<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Just a few comments:<br>
<br>
1. How about change ""userKey" to "<tokenType>", and "signing"
to "<keyType>?<br>
<pre wrap="">+The following property specifies the CUID shown in the certificate.
+
+.B op.enroll.userKey.keyGen.signing.cuid_label</pre>
<pre wrap="">+
+The following property specifies the token name.
+All resulting labels for co-existing keys on the same token must be unique.
+
+.B op.enroll.userKey.keyGen.signing.label
</pre>
2. How about replace all reference of "RA" (an outdated name for
"TPS") with "TPS"?<br>
<br>
3. We added support for ECC, so a couple params added to the mix (I
have my understanding of what they are, but it's best to ask Jack to
provide official info on those two) :<br>
<pre wrap="">+The following properties specify the key usage and which PIN user should be granted.
+
+.nf
<b>+.B op.enroll.<tokenType>.keyGen.<keyType>.alg=1</b><b>
</b><b>+.B op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024</b>
+.B op.enroll.<tokenType>.keyGen.<keyType>.keyUsage=0
+.B op.enroll.<tokenType>.keyGen.<keyType>.keyUser=0
+.fi</pre>
3. Same comment from 1 for the following:<br>
<pre wrap="">+There is a special case of tokenType userKeyTemporary.
+Make sure the profile specified by the profileId to have
+short validity period (e.g. 7 days) for the certificate.
+
+.nf
+.B op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
+.B op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher
+.f
</pre>
4. You asked me about the following, I think I just realized what it
was now. Its for things like <br>
op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey<br>
so, a generic thing is:<br>
op.enroll.<tokenType>.keyGen.<keyType>.recovery.<tokenState>.scheme=GenerateNewKey<br>
<br>
<pre wrap="">+The three recovery schemes supported are:
+ \fBGenerateNewKey\fR - Generate a new cert for the encryption cert.
+ \fBRecoverLast\fR - Recover the most recent cert for the encryption cert.
+ \fBGenerateNewKeyandRecoverLast\fR - Generate new cert AND recover last for encryption cert.</pre>
5. for the following you might want to add a generic thing as well:<br>
e.g.<br>
op.enroll.<tokenType>.renewal.*<br>
<pre wrap="">+.SS Token Renewal</pre>
5. There seems to be profile-related comments for "Format Operation
For tokenKey" and "Pin Reset Operation For CoolKey". Are they
significant enough to be added?<br>
<br>
thanks,<br>
Christina<br>
<br>
<br>
<div class="moz-cite-prefix">On 05/07/2014 10:49 AM, Endi Sukma
Dewata wrote:<br>
</div>
<blockquote cite="mid:536A7230.6040008@redhat.com" type="cite">On
5/7/2014 12:14 PM, Endi Sukma Dewata wrote:
<br>
<blockquote type="cite">The profile doc in TPS configuration file
has been converted into
<br>
a man page pki-tps-profile.
<br>
<br>
Ticket #950
<br>
</blockquote>
<br>
New patch attached. Fixed spec file.
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</body>
</html>