diff options
author | Ade Lee <alee@redhat.com> | 2017-03-24 10:27:37 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2017-03-24 16:38:43 -0400 |
commit | c063947c5a2e70ef588a796038c6e108ad013876 (patch) | |
tree | 81e5d07460c2ff7c7070fbbd3446719888d080d5 /base/server | |
parent | 874825f2d8e41b276aa3674d0cff5912dc6a55fa (diff) | |
download | pki-c063947c5a2e70ef588a796038c6e108ad013876.tar.gz pki-c063947c5a2e70ef588a796038c6e108ad013876.tar.xz pki-c063947c5a2e70ef588a796038c6e108ad013876.zip |
Modify storage unit to generate a new IV
Currently, the storage unit reuses the same IV each time a record
is stored. This works (probably) for DES3, but not for AES.
The getWrappingParams() method is modified to check the config as follows
(in order):
-- if the iv is defined, use that iv
-- if the length is defined, generate a byte array of that length
-- return null
To ensure that the same IV used to encrypt the secret is stored in the
DB, the wrapping param is defined once in the archival process, and
passed in to the wrapping functions in storageUnit.
Change-Id: Ia6696adf56fc7a4e90f83948c7549b64a38ab854
Diffstat (limited to 'base/server')
-rw-r--r-- | base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java index c471a2869..b1e6cd6da 100644 --- a/base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java +++ b/base/server/cms/src/com/netscape/cms/servlet/key/KeyRecordParser.java @@ -53,10 +53,12 @@ public class KeyRecordParser { public final static String OUT_SK_WRAP_ALGORITHM = "sessionKeyWrapAlgorithm"; public final static String OUT_PL_WRAP_ALGORITHM = "payloadWrapAlgorithm"; public final static String OUT_PL_WRAP_IV = "payloadWrapIV"; + public final static String OUT_PL_WRAP_IV_LEN = "payloadWrapIVLen"; public final static String OUT_PL_ENCRYPTION_ALGORITHM = "payloadEncryptionAlgorithm"; public final static String OUT_PL_ENCRYPTION_MODE = "payloadEncryptionMode"; public final static String OUT_PL_ENCRYPTION_PADDING = "payloadEncryptionPadding"; public final static String OUT_PL_ENCRYPTION_IV = "payloadEncryptionIV"; + public final static String OUT_PL_ENCRYPTION_IV_LEN = "payloadEncryptionIVLen"; public final static String OUT_PL_ENCRYPTION_OID = "payloadEncryptionOID"; /** |