[Freeipa-devel] DNSSEC design page
Petr Spacek
pspacek at redhat.com
Tue Feb 25 12:30:01 UTC 2014
On 25.2.2014 11:28, Ludwig Krispenz wrote:
>
> On 02/24/2014 08:20 PM, Simo Sorce wrote:
>> On Mon, 2014-02-24 at 13:11 +0100, Ludwig Krispenz wrote:
>>> Hi,
>>>
>>> here is a draft to start discussion. Lt me know if it is the right
>>> direction and what you're missing.
>>> https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/pkcs11Schema
>> I think we need to think hard if you really can make all those
>> attributes a MUST for the private key, as not all the attributes seem to
>> apply to all encryption algorithms. Would have to have to add bogus
>> attributes in some cases.
> most of them are MAY, right now I have only" ipaPkcs11keyType ipaPkcs11label
> ipaPkcs11id" as MUST, but this can be argued. I looke what softhsm is doing
> when importing a keypair:
> |softhsm --import key1.pem --slot 1 --label "My key" --id A1B2 --pin 123456
> so I thought ID and LABEL woul be something provided from the application and
> should be there to describe the key. When storing the key (which is in pkcs#8
> format) softhsm breaks up the data from the file and creates two pkcs#11
> attribute templates:
>
>
> CK_ATTRIBUTE pubTemplate[] = {
> { CKA_CLASS, &pubClass, sizeof(pubClass) },
> { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
> { CKA_LABEL, label, strlen(label) },
> { CKA_ID, objID, objIDLen },
> { CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
> { CKA_VERIFY, &ckTrue, sizeof(ckTrue) },
> { CKA_ENCRYPT, &ckFalse, sizeof(ckFalse) },
> { CKA_WRAP, &ckFalse, sizeof(ckFalse) },
> { CKA_PUBLIC_EXPONENT, keyMat->bigE, keyMat->sizeE },
> { CKA_MODULUS, keyMat->bigN, keyMat->sizeN }
> };
> CK_ATTRIBUTE privTemplate[] = {
> { CKA_CLASS, &privClass, sizeof(privClass) },
> { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
> { CKA_LABEL, label, strlen(label) },
> { CKA_ID, objID, objIDLen },
> { CKA_SIGN, &ckTrue, sizeof(ckTrue) },
> { CKA_DECRYPT, &ckFalse, sizeof(ckFalse) },
> { CKA_UNWRAP, &ckFalse, sizeof(ckFalse) },
> { CKA_SENSITIVE, &ckTrue, sizeof(ckTrue) },
> { CKA_TOKEN, &ckTrue, sizeof(ckTrue) },
> { CKA_PRIVATE, &ckTrue, sizeof(ckTrue) },
> { CKA_EXTRACTABLE, &ckFalse, sizeof(ckFalse) },
> { CKA_PUBLIC_EXPONENT, keyMat->bigE, keyMat->sizeE },
> { CKA_MODULUS, keyMat->bigN, keyMat->sizeN },
> { CKA_PRIVATE_EXPONENT, keyMat->bigD, keyMat->sizeD },
> { CKA_PRIME_1, keyMat->bigP, keyMat->sizeP },
> { CKA_PRIME_2, keyMat->bigQ, keyMat->sizeQ },
> { CKA_EXPONENT_1, keyMat->bigDMP1, keyMat->sizeDMP1 },
> { CKA_EXPONENT_2, keyMat->bigDMQ1, keyMat->sizeDMQ1 },
> { CKA_COEFFICIENT, keyMat->bigIQMP, keyMat->sizeIQMP }
> };
>
> I thought that CLASS would be translated to an LDAP objectclass, |
>
> |CKA_KEY_TYPE,||CKA_LABEL and CKA_ID would be provided (or default to rsa)|.
>
> For the the private key itself it could be either stored completely as
> ipaPkcs8privateKey or as individual key attributes: ipaPkcs11publicExponent,
> ipaPkcs11modulus, ipaPkcs11privateExponent, ipaPkcs11prim1, ipaPkcs11prim2
> I did ignore CKA_SIGN, CKA_DECRYPT, CKA_UNWRAP, CKA_SENSITIVE as only defaults
> were used, but maybe this is my ignorance.
> And|CKA_EXPONENT_1,||CKA_EXPONENT_2, CKA_COEFICIENT as they seemed redundant
> to me, calculated from other components.
>
> If we need any of the attributes I omitted or if we need other attributes for
> other keytypes let me know.
