[Pki-devel] [PATCH] pki-0178, jss-0000..0002 - PKCS #12 key bag AES encryption
Ade Lee
alee at redhat.com
Fri Apr 28 14:15:14 UTC 2017
There are three patches which I have reviewed and can check in. The
last patch requires review by cfu.
These patches cannot be committed though until the latest JSS build is
available, or we will break everyone else. I'll co-ordinate with Matt.
Ade
On Fri, 2017-04-28 at 09:44 +1000, Fraser Tweedale wrote:
> On Thu, Apr 27, 2017 at 04:02:58PM -0700, Christina Fu wrote:
> >
> > On 04/26/2017 07:11 AM, Fraser Tweedale wrote:
> > > On Tue, Apr 11, 2017 at 03:23:18PM -0700, Christina Fu wrote:
> > > > Thank you. Please see review comments:
> > > >
> > > > https://bugzilla.mozilla.org/show_bug.cgi?id=1355358#c6
> > > >
> > > > I will review PKCS12Util later.
> > > >
> > > > Christina
> > > >
> > >
> > > Updated patch jss-0002 and also created
> > > https://bugzilla.mozilla.org/show_bug.cgi?id=1359731 with some
> > > other JSS patches.
> >
> > For JSS, I have reviewed and ack'ed the updated patch for
> >
> > https://bugzilla.mozilla.org/show_bug.cgi?id=1355358
> >
> > I have also reviewed and ack'ed the additional patches in
> >
> > https://bugzilla.mozilla.org/show_bug.cgi?id=1359731
> >
> > Please work with Elio to check in before deadline today.
> >
> > Ade has agreed to review your pkcs 12 (non-jss) patches.
> >
>
> Thanks Ade,
>
> If you're happy with the patches and I'm not around when you've
> reviewed them, could you please push them?
>
> Cheers,
> Fraser
>
> > >
> > > Created Gerrit review branch for Dogtag patches:
> > > https://review.gerrithub.io/#/c/358634/. This includes patch
> > > pki-0178 and also a new patch to change KRA PKCS #12 recovery to
> > > use
> > > AES, which depends on the new JSS patches linked above.
> > >
> > > Thanks,
> > > Fraser
> > >
> > > > On 04/10/2017 11:30 PM, Fraser Tweedale wrote:
> > > > > On Thu, Apr 06, 2017 at 03:45:55PM -0700, Christina Fu wrote:
> > > > > > Hi Fraser,
> > > > > >
> > > > > > Could you please do the following first?
> > > > > >
> > > > > > 1. file a Mozilla bugzilla bug for this against Product
> > > > > > JSS Release 4.4.1,
> > > > > > then assign to yourself:
> > > > > > https://bugzilla.mozilla.org/
> > > > > > 2. After making sure your patch compiles well with the
> > > > > > 4.4.1 base, attach
> > > > > > the patch to that ticket, and mark reviewers
> > > > > >
> > > > > > thanks!
> > > > > >
> > > > > > Christina
> > > > > >
> > > > >
> > > > > Thanks Christina, I filed
> > > > > https://bugzilla.mozilla.org/show_bug.cgi?id=1355358
> > > > >
> > > > > I was unable to assign myself to the bug ('Assignee' field is
> > > > > not
> > > > > active when I go to Edit Bug.
> > > > >
> > > > > Also not sure how to "mark reviewers". I added you and Elio
> > > > > to Cc
> > > > > though.
> > > > >
> > > > > Thanks,
> > > > > Fraser
> > > > >
> > > > > > On 04/04/2017 02:56 AM, Fraser Tweedale wrote:
> > > > > > > Hi team,
> > > > > > >
> > > > > > > Please review attached patches for JSS and Dogtag that:
> > > > > > >
> > > > > > > - add some new EncryptedPrivateKeyInfo export and import
> > > > > > > functions
> > > > > > > to JSS
> > > > > > >
> > > > > > > - update Dogtag's `pki pkcs12' command to use the new
> > > > > > > functions to
> > > > > > > achieve AES encryption of the key bags, with
> > > > > > > wrapping/unwrapping
> > > > > > > occurring on the token.
> > > > > > >
> > > > > > > PKCS #12 files produced by current releases continue to
> > > > > > > import
> > > > > > > properly (of course, this is an important test vector).
> > > > > > >
> > > > > > > These patches do not address the PKCS #12 KRA recovery
> > > > > > > export; This
> > > > > > > is my next task and separate patches will be produced.
> > > > > > >
> > > > > > > Thanks,
> > > > > > > Fraser
More information about the Pki-devel
mailing list