[Pki-devel] [PATCH] 204, 205 - Additional changes to Key, KeyRequests
Endi Sukma Dewata
edewata at redhat.com
Tue Feb 25 23:40:46 UTC 2014
ACK for #204 and #205 with some comments below:
On 2/25/2014 11:20 AM, Ade Lee wrote:
> Patch 205:
> Add ability to archive without sending pkiArchiveOptions object.
>
> With this patch, you can now either send a pkiArchiveOptions object
> or the exploded parameters. This reduces the processing required on
> the client side.
In KeyClient.archive_key() the doc says:
3. wrapped_private_data which consists of a
PKIArchiveOptions structure.
Is it supposed to be pki_archive_options?
Another question, can "TransWrappedSessionKey" be replaced with
"WrappedSessionKey"? I suppose in this case the session key can only be
wrapped with the transport key, so adding "Trans" is redundant.
Existing issue, ArchiveOptions.toArchiveOptions() cannot return null so
the null checking is redundant.
> Patch 204:
>
> Make generate_symmetric_key more generic.
>
> Added a method generate_session_key() which should be used when
> wrapping secrets for the drm. For now, this has to be a 168-bit
> 3DES symmetric key.
The method seems to be too DRM-specific to be added into CryptoUtil.
Should this be added to KRAClient then it will call CryptoUtil's
generate_symmetric_key() with the appropriate parameters?
--
Endi S. Dewata
More information about the Pki-devel
mailing list