> |
>
>> ipaPkcs8privateKey
>>
>> Also can you add some examples on how we would use these classes to
>> store DNS keys ?
> in what format do you provide the dns key ? The public key could be stored
> using modulus and exponent, do we need the flags, protocol adn algorithm
> attribute ? Does a schema for DNS records already exist ?
I would store DNSSEC-specific attributes in separate objectClass not to
pollute pure PKCS#11 object classes.
We have to be able to reproduce BIND key-files in the first implementation
phase. I'm attaching public-private key pairs with different algorithms and
flags to this e-mail.
.key files contain DNSKEY record. It is basically public key, algorithm and
flags as used by DNS clients. This is just one long string stored in normal
idnsZone object.
DNSKEY format is described on http://tools.ietf.org/html/rfc4034#section-2.3
.private files contain private keys and metadata for BIND, stored as key-value
pairs.
Some values can be derived from standard PKCS#11 attributes, some other have
to be stored explicitly.
For example (file Kdsa-ksk.+006+51642.private):
> Private-key-format: v1.3
> Algorithm: 6 (NSEC3DSA)
- We need to check if this can be derived from PKCS#11 type or not. (It could
contain some DNSSEC-specific values.)
- See
http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1
> Prime(p):
6h4K2APYLBWTOFgoo9b2aMpCNz9QfhYMh1fUnipZFdCt3TsBy2mYueC8iVrqC35EUCCU/SbKkZv2SfVjpwJRc37bmSNhsGt6tFCqHAvuMO/KD43erLebvTuQc58zmkswLqDM1+Rx6sCtk1Dse6xdRrWAi1CXhpQfyHD
> Subprime(q): tzQKBcEOLQT5/R7WzaMij86hwEM=
> Base(g):
uHVjFBrRFijLHFUWP+1aWZA1kiq85Wrn+npPu39F4P9VOIyasJaxSEncw7F0T1b2h+ADZ3/Ny1aQPBeJJ4o5NuTNUb92tifjr6peP8UZWG3NHoyU+RZJkoHIjaMiTHaPwBJItRQdEg+3nSCjmCEDNaFhUwwfG+yJ1FZJ
> Private_value(x): avcS6O/s60qa4TZ8m5dlHvyiSQI=
> Public_value(y):
5cb5cH2hLkIrLGO9xCv4fgWYOTN+txiVD4hRILTJHG8GXhadIPuKmvuvyc6ynnPIn8XgZnrpVqCJXteMoPk0ERQh1wmSoxPqks9pyKJlnIGADW8zH5uEueBT53lx6I2WkNXU+BK0/A7psVPpqo51iX1s0h5f
- All this is algorithm-specific but we need to be able to extract each field
separately for BIND-keyfile generation
There is also a bunch of DNSSEC-specific timestamps:
> Created: 20140225113328
> Publish: 20140327113328
- When the key will be made visible for the first time.
> Activate: 20140327113328
- When the key will be used for signing the first time.
- Probably can be mapped to PKCS#11 ??
> Inactive: 20140426113328
- From when the key will not be used for signing anymore.
- Probably can be mapped to PKCS#11 ??
> Revoke: 20140526113328
> Delete: 20140625113328
There is also some information coded in file name:
- name of the DNS zone
- key_id - some value computed from the DNSKEY record
- key_alg - the same value as in .key and .private files
I hope this clarifies requirements from DNSSEC-point of view.
We need to find what is possible to derive from PKCS#11 attributes and create
auxiliary object class for remaining values.
Petr^2 Spacek
>> Ideally the example would show the LDAP tree and some example data in
>> detail, and also what operation we think would be common.
>>
>> Simo.
-------------- next part --------------
; This is a key-signing key, keyid 51642, for dsa-ksk.
