796942 – Automate shared secret agreement procedure with TKS

Bug 796942 - Automate shared secret agreement procedure with TKS

Summary: Automate shared secret agreement procedure with TKS

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	Dogtag Certificate System
Classification:	Retired
Component:	TPS
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Christina Fu
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	530474
TreeView+	depends on / blocked

Reported:	2012-02-23 22:06 UTC by Jack Magne
Modified:	2020-03-27 18:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-27 18:35:07 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jack Magne 2012-02-23 22:06:08 UTC

Description of problem:


Currently for FIPS considurations the TPS and TKS setup procedures require a manual step of creating a shared secret sym key that protects messages passing between TPS and TKS. It allows other keys to be wrapped and unwrapped in a secure fashion instead of passing raw key bytes over the wire.


The procedure is currently a manual process aided by the TKSTool utility we already ship.

Ideally, this whole thing could be automated in the TPS wizard. Possibly some TKS work will need to be done as well.

Comment 1 Nathan Kinder 2012-12-11 16:47:55 UTC

Upstream ticket:
https://fedorahosted.org/pki/ticket/455

Note You need to log in before you can comment on or make changes to this bug.