diff options
author | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2016-06-01 10:23:33 -0700 |
---|---|---|
committer | Jack Magne <jmagne@dhcp-16-206.sjc.redhat.com> | 2017-03-14 15:25:34 -0700 |
commit | 6d6b6f954a5bf6730d4b53875c7cc122eb3ab5eb (patch) | |
tree | 666adf630ac8316eb509bd9b32c7a36d12056879 /specs/dogtag-pki-theme.spec | |
parent | 648361bac96996e76339b9390b8a8882dcde8ad7 (diff) | |
download | pki-6d6b6f954a5bf6730d4b53875c7cc122eb3ab5eb.tar.gz pki-6d6b6f954a5bf6730d4b53875c7cc122eb3ab5eb.tar.xz pki-6d6b6f954a5bf6730d4b53875c7cc122eb3ab5eb.zip |
First cut of scp03 support. Supports the g&d smartcafe out of the box.
Developer keyset token operations and key change over supported.
Caveats.
-The diversification step going from master key to card key uses DES3 as required for the token.
-After that point, everything is scp03 to the spec with minor excpetions so far.
Supports 128 bit AES for now. Will resolve this.
Minor config tweaks:
TPS
Symmetric Key Changeover
Use this applet for scp03:
RSA/KeyRecovery/GP211/SCP02/SCP03 applet : 1.5.558cdcff.ijc
TKS:
Symmetric Key Changeover
tks.mk_mappings.#02#03=internal:new_master
tks.defKeySet.mk_mappings.#02#03=internal:new_master
Use the uncommented one because scp03 returns a different key set data string.
ToDo:
-Support the rest of the AES sizes other than 128.
-Support optional RMAC apdu.
-Test and adjust the config capability for other tokens.
-Support AES master key. Right now the standard key ends up creating AES card and session keys.
Diffstat (limited to 'specs/dogtag-pki-theme.spec')
0 files changed, 0 insertions, 0 deletions