[Pki-devel] patches for review - Bug 744207 - Key archival fails when KRA is configured with lunasa
John Magne
jmagne at redhat.com
Tue May 1 22:11:19 UTC 2012
ACK
Patches address wrapping on Luna and improve error handling and logging.
----- Original Message -----
From: "Christina Fu" <cfu at redhat.com>
To: pki-devel at redhat.com
Sent: Tuesday, May 1, 2012 8:42:47 AM
Subject: [Pki-devel] patches for review - Bug 744207 - Key archival fails when KRA is configured with lunasa
Please review the following patches for Bug 744207 - Key archival fails when KRA is configured with lunasa:
JSS:
https://bugzilla.redhat.com/attachment.cgi?id=581108&action=diff&context=patch&collapsed=&headers=1&format=raw
DRM/KRA:
https://bugzilla.redhat.com/attachment.cgi?id=581109&action=diff&context=patch&collapsed=&headers=1&format=raw
The JSS patch alone allows key archival (both RSA and ECC) to work with lunasa token
where the lunasa token has to be KE-capable. Work done specifically on the following model:
Model: Luna SA v5 w/ PED auth and CKE
Part No: 908-000093-001
The DRM/KRA patch are just some debugging to make recovery debugging easier with an addition of non-static salt.
The recovery is not working currently, failing with wrapping operation during PBE creation:
Bug 817423 - Key recovery fails when KRA is configured with lunasa
which will be fixed at a later time.
To test these patches for key archival on the said model of lunasa, one must turn on the prototype mode for recovery.
thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel at redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list