[Pki-devel] [PATCH] 204, 205 - Additional changes to Key, KeyRequests
Ade Lee
alee at redhat.com
Wed Feb 26 15:12:15 UTC 2014
Issues addressed - pushed to master.
On Tue, 2014-02-25 at 17:40 -0600, Endi Sukma Dewata wrote:
> ACK for #204 and #205 with some comments below:
>
> On 2/25/2014 11:20 AM, Ade Lee wrote:
> > Patch 205:
> > Add ability to archive without sending pkiArchiveOptions object.
> >
> > With this patch, you can now either send a pkiArchiveOptions object
> > or the exploded parameters. This reduces the processing required on
> > the client side.
>
> In KeyClient.archive_key() the doc says:
>
> 3. wrapped_private_data which consists of a
> PKIArchiveOptions structure.
>
> Is it supposed to be pki_archive_options?
>
> Another question, can "TransWrappedSessionKey" be replaced with
> "WrappedSessionKey"? I suppose in this case the session key can only be
> wrapped with the transport key, so adding "Trans" is redundant.
>
> Existing issue, ArchiveOptions.toArchiveOptions() cannot return null so
> the null checking is redundant.
>
> > Patch 204:
> >
> > Make generate_symmetric_key more generic.
> >
> > Added a method generate_session_key() which should be used when
> > wrapping secrets for the drm. For now, this has to be a 168-bit
> > 3DES symmetric key.
>
> The method seems to be too DRM-specific to be added into CryptoUtil.
> Should this be added to KRAClient then it will call CryptoUtil's
> generate_symmetric_key() with the appropriate parameters?
>
We can discuss this one, but its not straightforward.
More information about the Pki-devel
mailing list