Bug 2196889 - Implement ServerSide KeyGen Password Complexity Checks for pkcs12
Summary: Implement ServerSide KeyGen Password Complexity Checks for pkcs12
Keywords:
Status: NEW
Alias: None
Product: Red Hat Certificate System
Classification: Red Hat
Component: pki-core
Version: 11.1
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
: ---
Assignee: RHCS Maintainers
QA Contact: idm-cs-qe-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-05-10 16:53 UTC by Chris Zinda
Modified: 2023-05-14 23:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Chris Zinda 2023-05-10 16:53:14 UTC 
Description of problem:
Currently, the Red Hat SSKG via the serverKeygenInputImpl and the pkcs12OutputImpl allow for any password to be used for the generated p12 files.  Would like the ability to have a configurable option to force/enforce password complexity requirements for a user-provided password, or the ability to have a strong password generated and provided to the user upon submission to improve the security of the p12s with strong passwords.


Version-Release number of selected component (if applicable):
RHEL 8.x

How reproducible:
Very

Steps to Reproduce:
1. Configure SSKG - https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/planning_installation_and_deployment_guide/configuration_for_server-side_keygen
2. Test with a password of 1234

Actual results:
Allows pkcs12 to be created with weakened password

Expected results:
Desire a check for password comlpexity

Additional info:
Comment 1 Ding-Yi Chen 2023-05-14 23:48:32 UTC 
The bug is related to RHCS, thus product is set to Red Hat Certificate System
Note You need to log in before you can comment on or make changes to this bug.