; Created: 20140225113328 (Tue Feb 25 12:33:28 2014)
; Publish: 20140327113328 (Thu Mar 27 12:33:28 2014)
; Activate: 20140327113328 (Thu Mar 27 12:33:28 2014)
; Revoke: 20140526113328 (Mon May 26 13:33:28 2014)
; Inactive: 20140426113328 (Sat Apr 26 13:33:28 2014)
; Delete: 20140625113328 (Wed Jun 25 13:33:28 2014)
dsa-ksk. IN DNSKEY 257 3 6 CLc0CgXBDi0E+f0e1s2jIo/OocBD6h4K2APYLBWTOFgoo9b2aMpCNz9Q fhYMh1fUnipZFdCt3TsBy2mYueC8iVrqC35EUCCU/SbKkZv2SfVjpwJR c37bmSNhsGt6tFCqHAvuMO/KD43erLebvTuQc58zmkswLqDM1+Rx6sCt k1Dse6xdRrWAi1CXhpQfyHD3CAeskv+4dWMUGtEWKMscVRY/7VpZkDWS Krzlauf6ek+7f0Xg/1U4jJqwlrFISdzDsXRPVvaH4ANnf83LVpA8F4kn ijk25M1Rv3a2J+Ovql4/xRlYbc0ejJT5FkmSgciNoyJMdo/AEki1FB0S D7edIKOYIQM1oWFTDB8b7InUVkl2dDaY9uXG+XB9oS5CKyxjvcQr+H4F mDkzfrcYlQ+IUSC0yRxvBl4WnSD7ipr7r8nOsp5zyJ/F4GZ66VagiV7X jKD5NBEUIdcJkqMT6pLPaciiZZyBgA1vMx+bhLngU+d5ceiNlpDV1PgS tPwO6bFT6aqOdYl9bNIeXxn78vJ4kixgebZg
-------------- next part --------------
Private-key-format: v1.3
Algorithm: 6 (NSEC3DSA)
Prime(p): 6h4K2APYLBWTOFgoo9b2aMpCNz9QfhYMh1fUnipZFdCt3TsBy2mYueC8iVrqC35EUCCU/SbKkZv2SfVjpwJRc37bmSNhsGt6tFCqHAvuMO/KD43erLebvTuQc58zmkswLqDM1+Rx6sCtk1Dse6xdRrWAi1CXhpQfyHD3CAeskv8=
Subprime(q): tzQKBcEOLQT5/R7WzaMij86hwEM=
Base(g): uHVjFBrRFijLHFUWP+1aWZA1kiq85Wrn+npPu39F4P9VOIyasJaxSEncw7F0T1b2h+ADZ3/Ny1aQPBeJJ4o5NuTNUb92tifjr6peP8UZWG3NHoyU+RZJkoHIjaMiTHaPwBJItRQdEg+3nSCjmCEDNaFhUwwfG+yJ1FZJdnQ2mPY=
Private_value(x): avcS6O/s60qa4TZ8m5dlHvyiSQI=
Public_value(y): 5cb5cH2hLkIrLGO9xCv4fgWYOTN+txiVD4hRILTJHG8GXhadIPuKmvuvyc6ynnPIn8XgZnrpVqCJXteMoPk0ERQh1wmSoxPqks9pyKJlnIGADW8zH5uEueBT53lx6I2WkNXU+BK0/A7psVPpqo51iX1s0h5fGfvy8niSLGB5tmA=
Created: 20140225113328
Publish: 20140327113328
Activate: 20140327113328
Revoke: 20140526113328
Inactive: 20140426113328
Delete: 20140625113328
-------------- next part --------------
; This is a zone-signing key, keyid 34022, for dsa-zsk.
; Created: 20140225113316 (Tue Feb 25 12:33:16 2014)
; Publish: 20140327113316 (Thu Mar 27 12:33:16 2014)
; Activate: 20140327113316 (Thu Mar 27 12:33:16 2014)
; Inactive: 20140426113316 (Sat Apr 26 13:33:16 2014)
; Delete: 20140625113316 (Wed Jun 25 13:33:16 2014)
dsa-zsk. IN DNSKEY 256 3 6 CLw577W6Afi25v14UBwxFbqI01XLtITHhMsRK8NUm4UV0OLIHcv0SCut QTByMPMYfzZwC790XXUfrIonXHiZmECXYKhKaqB2tUEV+2F2jIJ1saM4 n7RzN+LHQ4ucaSxLqpMnX4bktplp1N3V25nZGj18nc8zGGVqVIv6lK/G ALqsjWWw0o1/wYOUwvQetM6aOubPsukgklRhDkbdfsaBj35HqRzyH1XM d6Ws77IwbKC5P65EBID8rJ+SbBWUbOGINyaL6gwEQbCQEf+0+H+P9ftA rBMDULS8+6x1Tvm76uL+KslgB716oHBfxuMY96JSJMW8rnDZ5e0pQAAu xBibSdvq6/2BntzwC1/46/cZ6fpr/6x0jQsMgoYcaEz6nvy6HN6HpLKE 5PvkdyBKZoMFmw1NrrjLxzLgS3k4s2KaTFto520ZaiA4YRm/Bg5rufFp 6a9rI5mLpVqubKYgxLj+IOYRDnVMmhf6+1ciuhgskfzFueV451BQdP6S /mMS5w8uZBXxmnCG0UYYs4rkUCJ1IIhNSU8C
