[Pki-devel] [PATCH] 331-333 add support for synchronous key archival and recovery requests.
Ade Lee
alee at redhat.com
Fri Nov 4 20:11:03 UTC 2016
Hi all,
This is in support of Ticket https://fedorahosted.org/pki/ticket/2532
This is preliminary set of patches - just so you can see what I'm doing
in case I need to change anything.
Note: With the changes, you can archive a secret like this:
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
`hostname` -p 8443 key-archive --passphrase "ooga booga" --clientKeyID
"test_1"
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
`hostname` -p 8443 key-archive --passphrase "ooga booga" --clientKeyID
"test_2" --express
The first invocation will archive a secret and create an archival
request in LDAP. The second will create one only in memory - and will
not store it in LDAP.
You can of course, see the requests created using -
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
`hostname` -p 8443 key-request-find
For retrieving the secret, you can do either:
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
aleeredhat.laptop -p 8443 key-retrieve --keyID 0x5
pki -d . -n "PKI Administrator for laptop" -P https -c redhat123 -h
aleeredhat.laptop -p 8443 key-retrieve --keyID 0x5 --express
The first will retrieve the secret while creating a retrieval request.
The second will create a retrieval request only in memory, and will not
write it to LDAP.
In both cases, there should be audit logs both for retrieval and
archival.
Thanks,
Ade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0333-Add-python-client-changes.patch
Type: text/x-patch
Size: 6736 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20161104/346a15ac/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0332-Add-method-to-obtain-synchronous-request-ids.patch
Type: text/x-patch
Size: 71405 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20161104/346a15ac/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0331-Refactor-SecurityData-archival-and-recovery-code.patch
Type: text/x-patch
Size: 64521 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20161104/346a15ac/attachment-0002.bin>
More information about the Pki-devel
mailing list