Bug 489011

Summary: Fix issues with key changeover and the Safenet 330J card
Product: [Retired] Dogtag Certificate System Reporter: Jack Magne <jmagne>
Component: TPSAssignee: Jack Magne <jmagne>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: urgent    
Version: 1.0CC: aakkiang, alee, benl, cfu, jmagne
Target Milestone: ---Keywords: TechPreview
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Technology Preview
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-22 23:32:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788    
Attachments:
Description Flags
Changes to allow key changeover to work with the 330J.
none
Spec files for changes. none

Description Jack Magne 2009-03-06 18:05:52 UTC 
Description of problem:


For the case of changing over the keyset away from the default keyset to something different there is some code present that is still hard coded for the Gemalto cards. Locally this has been made to work with a few minor changes.
Comment 1 Jack Magne 2009-03-12 00:53:17 UTC 
Created attachment 334878 [details]
Changes to allow key changeover to work with the 330J.
Comment 2 Jack Magne 2009-03-12 18:25:12 UTC 
Created attachment 334984 [details]
Spec files for changes.
Comment 3 Jack Magne 2009-03-12 18:31:55 UTC 
In order to put a key that has been changed over back to the developer keyset, the following setting in the TPS's CS.cfg is made as detailed in the current documentation:

op.operation_type.userKey.update.symmetricKeys.requiredVersion=1
Comment 4 Christina Fu 2009-03-13 22:34:26 UTC 
(In reply to comment #1)
> Created an attachment (id=334878) [details]
> Changes to allow key changeover to work with the 330J.  

cfu+
Comment 5 Jack Magne 2009-03-17 01:05:53 UTC 
svn commit -m "Fix for Bug#489011, 330J key changeover support."
Sending        base/symkey/src/com/netscape/symkey/SymKey.cpp
Sending        base/tps/src/channel/Secure_Channel.cpp
Sending        dogtag/symkey/symkey.spec
Sending        dogtag/tps/pki-tps.spec
Transmitting file data ....
Committed revision 299.
Comment 6 Asha Akkiangady 2009-06-10 17:05:20 UTC 
Verified.
On Safenet 330 J card tested key change over to a new keyset from the default keyset and back to the developer keyset, works fine.