dogtagpki

Clone
Source Code
GIT

#2291 Support Lightweight CA key replication with non-RSA host authority
Closed: migrated 3 years ago by dmoluguw. Opened 8 years ago by ftweedal.

Closed: migrated
Reopen Issue

JSS only supports RSA key wrapping, therefore lightweight CA
key replication will only work with RSA host authority.

We eventually need to support lightweight CA key replication with
EC host authority. Some potential approaches:

  • Update JSS/NSS to support EC-based key wrapping.

  • Delegate key wrapping/unwrapping to an RSA key (presumably
    signed by the host authority).

  • Find a way to allow external processes to insert keys into the NSSDB
    without requiring Java process restart to see the new keys,
    i.e. avoid the key wrapping scheme altogether.

Metadata Update from @ftweedal:
- Issue set to the milestone: UNTRIAGED
7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2411

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
major
None
None
None
enhancement
None
None
None
None
Lightweight CAs
Community
None
None
None
None
None
None
CA
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.