Bug 459538
Summary: | TKS support for Safenet 330J card | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Jack Magne <jmagne> | ||||||
Component: | TKS | Assignee: | Jack Magne <jmagne> | ||||||
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | 1.0 | CC: | aakkiang, benl, bob.lord, cfu | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2009-07-22 23:29:36 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | |||||||||
Bug Blocks: | 443788 | ||||||||
Attachments: |
|
Description
Jack Magne
2008-08-19 20:45:57 UTC
The fix turned out to be related to the parameters to the InitializeUpdate command. The gemalto token likes the values of 1 and 1 for keyset version and keyset index. The safenet works with 0 and 0 for these values. When the symkey component gets around to computing a session key for a secure channel, it is given the output of InitializeUpdate. For the case of using the developer keyset, we have some code hard coded for gemalto, thus not allowing other keys to use the developer keyset. The following attachment will address this shortcoming. Created attachment 329065 [details]
Patch to allow the safenet token to create secure channel.
CFU, please review 329065. Created attachment 329768 [details]
Spec file for change.
(In reply to comment #4) > Created an attachment (id=329768) [details] > Spec file for change. +cfu might want to test key upgrade case at some point. Sending symkey/EncryptData.cpp Sending symkey/SessionKey.cpp Transmitting file data .. Committed revision 184. Sending symkey/symkey.spec Transmitting file data . Committed revision 185. Verified. Enrollment/format operation with Safenet 330J card works on windows (XP and Vista) and RHEL 5 platforms. Key change over from developer key to a new key and back to the developer key works fine. |