[Pki-devel] [PATCH] pki-0178, jss-0000..0002 - PKCS #12 key bag AES encryption
Fraser Tweedale
ftweedal at redhat.com
Wed Apr 26 14:11:38 UTC 2017
On Tue, Apr 11, 2017 at 03:23:18PM -0700, Christina Fu wrote:
> Thank you. Please see review comments:
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1355358#c6
>
> I will review PKCS12Util later.
>
> Christina
>
Updated patch jss-0002 and also created
https://bugzilla.mozilla.org/show_bug.cgi?id=1359731 with some
other JSS patches.
Created Gerrit review branch for Dogtag patches:
https://review.gerrithub.io/#/c/358634/. This includes patch
pki-0178 and also a new patch to change KRA PKCS #12 recovery to use
AES, which depends on the new JSS patches linked above.
Thanks,
Fraser
>
> On 04/10/2017 11:30 PM, Fraser Tweedale wrote:
> > On Thu, Apr 06, 2017 at 03:45:55PM -0700, Christina Fu wrote:
> > > Hi Fraser,
> > >
> > > Could you please do the following first?
> > >
> > > 1. file a Mozilla bugzilla bug for this against Product JSS Release 4.4.1,
> > > then assign to yourself:
> > > https://bugzilla.mozilla.org/
> > > 2. After making sure your patch compiles well with the 4.4.1 base, attach
> > > the patch to that ticket, and mark reviewers
> > >
> > > thanks!
> > >
> > > Christina
> > >
> > Thanks Christina, I filed
> > https://bugzilla.mozilla.org/show_bug.cgi?id=1355358
> >
> > I was unable to assign myself to the bug ('Assignee' field is not
> > active when I go to Edit Bug.
> >
> > Also not sure how to "mark reviewers". I added you and Elio to Cc
> > though.
> >
> > Thanks,
> > Fraser
> >
> > > On 04/04/2017 02:56 AM, Fraser Tweedale wrote:
> > > > Hi team,
> > > >
> > > > Please review attached patches for JSS and Dogtag that:
> > > >
> > > > - add some new EncryptedPrivateKeyInfo export and import functions
> > > > to JSS
> > > >
> > > > - update Dogtag's `pki pkcs12' command to use the new functions to
> > > > achieve AES encryption of the key bags, with wrapping/unwrapping
> > > > occurring on the token.
> > > >
> > > > PKCS #12 files produced by current releases continue to import
> > > > properly (of course, this is an important test vector).
> > > >
> > > > These patches do not address the PKCS #12 KRA recovery export; This
> > > > is my next task and separate patches will be produced.
> > > >
> > > > Thanks,
> > > > Fraser
>
More information about the Pki-devel
mailing list