diff options
author | Fraser Tweedale <ftweedal@redhat.com> | 2017-04-06 13:27:56 +1000 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2017-04-29 23:50:07 -0600 |
commit | 012718d24aff8c37713f42f2ca69c5bd7aec97df (patch) | |
tree | 378cfb8e282b99b50b02c72a5a62fe66ed805476 /specs | |
parent | 118f648961e502f55d6997f59f6cf8f355218da5 (diff) | |
download | pki-012718d24aff8c37713f42f2ca69c5bd7aec97df.tar.gz pki-012718d24aff8c37713f42f2ca69c5bd7aec97df.tar.xz pki-012718d24aff8c37713f42f2ca69c5bd7aec97df.zip |
KRA: use AES in PKCS #12 recovery for wrapped keys
The KRA has two private key recovery code paths: one dealing with
keys wrapped to the storage key, and one dealing with symmetrically
encrypted keys. Each has a separate function for constructing a
PKCS #12 file for the recovered key.
This commit updates the PKCS #12 generation for wrapped keys to use
AES encryption. The JSS PBE facility is not expressive enough to
handle PBES2 encryption, which is necessary for many algorithms
including AES, so we now use CryptoStore.getEncryptedPrivateKeyInfo.
Part of: https://pagure.io/dogtagpki/issue/2610
Change-Id: Iba67f15642338316e4a6d09f78504327e8853b85
(cherry picked from commit 8e663b6270d9a9409a04bfcb445318a6d5622b52)
Diffstat (limited to 'specs')
0 files changed, 0 insertions, 0 deletions