From nalinda at techcert.lk Sun Jun 10 04:38:33 2012 From: nalinda at techcert.lk (Nalinda Herath) Date: Sun, 10 Jun 2012 10:08:33 +0530 Subject: [Pki-users] reset pkiconsole password [for CA server] In-Reply-To: <4FC77FAA.2090707@redhat.com> References: <4FC5F661.70301@techcert.lk> <1338384339.3069.12.camel@aleeredhat.laptop> <4FC6424C.3090603@techcert.lk> <4FC653F0.7020006@redhat.com> <4FC715EE.60507@techcert.lk> <4FC77FAA.2090707@redhat.com> Message-ID: <4FD424C9.3090902@techcert.lk> Thnx. But still no luck. I have tried the following command #ldapmodify -D "uid=admin,O=Astor Domain,dc=-pki-ca" -w Please let me know whether the commnd is correct. If yes, i will check on the DN. Thanks. Regards, Nalinda On 05/31/2012 07:56 PM, Marc Sauton wrote: > The admin entry has a DN similar to this form > dn: uid=admin,ou=people,dc=-pki-ca > Bind as the directory manager to read or modify the userpassword attribute > > I added an example of detailed steps in a "knowledge based" article at > https://access.redhat.com/knowledge/articles/133053 > > M. > > On 05/30/2012 11:55 PM, Nalinda Herath wrote: >> Thank you for the response. >> >> I have the directory manager password. Could you please help me to >> reset the admin password via ldapmodify utility. >> >> Regards, >> Nalinda >> >> >> On 05/30/2012 10:38 PM, Christina Fu wrote: >>> All CS role users are stored in the ldap. You could use ldapmodify >>> to change it, provided you have the directory manager password. >>> >>> Christina >>> >>> On 05/30/2012 08:52 AM, Nalinda Herath wrote: >>>> Thank you for the response. >>>> >>>> But what I forgot to tell was, I have lost the password for the admin >>>> user. And the system doesn't have any other user other than admin. >>>> >>>> Nalinda >>>> >>>> >>>> On 05/30/2012 06:55 PM, Ade Lee wrote: >>>>> In the CA console, there is a tab for managing Users and Groups. >>>>> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Creating_a_New_Group.html#Creating_Users-for-a-ca-ocsp-drm-or-tks >>>>> >>>>> You can select and modify the admin user (or any other user) from there. >>>>> >>>>> Ade >>>>> >>>>> On Wed, 2012-05-30 at 15:58 +0530, Nalinda Herath wrote: >>>>>> Dear All, >>>>>> >>>>>> Is there a possibility to reset the pkiconsole password for the default >>>>>> "admin" user? I'm referring to the pkiconsole for the CA instance. (not >>>>>> the console for the Directory Server) >>>>>> >>>>>> Nalinda >>>>>> >>>>>> _______________________________________________ >>>>>> Pki-users mailing list >>>>>> Pki-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>> >>>> >>>> _______________________________________________ >>>> Pki-users mailing list >>>> Pki-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/pki-users >>> >>> >>> >>> _______________________________________________ >>> Pki-users mailing list >>> Pki-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-users >> >> >> -- >> ---- >> Nalinda Herath >> Information Security Engineer >> TechCERT / A Division of LK Domain Registry, >> 545/4, De Soysa Rd., Molpe, >> Moratuwa 10400, >> Sri Lanka >> >> Mobile: +94 77 7303905 >> Office: +94 11 4216062 >> Fax: +94 11 2650805 >> Web: www.techcert.lk >> >> =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== >> >> >> _______________________________________________ >> Pki-users mailing list >> Pki-users at redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users > -- ---- Nalinda Herath Information Security Engineer TechCERT / A Division of LK Domain Registry, 545/4, De Soysa Rd., Molpe, Moratuwa 10400, Sri Lanka Mobile: +94 77 7303905 Office: +94 11 4216062 Fax: +94 11 2650805 Web: www.techcert.lk =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2619 bytes Desc: S/MIME Cryptographic Signature URL: From nalinda at techcert.lk Sun Jun 10 12:44:14 2012 From: nalinda at techcert.lk (Nalinda Herath) Date: Sun, 10 Jun 2012 18:14:14 +0530 Subject: [Pki-users] reset pkiconsole password [for CA server] In-Reply-To: <4FD424C9.3090902@techcert.lk> References: <4FC5F661.70301@techcert.lk> <1338384339.3069.12.camel@aleeredhat.laptop> <4FC6424C.3090603@techcert.lk> <4FC653F0.7020006@redhat.com> <4FC715EE.60507@techcert.lk> <4FC77FAA.2090707@redhat.com> <4FD424C9.3090902@techcert.lk> Message-ID: <4FD4969E.3090200@techcert.lk> this is the command that I have tried. But didn't get any response for the command. #ldapmodify -D "uid=admin,ou=people,dc=-pki-ca" -w -d 2 Do you know any ldap explorer utility which can be used for this purpose. Nalinda On 06/10/2012 10:08 AM, Nalinda Herath wrote: > Thnx. > > But still no luck. > > I have tried the following command > > #ldapmodify -D "uid=admin,O=Astor Domain,dc=-pki-ca" -w > > Please let me know whether the commnd is correct. If yes, i will check > on the DN. Thanks. > > Regards, > Nalinda > > On 05/31/2012 07:56 PM, Marc Sauton wrote: >> The admin entry has a DN similar to this form >> dn: uid=admin,ou=people,dc=-pki-ca >> Bind as the directory manager to read or modify the userpassword >> attribute >> >> I added an example of detailed steps in a "knowledge based" article at >> https://access.redhat.com/knowledge/articles/133053 >> >> M. >> >> On 05/30/2012 11:55 PM, Nalinda Herath wrote: >>> Thank you for the response. >>> >>> I have the directory manager password. Could you please help me to >>> reset the admin password via ldapmodify utility. >>> >>> Regards, >>> Nalinda >>> >>> >>> On 05/30/2012 10:38 PM, Christina Fu wrote: >>>> All CS role users are stored in the ldap. You could use ldapmodify >>>> to change it, provided you have the directory manager password. >>>> >>>> Christina >>>> >>>> On 05/30/2012 08:52 AM, Nalinda Herath wrote: >>>>> Thank you for the response. >>>>> >>>>> But what I forgot to tell was, I have lost the password for the admin >>>>> user. And the system doesn't have any other user other than admin. >>>>> >>>>> Nalinda >>>>> >>>>> >>>>> On 05/30/2012 06:55 PM, Ade Lee wrote: >>>>>> In the CA console, there is a tab for managing Users and Groups. >>>>>> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Creating_a_New_Group.html#Creating_Users-for-a-ca-ocsp-drm-or-tks >>>>>> >>>>>> You can select and modify the admin user (or any other user) from there. >>>>>> >>>>>> Ade >>>>>> >>>>>> On Wed, 2012-05-30 at 15:58 +0530, Nalinda Herath wrote: >>>>>>> Dear All, >>>>>>> >>>>>>> Is there a possibility to reset the pkiconsole password for the default >>>>>>> "admin" user? I'm referring to the pkiconsole for the CA instance. (not >>>>>>> the console for the Directory Server) >>>>>>> >>>>>>> Nalinda >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Pki-users mailing list >>>>>>> Pki-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>>> >>>>> >>>>> _______________________________________________ >>>>> Pki-users mailing list >>>>> Pki-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>> >>>> >>>> >>>> _______________________________________________ >>>> Pki-users mailing list >>>> Pki-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/pki-users >>> >>> >>> -- >>> ---- >>> Nalinda Herath >>> Information Security Engineer >>> TechCERT / A Division of LK