KRA: key archival/recovery via cli - should honor encryption/decryption flags.

Ticket # 1597

Currently, KRA allows sites to opt for doing encryption/decryption instead of
wrapping/unwrapping for key archival and recovery.

The new cli code was later added without such support. We should honor the
same flags when cli is called to do key archival and recovery.

This feature was due to a specific customer request.
Here is what is now supported:

1. When the pki cli tool is used to recover a asymmetric private key,
support is there to do so with encrypt / decrypt.

2. The passphrase and generic data facility already uses
encrypt / decrypt so nothing here was needed. Calling it out since
this will possibly be a customer issue.

3. While under the hood, it made sense to add this functionality to the
Symmetric key archival and recovery operations.

4. All tests in DRMTest.java worked successfully when the kra was
configured to support this feature and configured to not observe this feature.

What is missing:

We have since added a method to do a server side key generation of an
asymmetric key pair in the kra and also archive it there at the same time.
In order to do encrypt / decrypt in this case we need to extract the key
contents out of a key object that is used to generate this key. It proved
problematic to extract said key. This should be ok since the customer only
needs to recover an asymmetric key in their test cases. We could look into
doing this later if a pressing need arises.

0 files changed, 0 insertions, 0 deletions