diff options
| author | Ade Lee <alee@redhat.com> | 2017-02-28 12:18:29 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-03-14 17:09:09 -0400 |
| commit | d13181faea23cdb5a07136d3fdabeedb70effda9 (patch) | |
| tree | b944588c3adfd297bcda4b4a26360d982557e3da /base/server/cms/src | |
| parent | e1789708a9a6f66c3e3f1478e7bbc03da5b3b0df (diff) | |
| download | pki-d13181faea23cdb5a07136d3fdabeedb70effda9.tar.gz pki-d13181faea23cdb5a07136d3fdabeedb70effda9.tar.xz pki-d13181faea23cdb5a07136d3fdabeedb70effda9.zip | |
Change internal wrapping to AES
There are several changes in this patch:
1. Simplify EncryptionUnit by moving the methods called by either the StorageUnit or the
TransportUnit into those classes. This helps to determine which methods are called by
which class (because in general they require different arguments). It may be possible
to later simplify and reduce code repetition by pulling core functionality back into
the EncryptionUnit.
2. Add methods to WrappingParameters and KeyRecord to store the Wrapping Parameter values
as part of the KeyRecord when the key is stored. On retrieval, this data is read and
used to extract the data. If the data is not present, then use the old DES3 parameters.
3. Change the internal (storageUnit) wrapping to use AES-CBC for encryption and AES-KeyWrap
for storage by default. If a parameter kra.storageUnit.useOldWrapping=true, then
the old wrapping will be used instead.
Change-Id: I098b0b3bd3b0ad917483e4e07925adfedacc3562
Diffstat (limited to 'base/server/cms/src')
| -rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java index 256f72879..c1711c240 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java @@ -46,6 +46,18 @@ public class KeyRecordParser { public final static String OUT_RECOVERED_BY = "recoveredBy"; public final static String OUT_RECOVERED_ON = "recoveredOn"; + /* parameters to populate WrappingParams */ + public final static String OUT_SK_TYPE = "sessionKeyType"; + public final static String OUT_SK_KEYGEN_ALGORITHM = "sessionKeyKeyGenAlgorithm"; + public final static String OUT_SK_LENGTH = "sessionKeyLength"; + public final static String OUT_SK_WRAP_ALGORITHM = "sessionKeyWrapAlgorithm"; + public final static String OUT_PL_WRAP_ALGORITHM = "payloadWrapAlgorithm"; + public final static String OUT_PL_WRAP_IV = "payloadWrapIV"; + public final static String OUT_PL_ENCRYPTION_ALGORITHM = "payloadEncryptionAlgorithm"; + public final static String OUT_PL_ENCRYPTION_MODE = "payloadEncryptionMode"; + public final static String OUT_PL_ENCRYPTION_PADDING = "payloadEncryptionPadding"; + public final static String OUT_PL_ENCRYPTION_IV = "payloadEncryptionIV"; + /** * Fills key record into argument block. */ |