Domain Registry, >>> 545/4, De Soysa Rd., Molpe, >>> Moratuwa 10400, >>> Sri Lanka >>> >>> Mobile: +94 77 7303905 >>> Office: +94 11 4216062 >>> Fax: +94 11 2650805 >>> Web: www.techcert.lk >>> >>> =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== >>> >>> >>> _______________________________________________ >>> Pki-users mailing list >>> Pki-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-users >> > > > -- > ---- > Nalinda Herath > Information Security Engineer > TechCERT / A Division of LK Domain Registry, > 545/4, De Soysa Rd., Molpe, > Moratuwa 10400, > Sri Lanka > > Mobile: +94 77 7303905 > Office: +94 11 4216062 > Fax: +94 11 2650805 > Web: www.techcert.lk > > =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== > > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users -- ---- Nalinda Herath Information Security Engineer TechCERT / A Division of LK Domain Registry, 545/4, De Soysa Rd., Molpe, Moratuwa 10400, Sri Lanka Mobile: +94 77 7303905 Office: +94 11 4216062 Fax: +94 11 2650805 Web: www.techcert.lk =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2619 bytes Desc: S/MIME Cryptographic Signature URL: From msauton at redhat.com Mon Jun 11 08:42:28 2012 From: msauton at redhat.com (Marc Sauton) Date: Mon, 11 Jun 2012 01:42:28 -0700 Subject: [Pki-users] reset pkiconsole password [for CA server] In-Reply-To: <4FD4969E.3090200@techcert.lk> References: <4FC5F661.70301@techcert.lk> <1338384339.3069.12.camel@aleeredhat.laptop> <4FC6424C.3090603@techcert.lk> <4FC653F0.7020006@redhat.com> <4FC715EE.60507@techcert.lk> <4FC77FAA.2090707@redhat.com> <4FD424C9.3090902@techcert.lk> <4FD4969E.3090200@techcert.lk> Message-ID: <4FD5AF74.2030101@redhat.com> To use ldapmodify: http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Creating_Directory_Entries-Managing_Entries_from_the_Command_Line.html#Managing_Entries_from_the_Command_Line-Adding_and_Modifying_Entries_Using_ldapmodify Example of Java LDAP explorer: http://jxplorer.org/ Note by using ldapmodify or a LDAP browser, there is a high risk of mistakes that may break the application, so it is only recommended for "advanced" users. M. On 06/10/2012 05:44 AM, Nalinda Herath wrote: > this is the command that I have tried. But didn't get any response for > the command. > > #ldapmodify -D "uid=admin,ou=people,dc=-pki-ca" -w -d 2 > > Do you know any ldap explorer utility which can be used for this purpose. > > Nalinda > > > On 06/10/2012 10:08 AM, Nalinda Herath wrote: >> Thnx. >> >> But still no luck. >> >> I have tried the following command >> >> #ldapmodify -D "uid=admin,O=Astor Domain,dc=-pki-ca" -w >> >> Please let me know whether the commnd is correct. If yes, i will >> check on the DN. Thanks. >> >> Regards, >> Nalinda >> >> On 05/31/2012 07:56 PM, Marc Sauton wrote: >>> The admin entry has a DN similar to this form >>> dn: uid=admin,ou=people,dc=-pki-ca >>> Bind as the directory manager to read or modify the userpassword >>> attribute >>> >>> I added an example of detailed steps in a "knowledge based" article at >>> https://access.redhat.com/knowledge/articles/133053 >>> >>> M. >>> >>> On 05/30/2012 11:55 PM, Nalinda Herath wrote: >>>> Thank you for the response. >>>> >>>> I have the directory manager password. Could you please help me to >>>> reset the admin password via ldapmodify utility. >>>> >>>> Regards, >>>> Nalinda >>>> >>>> >>>> On 05/30/2012 10:38 PM, Christina Fu wrote: >>>>> All CS role users are stored in the ldap. You could use >>>>> ldapmodify to change it, provided you have the directory manager >>>>> password. >>>>> >>>>> Christina >>>>> >>>>> On 05/30/2012 08:52 AM, Nalinda Herath wrote: >>>>>> Thank you for the response. >>>>>> >>>>>> But what I forgot to tell was, I have lost the password for the admin >>>>>> user. And the system doesn't have any other user other than admin. >>>>>> >>>>>> Nalinda >>>>>> >>>>>> >>>>>> On 05/30/2012 06:55 PM, Ade Lee wrote: >>>>>>> In the CA console, there is a tab for managing Users and Groups. >>>>>>> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Creating_a_New_Group.html#Creating_Users-for-a-ca-ocsp-drm-or-tks >>>>>>> >>>>>>> You can select and modify the admin user (or any other user) from there. >>>>>>> >>>>>>> Ade >>>>>>> >>>>>>> On Wed, 2012-05-30 at 15:58 +0530, Nalinda Herath wrote: >>>>>>>> Dear All, >>>>>>>> >>>>>>>> Is there a possibility to reset the pkiconsole password for the default >>>>>>>> "admin" user? I'm referring to the pkiconsole for the CA instance. (not >>>>>>>> the console for the Directory Server) >>>>>>>> >>>>>>>> Nalinda >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Pki-users mailing list >>>>>>>> Pki-users at redhat.com >>>>>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Pki-users mailing list >>>>>> Pki-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Pki-users mailing list >>>>> Pki-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>> >>>> >>>> -- >>>> ---- >>>> Nalinda Herath >>>> Information Security Engineer >>>> TechCERT / A Division of LK Domain Registry, >>>> 545/4, De Soysa Rd., Molpe, >>>> Moratuwa 10400, >>>> Sri Lanka >>>> >>>> Mobile: +94 77 7303905 >>>> Office: +94 11 4216062 >>>> Fax: +94 11 2650805 >>>> Web:www.techcert.lk >>>> >>>> =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== >>>> >>>> >>>> _______________________________________________ >>>> Pki-users mailing list >>>> Pki-users at redhat.com >>>> https://www.redhat.com/mailman/listinfo/pki-users >>> >> >> >> -- >> ---- >> Nalinda Herath >> Information Security Engineer >> TechCERT / A Division of LK Domain Registry, >> 545/4, De Soysa Rd., Molpe, >> Moratuwa 10400, >> Sri Lanka >> >> Mobile: +94 77 7303905 >> Office: +94 11 4216062 >> Fax: +94 11 2650805 >> Web:www.techcert.lk >> >> =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== >> >> >> _______________________________________________ >> Pki-users mailing list >> Pki-users at redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users > > > -- > ---- > Nalinda Herath > Information Security Engineer > TechCERT / A Division of LK Domain Registry, > 545/4, De Soysa Rd., Molpe, > Moratuwa 10400, > Sri Lanka > > Mobile: +94 77 7303905 > Office: +94 11 4216062 > Fax: +94 11 2650805 > Web:www.techcert.lk > > =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== -------------- next part -------------- An HTML attachment was scrubbed... URL: From nalinda at techcert.lk Mon Jun 25 15:26:13 2012 From: nalinda at techcert.lk (Nalinda Herath) Date: Mon, 25 Jun 2012 20:56:13 +0530 Subject: [Pki-users] reset pkiconsole password [for CA server] In-Reply-To: <4FD5AF74.2030101@redhat.com> References: <4FC5F661.70301@techcert.lk> <1338384339.3069.12.camel@aleeredhat.laptop> <4FC6424C.3090603@techcert.lk> <4FC653F0.7020006@redhat.com> <4FC715EE.60507@techcert.lk> <4FC77FAA.2090707@redhat.com> <4FD424C9.3090902@techcert.lk> <4FD4969E.3090200@techcert.lk> <4FD5AF74.2030101@redhat.com> Message-ID: <4FE88315.9080908@techcert.lk> Marc, Thanks for the support. Nalinda On 06/11/2012 02:12 PM, Marc Sauton wrote: > To use ldapmodify: > http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Creating_Directory_Entries-Managing_Entries_from_the_Command_Line.html#Managing_Entries_from_the_Command_Line-Adding_and_Modifying_Entries_Using_ldapmodify > > Example of Java LDAP explorer: > http://jxplorer.org/ > > Note by using ldapmodify or a LDAP browser, there is a high risk of > mistakes that may break the application, so it is only recommended for > "advanced" users. > M. > > On 06/10/2012 05:44 AM, Nalinda Herath wrote: >> this is the command that I have tried. But didn't get any response >> for the command. >> >> #ldapmodify -D "uid=admin,ou=people,dc=-pki-ca" -w -d 2 >> >> Do you know any ldap explorer utility which can be used for this purpose. >> >> Nalinda >> >> >> On 06/10/2012 10:08 AM, Nalinda Herath wrote: >>> Thnx. >>> >>> But still no luck. >>> >>> I have tried the following command >>> >>> #ldapmodify -D "uid=admin,O=Astor Domain,dc=-pki-ca" -w >>> >>> Please let me know whether the commnd is correct. If yes, i will >>> check on the DN. Thanks. >>> >>> Regards, >>> Nalinda >>> >>> On 05/31/2012 07:56 PM, Marc Sauton wrote: >>>> The admin entry has a DN similar to this form >>>> dn: uid=admin,ou=people,dc=-pki-ca >>>> Bind as the directory manager to read or modify the userpassword >>>> attribute >>>> >>>> I added an example of detailed steps in a "knowledge based" article at >>>> https://access.redhat.com/knowledge/articles/133053 >>>> >>>> M. >>>> >>>> On 05/30/2012 11:55 PM, Nalinda Herath wrote: >>>>> Thank you for the response. >>>>> >>>>> I have the directory manager password. Could you please help me to >>>>> reset the admin password via ldapmodify utility. >>>>> >>>>> Regards, >>>>> Nalinda >>>>> >>>>> >>>>> On 05/30/2012 10:38 PM, Christina Fu wrote: >>>>>> All CS role users are stored in the ldap. You could use >>>>>> ldapmodify to change it, provided you have the directory manager >>>>>> password. >>>>>> >>>>>> Christina >>>>>> >>>>>> On 05/30/2012 08:52 AM, Nalinda Herath wrote: >>>>>>> Thank you for the response. >>>>>>> >>>>>>> But what I forgot to tell was, I have lost the password for the admin >>>>>>> user. And the system doesn't have any other user other than admin. >>>>>>> >>>>>>> Nalinda >>>>>>> >>>>>>> >>>>>>> On 05/30/2012 06:55 PM, Ade Lee wrote: >>>>>>>> In the CA console, there is a tab for managing Users and Groups. >>>>>>>> http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Creating_a_New_Group.html#Creating_Users-for-a-ca-ocsp-drm-or-tks >>>>>>>> >>>>>>>> You can select and modify the admin user (or any other user) from there. >>>>>>>> >>>>>>>> Ade >>>>>>>> >>>>>>>> On Wed, 2012-05-30 at 15:58 +0530, Nalinda Herath wrote: >>>>>>>>> Dear All, >>>>>>>>> >>>>>>>>> Is there a possibility to reset the pkiconsole password for the default >>>>>>>>> "admin" user? I'm referring to the pkiconsole for the CA instance. (not >>>>>>>>> the console for the Directory Server) >>>>>>>>> >>>>>>>>> Nalinda >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Pki-users mailing list >>>>>>>>> Pki-users at redhat.com >>>>>>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Pki-users mailing list >>>>>>> Pki-users at redhat.com >>>>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Pki-users mailing list >>>>>> Pki-users at redhat.com >>>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>>> >>>>> >>>>> -- >>>>> ---- >>>>> Nalinda Herath >>>>> Information Security Engineer >>>>> TechCERT / A Division of LK Domain Registry, >>>>> 545/4, De Soysa Rd., Molpe, >>>>> Moratuwa 10400, >>>>> Sri Lanka >>>>> >>>>> Mobile: +94 77 7303905 >>>>> Office: +94 11 4216062 >>>>> Fax: +94 11 2650805 >>>>> Web: www.techcert.lk >>>>> >>>>> =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== >>>>> >>>>> >>>>> _______________________________________________ >>>>> Pki-users mailing list >>>>> Pki-users at redhat.com >>>>> https://www.redhat.com/mailman/listinfo/pki-users >>>> >>> >>> >>> -- >>> ---- >>> Nalinda Herath >>> Information Security Engineer >>> TechCERT / A Division of LK Domain Registry, >>> 545/4, De Soysa Rd., Molpe, >>> Moratuwa 10400, >>> Sri Lanka >>> >>> Mobile: +94 77 7303905 >>> Office: +94 11 4216062 >>> Fax: +94 11 2650805 >>> Web: www.techcert.lk >>> >>> =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== >>> >>> >>> _______________________________________________ >>> Pki-users mailing list >>> Pki-users at redhat.com >>> https://www.redhat.com/mailman/listinfo/pki-users >> >> >> -- >> ---- >> Nalinda Herath >> Information Security Engineer >> TechCERT / A Division of LK Domain Registry, >> 545/4, De Soysa Rd., Molpe, >> Moratuwa 10400, >> Sri Lanka >> >> Mobile: +94 77 7303905 >> Office: +94 11 4216062 >> Fax: +94 11 2650805 >> Web: www.techcert.lk >> >> =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== > -- ---- Nalinda Herath Information Security Engineer TechCERT / A Division of LK Domain Registry, 545/4, De Soysa Rd., Molpe, Moratuwa 10400, Sri Lanka Mobile: +94 77 7303905 Office: +94 11 4216062 Fax: +94 11 2650805 Web: www.techcert.lk =====HELPING YOU SECURE YOUR INFORMATION ASSETS===== -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2619 bytes Desc: S/MIME Cryptographic Signature URL: From fabeisageek at googlemail.com Tue Jun 26 14:06:26 2012 From: fabeisageek at googlemail.com (Fabian Bertholm) Date: Tue, 26 Jun 2012 16:06:26 +0200 Subject: [Pki-users] researches have stolen an RSA private key from an Gemalto Cyberflex RSA Token Message-ID: Hi, I am not sure what the implications will be but I think the redhat PKI system is at least using the same hardware. You should read this paper. http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf What does this mean for us as users? Best regard, Fabian Bertholm From awnuk at redhat.com Tue Jun 26 19:08:15 2012 From: awnuk at redhat.com (Andrew Wnuk) Date: Tue, 26 Jun 2012 12:08:15 -0700 Subject: [Pki-users] researches have stolen an RSA private key from an Gemalto Cyberflex RSA Token In-Reply-To: References: Message-ID: <4FEA089F.9060009@redhat.com> On 06/26/2012 07:06 AM, Fabian Bertholm wrote: > Hi, > > I am not sure what the implications will be but I think the redhat PKI > system is at least using the same hardware. > You should read this paper. > http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf > > What does this mean for us as users? The following response was provided by Robert Relyea: For most token users, nothing. The researchers have not extracted the RSA private key, they extracted a symmetric key that is encrypted to the private key on the token. In environments where the token does not support decrypt, and operate on FIPS level-3 or above, this is big news, but for deployments which use a basic "RSA-op" function, not even separate Sign/Decrypt functions, you can simply decrypt the blob and get the symmetric key. The paper is definitely worthy of attention, but for most deployments it will have little or now impact. > > Best regard, > Fabian Bertholm > > _______________________________________________ > Pki-users mailing list > Pki-users at redhat.com > https://www.redhat.com/mailman/listinfo/pki-users -------------- next part -------------- An HTML attachment was scrubbed... URL: