-11 06:53:33 UTC 
This bug has been copied from bug #1446786 and has been proposed to be backported to 7.4 z-stream (EUS).
Comment 3 Amol K 2017-09-18 11:54:09 UTC 
Hi Fraser,

I'm unable to identify the what exactly need to be tested. 

I've seen bz 1490487, should i follow same steps which provided by Roshni?
Comment 4 Fraser Tweedale 2017-09-19 07:08:13 UTC 
Amol, please follow the steps outlined at https://bugzilla.redhat.com/show_bug.cgi?id=1490494#c5.
Comment 5 Fraser Tweedale 2017-09-22 01:01:24 UTC 
Amol, one more thing: I forgot to mention one important config for the KRA's CS.cfg.  You need to set:

    kra.legacyPKCS12=false
Comment 6 Fraser Tweedale 2017-09-22 06:57:17 UTC 
Add doc text.
Comment 7 Roshni 2017-10-06 20:36:19 UTC 
Refer https://bugzilla.redhat.com/show_bug.cgi?id=1490494#c23 for verification steps.
Comment 10 errata-xmlrpc 2017-11-30 15:32:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3301