[Pki-devel] [PATCH] pki-0178, jss-0000..0002 - PKCS #12 key bag AES encryption
Christina Fu
cfu at redhat.com
Thu Apr 27 23:02:58 UTC 2017
On 04/26/2017 07:11 AM, Fraser Tweedale wrote:
> On Tue, Apr 11, 2017 at 03:23:18PM -0700, Christina Fu wrote:
>> Thank you. Please see review comments:
>>
>> https://bugzilla.mozilla.org/show_bug.cgi?id=1355358#c6
>>
>> I will review PKCS12Util later.
>>
>> Christina
>>
> Updated patch jss-0002 and also created
> https://bugzilla.mozilla.org/show_bug.cgi?id=1359731 with some
> other JSS patches.
For JSS, I have reviewed and ack'ed the updated patch for
https://bugzilla.mozilla.org/show_bug.cgi?id=1355358
I have also reviewed and ack'ed the additional patches in
https://bugzilla.mozilla.org/show_bug.cgi?id=1359731
Please work with Elio to check in before deadline today.
Ade has agreed to review your pkcs 12 (non-jss) patches.
>
> Created Gerrit review branch for Dogtag patches:
> https://review.gerrithub.io/#/c/358634/. This includes patch
> pki-0178 and also a new patch to change KRA PKCS #12 recovery to use
> AES, which depends on the new JSS patches linked above.
>
> Thanks,
> Fraser
>
>> On 04/10/2017 11:30 PM, Fraser Tweedale wrote:
>>> On Thu, Apr 06, 2017 at 03:45:55PM -0700, Christina Fu wrote:
>>>> Hi Fraser,
>>>>
>>>> Could you please do the following first?
>>>>
>>>> 1. file a Mozilla bugzilla bug for this against Product JSS Release 4.4.1,
>>>> then assign to yourself:
>>>> https://bugzilla.mozilla.org/
>>>> 2. After making sure your patch compiles well with the 4.4.1 base, attach
>>>> the patch to that ticket, and mark reviewers
>>>>
>>>> thanks!
>>>>
>>>> Christina
>>>>
>>> Thanks Christina, I filed
>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1355358
>>>
>>> I was unable to assign myself to the bug ('Assignee' field is not
>>> active when I go to Edit Bug.
>>>
>>> Also not sure how to "mark reviewers". I added you and Elio to Cc
>>> though.
>>>
>>> Thanks,
>>> Fraser
>>>
>>>> On 04/04/2017 02:56 AM, Fraser Tweedale wrote:
>>>>> Hi team,
>>>>>
>>>>> Please review attached patches for JSS and Dogtag that:
>>>>>
>>>>> - add some new EncryptedPrivateKeyInfo export and import functions
>>>>> to JSS
>>>>>
>>>>> - update Dogtag's `pki pkcs12' command to use the new functions to
>>>>> achieve AES encryption of the key bags, with wrapping/unwrapping
>>>>> occurring on the token.
>>>>>
>>>>> PKCS #12 files produced by current releases continue to import
>>>>> properly (of course, this is an important test vector).
>>>>>
>>>>> These patches do not address the PKCS #12 KRA recovery export; This
>>>>> is my next task and separate patches will be produced.
>>>>>
>>>>> Thanks,
>>>>> Fraser
More information about the Pki-devel
mailing list