-------------- next part --------------
Private-key-format: v1.3
Algorithm: 6 (NSEC3DSA)
Prime(p): tITHhMsRK8NUm4UV0OLIHcv0SCutQTByMPMYfzZwC790XXUfrIonXHiZmECXYKhKaqB2tUEV+2F2jIJ1saM4n7RzN+LHQ4ucaSxLqpMnX4bktplp1N3V25nZGj18nc8zGGVqVIv6lK/GALqsjWWw0o1/wYOUwvQetM6aOubPsuk=
Subprime(q): vDnvtboB+Lbm/XhQHDEVuojTVcs=
Base(g): IJJUYQ5G3X7GgY9+R6kc8h9VzHelrO+yMGyguT+uRASA/KyfkmwVlGzhiDcmi+oMBEGwkBH/tPh/j/X7QKwTA1C0vPusdU75u+ri/irJYAe9eqBwX8bjGPeiUiTFvK5w2eXtKUAALsQYm0nb6uv9gZ7c8Atf+Ov3Gen6a/+sdI0=
Private_value(x): QFxKGAu60nOWd4P+N0jLH8KgZto=
Public_value(y): CwyChhxoTPqe/Loc3oeksoTk++R3IEpmgwWbDU2uuMvHMuBLeTizYppMW2jnbRlqIDhhGb8GDmu58Wnpr2sjmYulWq5spiDEuP4g5hEOdUyaF/r7VyK6GCyR/MW55XjnUFB0/pL+YxLnDy5kFfGacIbRRhiziuRQInUgiE1JTwI=
Created: 20140225113316
Publish: 20140327113316
Activate: 20140327113316
Inactive: 20140426113316
Delete: 20140625113316
-------------- next part --------------
; This is a key-signing key, keyid 3138, for ecc-ksk.
; Created: 20140225113429 (Tue Feb 25 12:34:29 2014)
; Publish: 20140327113429 (Thu Mar 27 12:34:29 2014)
; Activate: 20140327113429 (Thu Mar 27 12:34:29 2014)
; Revoke: 20140526113429 (Mon May 26 13:34:29 2014)
; Inactive: 20140426113429 (Sat Apr 26 13:34:29 2014)
; Delete: 20140625113429 (Wed Jun 25 13:34:29 2014)
ecc-ksk. IN DNSKEY 257 3 14 N1IogBs1smfXszrY5b4COMa2+U95q8kbwzeMwnMzPF7F/vFoQ2NcLHgd ChuoBfBdXgzm6RIxqReUxAqfTS35GSCr2Gjzvjdfrqu8wen6oxW7ESnM iik/ji32LVPPD5DK
-------------- next part --------------
Private-key-format: v1.3
Algorithm: 14 (ECDSAP384SHA384)
PrivateKey: 9cRc/AcAff4+NNTUwSIMC2FJHmJGWPpgm9viw6EFaHzXyOw9tM2V7nIuKAWxcVIr
Created: 20140225113429
Publish: 20140327113429
Activate: 20140327113429
Revoke: 20140526113429
Inactive: 20140426113429
Delete: 20140625113429
-------------- next part --------------
; This is a zone-signing key, keyid 10600, for ecc-zsk.
; Created: 20140225113440 (Tue Feb 25 12:34:40 2014)
; Publish: 20140327113440 (Thu Mar 27 12:34:40 2014)
; Activate: 20140327113440 (Thu Mar 27 12:34:40 2014)
; Inactive: 20140426113440 (Sat Apr 26 13:34:40 2014)
; Delete: 20140625113440 (Wed Jun 25 13:34:40 2014)
ecc-zsk. IN DNSKEY 256 3 14 6jbaCR8W+TgZVRYr2Wo1ql2nGqopSLwaJL4IdKT4BDPhXOv0mAaNFOs8 yN7qOoV6Kfsvs8hoNWYdbxQC4r+CGY4E2ZhXaBqYJrZuF3JIjLg06o2P bp7oiYZgYda59qjg
-------------- next part --------------
Private-key-format: v1.3
Algorithm: 14 (ECDSAP384SHA384)
PrivateKey: ZnF++WhaaTPuJNxWEn7sVbsqEqgDTDQsmEk4oq978QsmantE9k/Fg1aFQz8o5RaF
Created: 20140225113440
Publish: 20140327113440
Activate: 20140327113440
Inactive: 20140426113440
Delete: 20140625113440
-------------- next part --------------
; This is a key-signing key, keyid 54606, for rsa-ksk.
