diff options
| author | Ade Lee <alee@redhat.com> | 2014-02-24 11:33:38 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2014-02-26 01:18:41 -0500 |
| commit | 4488bb70e2b762d5282fcf88f1c4a349300dd6ea (patch) | |
| tree | 67be2f71c237eecb625cba73b0ae7fb2aaf97c27 /base/common/python/pki/key.py | |
| parent | ee472461f594706b40cedb39e55f167a034c13ee (diff) | |
| download | pki-4488bb70e2b762d5282fcf88f1c4a349300dd6ea.tar.gz pki-4488bb70e2b762d5282fcf88f1c4a349300dd6ea.tar.xz pki-4488bb70e2b762d5282fcf88f1c4a349300dd6ea.zip | |
Make generate_symmetric_key more generic.
Added a method generate_session_key() which should be used when
wrapping secrets for the drm. For now, this has to be a 168-bit
3DES symmetric key.
Diffstat (limited to 'base/common/python/pki/key.py')
| -rw-r--r-- | base/common/python/pki/key.py | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/base/common/python/pki/key.py b/base/common/python/pki/key.py index 3fa5952db..b4158fed6 100644 --- a/base/common/python/pki/key.py +++ b/base/common/python/pki/key.py @@ -433,7 +433,7 @@ class KeyClient(object): if secret is None: raise ValueError("secret must be specified") - session_key = self.crypto.generate_symmetric_key() + session_key = self.crypto.generate_session_key() trans_wrapped_session_key = self.crypto.asymmetric_wrap(session_key, self.transport_cert) wrapped_secret = self.crypto.symmetric_wrap(secret, session_key) @@ -591,7 +591,7 @@ class KeyClient(object): to authorize the recovery. To ensure data security in transit, the data will be returned encrypted by a session - key (56 bit DES3 symmetric key) - which is first wrapped (encrypted) by the public + key (168 bit 3DES symmetric key) - which is first wrapped (encrypted) by the public key of the DRM transport certificate before being sent to the DRM. The parameter trans_wrapped_session_key refers to this wrapped session key. @@ -616,7 +616,7 @@ class KeyClient(object): key_provided = True if trans_wrapped_session_key is None: key_provided = False - session_key = self.crypto.generate_symmetric_key() + session_key = self.crypto.generate_session_key() trans_wrapped_session_key = self.crypto.asymmetric_wrap(session_key, self.transport_cert) @@ -660,7 +660,7 @@ class KeyClient(object): In this case, CryptoUtil methods will be called to create the data to securely send the passphrase to the DRM. Basically, three pieces of data will be sent: - - the passphrase wrapped by a 56 bit DES3 symmetric key (the session key). This + - the passphrase wrapped by a 168 bit 3DES symmetric key (the session key). This is referred to as the parameter session_wrapped_passphrase above. - the session key wrapped with the public key in the DRM transport certificate. This |