dogtagpki

Clone
Source Code
GIT

#801 Merge pki-symkey into jss
Closed: Fixed None Opened 10 years ago by edewata.

Closed: Fixed
Reopen Issue

The pki-symkey provides interfaces to parts of NSS that aren't exposed by JSS. Merging pki-symkey into jss package would simplify the packaging and would make those interfaces more broadly available.

As discussed in the CS meeting of Mon Nov 18, 2013, consider implementing this ticket in two parts:

  • move/create general 'pki-symkey' symmetric key Java/C++ code into JSS Java/C code creating a new generic JSS symmetric key interface
  • move/create the PKI specific symmetric key functionality that would call this new generic JSS symmetric key interface into an appropriate PKI package (e. g. - pki-base, pki-server, pki-tks, etc.)

Patch to give JSS more advanced symmetric key functionality.
jss-symkey-enhancements.patch

Attachment added for this:

Features:

1.Ability to list symmetric keys in the token, by nickname with JSS.
2.Ability to set the nickname of a sym key from JSS.
3. Added some HMAC message digest algs needed by TMS.
4. Added feature to unwrap a sym key onto a token in a permanent or persistent fashion.
5. Added thin wrapper to be able to derive symkeys from other symkeys. Concatenation, encryption and extraction are supported.
6. Added a bunch of test code in the test area to be able to see the deriving functions in action.

Checked in code:

commit 1d60c55940e310aa77befe09c970db3831bb5042
Author: Jack Magne jmagne@dhcp-16-206.sjc.redhat.com
Date: Tue Mar 29 10:39:27 2016 -0700

Port symkey JNI to Java classes.
Ticket #801 : Merge pki-symkey into jss

What is supported:

1. Everything that is needed to support Secure Channel Protocol 01.
2. Supports the nist sp800 kdf and the original kdf.
3. Supports key unwrapping used by TPS which was formerly in the symkey JNI.

Requires:

1. A new JSS that supports more advanced symkey operations such as key derivation, more advanced key
unwrapping , and a way to list and identify a given symmetric key by name. Version of new Jss will be forthcoming.

Still to do:

1. Port over the 2 or 3 SCP02 routines from Symkey to use this code.
2. The original symkey will remain in place until we can port over everything.
3. SCP03 support can be added later.

Closing this ticket. More tickets will be created for some minor refinements in this area.

Metadata Update from @edewata:
- Issue assigned to jmagne
- Issue set to the milestone: 10.3.2
7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1368

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
major
None
None
None
defect
None
None
None
None
None
Community
None
None
None
None
None
None
General
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.