1 files changed, 5 insertions, 2 deletions

diff --git a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
index f068a4a81..636e93ed0 100644
--- a/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
+++ b/base/kra/src/com/netscape/kra/NetkeyKeygenService.java
@@ -41,6 +41,7 @@ import org.mozilla.jss.util.Base64OutputStream;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
+import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.MetaInfo;
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
@@ -155,6 +156,9 @@ public class NetkeyKeygenService implements IService {
 
         IVParameterSpec algParam = new IVParameterSpec(iv);
 
+        IConfigStore configStore = CMS.getConfigStore();
+        boolean allowEncDecrypt_archival = configStore.getBoolean("kra.allowEncDecrypt.archival", false);
+
         wrapped_des_key = null;
         boolean archive = true;
         byte[] publicKeyData = null;
@@ -405,8 +409,7 @@ public class NetkeyKeygenService implements IService {
                     WrappingParams params = null;
 
                     try {
-                        // TODO(alee)  What happens if key wrap algorithm is not supported?
-                        params = mStorageUnit.getWrappingParams();
+                        params = mStorageUnit.getWrappingParams(allowEncDecrypt_archival);
                         privateKeyData = mStorageUnit.wrap((org.mozilla.jss.crypto.PrivateKey) privKey, params);
                     } catch (Exception e) {
                         request.setExtData(IRequest.RESULT, Integer.valueOf(4));