; Created: 20140225113234 (Tue Feb 25 12:32:34 2014)
; Publish: 20140327113234 (Thu Mar 27 12:32:34 2014)
; Activate: 20140327113234 (Thu Mar 27 12:32:34 2014)
; Revoke: 20140526113234 (Mon May 26 13:32:34 2014)
; Inactive: 20140426113234 (Sat Apr 26 13:32:34 2014)
; Delete: 20140625113234 (Wed Jun 25 13:32:34 2014)
rsa-ksk. IN DNSKEY 257 3 7 AwEAAcmqk3If9PxNKFKlsLKVe7VxHGz6TRUXlAY8aCcdmBxnRIDRTyxV 3WbR1msoT+azoe485m9iOMFxmpldQYQhUqblGfXwf0ZTMSAmJQEstzM/ hwWob1BBBbX+jFXZKZS6iyEOQMO5mL7IDdQpLOBZ34aCOq7ScgO6GjRt U/SPU1blC3goWzsujn40PoLxiyVuul/pYglggSbW5oZt6vFsVyDsrOMF l3AEz76zZvQga33EgaJi4UhCLc4c9M+tklbikb6UF1OthzH5VdqcPjM9 WfcJV5NwRkb9uHiFz0UeOi2UyOvNuuyxRdcXjAc7vX9ryjfHrN9V12Ub 2uWR8tbQep8=
-------------- next part --------------
Private-key-format: v1.3
Algorithm: 7 (NSEC3RSASHA1)
Modulus: yaqTch/0/E0oUqWwspV7tXEcbPpNFReUBjxoJx2YHGdEgNFPLFXdZtHWayhP5rOh7jzmb2I4wXGamV1BhCFSpuUZ9fB/RlMxICYlASy3Mz+HBahvUEEFtf6MVdkplLqLIQ5Aw7mYvsgN1Cks4FnfhoI6rtJyA7oaNG1T9I9TVuULeChbOy6OfjQ+gvGLJW66X+liCWCBJtbmhm3q8WxXIOys4wWXcATPvrNm9CBrfcSBomLhSEItzhz0z62SVuKRvpQXU62HMflV2pw+Mz1Z9wlXk3BGRv24eIXPRR46LZTI68267LFF1xeMBzu9f2vKN8es31XXZRva5ZHy1tB6nw==
PublicExponent: AQAB
PrivateExponent: twZnkSEtv7nrCa80wa9nOhHxIXq9cJIYltxGDpIOVmDmzB6qw2seaE2zU0ef1JpdMZH19UrohbAsBlqbtmZj0/KDcDEX4eRo5muYFAvYLNvQGDN46xZIL5dZGCTiVwhCcvqzjq8n0KZR3qaMAwWuFy6kQbvfHEDPvZsnogJeObJDwHOGdubIacLl6z7k2bMzRPTE9jSUIBYah4qpt5F7x5nVE1ifn13FEWg+x2JjA0psGwKK6ltgkf4SP02AmH8iQhMDnuJB62ycHn77khPto/rXW18b9HQg7uRkqfN/CMw0GLovBzSajzL5Eew8nSdIUcXUBlA51H/tTiw6tN8w+Q==
Prime1: 7NgeHz91ccQ4NpxTMmVnZvYsrf9eaLzwBp0NzNt0L75MRQ6CaNFHJx5hiEp0D1cdcVHec9i0oIuLBFb1RqrPIf//1LvQtHHO8WIKrMMIi5qYwA+L+G0f9N8hHJvOK2RSQ2+H0T+XP2j1rm8hznbF6Dd5aljaQAIUb/fGpMYzPcU=
Prime2: 2foYtYt1slmNF1+N5FT2Cnr7teGe/TatsV1tw7eaN3gWlCXnMxRAm3SDDjg/igmpuwPjwguFf87uQFk/9ZmYdU3rcsk2ltKTdL+W0rRaszhfyq9daxuD8zKONleNcA99/aVbtrx24I9PUcTtMxQ3ujxl6DnYDe8nAGdJSxcioRM=
Exponent1: wBB6TOjPOtTeqRqYNTQaaFqV3PxL+S/Oje5qtIf6boUpoI6lno6n3sc6XKXT/GSu0aiMdvFzeQXwVDKYcRgvJOlO85rjIpFwOjtBYNxAX8WcvZNd9LW5xn/zgBmxVWrjcyBMyZmB88AQC8a/aYjT8P6bjWxEgMeu/yW1hwXbo+k=
Exponent2: sTu38Y0GUtCbduC792bZcyYSGg3sfwiBbBCCWjukCev7t9OlzBNwgLXYhaxYhX1b43LDMpi5oHT5pZqr9Z9ApkiH45oVZ8aqHKhXEtWQVd7FjIDQHXGO9SQrG6ZOm0oNcDqOeuN8aRQ9M0hCcWDD+wp29b5qnNHSTXKt1n9mKb8=
Coefficient: SQRB5bWr7XBb0Z+GdnnhmDgGu9pgcFgWdEFiEogwc9i+IEMduhjB2+8xPp4rvN0LJqPJN+/+mnuP4RNgjMy5A2OwThHXK5qJb0VWuy1a4oPf+ka2x+bKq2sWLG4H/6F3kbpFYtzn8Nvs+eG7ibJFf0nvMgNn7xqax3LgJ5zHSNg=
Created: 20140225113234
Publish: 20140327113234
Activate: 20140327113234
Revoke: 20140526113234
Inactive: 20140426113234
Delete: 20140625113234
-------------- next part --------------
; This is a zone-signing key, keyid 61538, for rsa-zsk.
