Bug 796942

Summary: Automate shared secret agreement procedure with TKS
Product: [Retired] Dogtag Certificate System Reporter: Jack Magne <jmagne>
Component: TPSAssignee: Christina Fu <cfu>
Status: CLOSED EOL QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 9.0CC: alee, jmagne, nkinder
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-27 18:35:07 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 530474    

Description Jack Magne 2012-02-23 22:06:08 UTC 
Description of problem:


Currently for FIPS considurations the TPS and TKS setup procedures require a manual step of creating a shared secret sym key that protects messages passing between TPS and TKS. It allows other keys to be wrapped and unwrapped in a secure fashion instead of passing raw key bytes over the wire.


The procedure is currently a manual process aided by the TKSTool utility we already ship.

Ideally, this whole thing could be automated in the TPS wizard. Possibly some TKS work will need to be done as well.
Comment 1 Nathan Kinder 2012-12-11 16:47:55 UTC 
Upstream ticket:
https://fedorahosted.org/pki/ticket/455