summaryrefslogtreecommitdiffstats
path: root/specs
diff options
context:
space:
mode:
authorFraser Tweedale <ftweedal@redhat.com>2017-04-06 13:27:56 +1000
committerMatthew Harmsen <mharmsen@redhat.com>2017-04-29 23:50:07 -0600
commit012718d24aff8c37713f42f2ca69c5bd7aec97df (patch)
tree378cfb8e282b99b50b02c72a5a62fe66ed805476 /specs
parent118f648961e502f55d6997f59f6cf8f355218da5 (diff)
downloadpki-012718d24aff8c37713f42f2ca69c5bd7aec97df.tar.gz
pki-012718d24aff8c37713f42f2ca69c5bd7aec97df.tar.xz
pki-012718d24aff8c37713f42f2ca69c5bd7aec97df.zip
KRA: use AES in PKCS #12 recovery for wrapped keys
The KRA has two private key recovery code paths: one dealing with keys wrapped to the storage key, and one dealing with symmetrically encrypted keys. Each has a separate function for constructing a PKCS #12 file for the recovered key. This commit updates the PKCS #12 generation for wrapped keys to use AES encryption. The JSS PBE facility is not expressive enough to handle PBES2 encryption, which is necessary for many algorithms including AES, so we now use CryptoStore.getEncryptedPrivateKeyInfo. Part of: https://pagure.io/dogtagpki/issue/2610 Change-Id: Iba67f15642338316e4a6d09f78504327e8853b85 (cherry picked from commit 8e663b6270d9a9409a04bfcb445318a6d5622b52)
Diffstat (limited to 'specs')
0 files changed, 0 insertions, 0 deletions
generated by cgit (git 2.34.1) at 2024-05-07 12:05:20 +0000