; Created: 20140225113244 (Tue Feb 25 12:32:44 2014)
; Publish: 20140327113244 (Thu Mar 27 12:32:44 2014)
; Activate: 20140327113244 (Thu Mar 27 12:32:44 2014)
; Inactive: 20140426113244 (Sat Apr 26 13:32:44 2014)
; Delete: 20140625113244 (Wed Jun 25 13:32:44 2014)
rsa-zsk. IN DNSKEY 256 3 7 AwEAAd9X8XiXJQ7LiL0c8K7SjEdJEq7Jt4W04iFL6arv0aFcXbY2+XUF 6GB+vCR7if3ux6gL713nPNishyWpItuKcBu1L+NSAO8NU9uVTCwmHVXn TqNoJJVxwCXG8IFxZo4vlj3E+CvfiAhnghsmXL2NonZj8FFllIoQHu8y zAj0E0r3
-------------- next part --------------
Private-key-format: v1.3
Algorithm: 7 (NSEC3RSASHA1)
Modulus: 31fxeJclDsuIvRzwrtKMR0kSrsm3hbTiIUvpqu/RoVxdtjb5dQXoYH68JHuJ/e7HqAvvXec82KyHJaki24pwG7Uv41IA7w1T25VMLCYdVedOo2gklXHAJcbwgXFmji+WPcT4K9+ICGeCGyZcvY2idmPwUWWUihAe7zLMCPQTSvc=
PublicExponent: AQAB
PrivateExponent: qyUM2MeZkhjNk30VwiF9dTK9qkrQ4xiVH8a4LFDRZsEM3pCJ3+7C/w6exaYVPA052cArkN2ddrveZDGTkIApHuNswhsjDPXq2yNaGPbmgZaTxfJWSBZzyDlwt8WTDiv8VVA8GOEk0kJocFEw01hkuVqP9mc9HL5sCpRnEtSRwGE=
Prime1: +5E3hYXf7hKeS+ogTC1unFN90uId8J7QdS7euZrksR1KMZZonN9hzLLyoHgsp1mIecej7oHjNE6MQS7UWpRZ9Q==
Prime2: 40dpy8LaTmsi1EZ6HevIO6P+/m56IYqNy1GGDtPHWaz14H2hbTRjcWxvXvZDFYIn7b2qGtRmfSiHUVvBrokhuw==
Exponent1: 8ROUtWw50Bgfgnh3Qwk2urB4H6N5NaG7+tBTuGJrTh/XffW5gru/KT9Dq+v+PtFaK/nZazMl3HZ5ie2qqrMIEQ==
Exponent2: dVIZ1Kri0fQP6I/w3Z0moVLIgEI7HTFOfJO6pdDAaRQVYCq5t4uBgb09yEFK48FqJxjuxCa8OQNAxsictCHpnQ==
Coefficient: 406tbA5MnYprgYhDQ4momtJzPtnwmYAjp8rEwBt9LQVCokH4JJX8dF1p/QO6z+m//X6IeYCxM24iHpnszrPdDA==
Created: 20140225113244
Publish: 20140327113244
Activate: 20140327113244
Inactive: 20140426113244
Delete: 20140625113244
More information about the Freeipa-devel
mailing list