Name: | pki-kra |
Version: | 10.5.17 |
Release: | 6.el7 |
Architecture: | noarch |
Group: | System Environment/Daemons |
Size: | 515452 |
License: | GPLv2 |
RPM: |
pki-kra-10.5.17-6.el7.noarch.rpm
|
Source RPM: |
pki-core-10.5.17-6.el7.src.rpm
|
Build Date: | Wed Apr 01 2020 |
Build Host: | jenkins-10-147-72-125-aec2cd9a-66da-4d98-a862-008c8e66b19a.appad3iad.osdevelopmeniad.oraclevcn.com |
Vendor: | Oracle America |
URL: | http://pki.fedoraproject.org/ |
Summary: | Certificate System - Key Recovery Authority |
Description: | The Key Recovery Authority (KRA) is an optional PKI subsystem that can act
as a key archival facility. When configured in conjunction with the
Certificate Authority (CA), the KRA stores private encryption keys as part of
the certificate enrollment process. The key archival mechanism is triggered
when a user enrolls in the PKI and creates the certificate request. Using the
Certificate Request Message Format (CRMF) request format, a request is
generated for the user's private encryption key. This key is then stored in
the KRA which is configured to store keys in an encrypted format that can only
be decrypted by several agents requesting the key at one time, providing for
protection of the public encryption keys for the users in the PKI deployment.
Note that the KRA archives encryption keys; it does NOT archive signing keys,
since such archival would undermine non-repudiation properties of signing keys.
This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-base-python2 (alias for pki-base)
* pki-base-python3
* pki-base-java
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Key Recovery Authority (KRA)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
Python clients need only install the pki-base package. This
package contains the python REST client packages and the client
upgrade framework.
Java clients should install the pki-base-java package. This package
contains the legacy and REST Java client packages. These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools. The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages. |
-
Mon Dec 02 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-6
- ##########################################################################
- # RHEL 7.8:
- ##########################################################################
- Bugzilla Bug #1723008 - ECC Key recovery failure with
CKR_TEMPLATE_INCONSISTENT (cfu)
- Bugzilla Bug #1774282 - pki-server-nuxwdog template has pid file name with
non-breakable space char encoded instead of 0x20 space char (ascheel)
- ##########################################################################
- # RHCS 9.6:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
-
Thu Oct 24 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-5
- ##########################################################################
- # RHEL 7.8:
- ##########################################################################
- Bugzilla Bug #1523330 - CC: missing audit event for CS acting as TLS client
(cfu)
- ##########################################################################
- # RHCS 9.6:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
-
Mon Sep 30 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-4
- Include 'pistool' in the 'pki-tools' package
-
Mon Sep 23 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-3
- ##########################################################################
- # RHEL 7.8:
- ##########################################################################
- Bugzilla Bug #1445479 - KRATool does not support netkeyKeyRecovery
attribute (dmoluguw)
- Bugzilla Bug #1534013 - Attempting to add new keys using a PUT KEY APDU
to a token that is loaded only with the default/factory keys (Key Version
Number 0xFF) returns an APDU with error code 0x6A88. (jmagne)
- Bugzilla Bug #1709585 - PKI (test support) for PKCS#11 standard
AES KeyWrap for HSM support (cfu, ftweedal)
- Bugzilla Bug #1748766 - number range depletion when multiple clones
created from same master (ftweedal)
- ##########################################################################
- # RHCS 9.6:
- ##########################################################################
- # Bugzilla Bug #1520258 - TPS token search fails to find entries , LDAP filter
- # Bugzilla Bug #1535671 - RFE to have the users be able to use the
-
Mon Sep 09 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-2
- ##########################################################################
- # RHEL 7.8:
- ##########################################################################
- Bugzilla Bug #1523330 - CC: missing audit event for CS acting as TLS
client (cfu)
- Bugzilla Bug #1597727 - CA - Unable to change a certificate’s revocation
reason from superceded to key_compromised (rhcs-maint)
- ##########################################################################
- # RHCS 9.6:
- ##########################################################################
- # Bugzilla Bug #1470410 - TPS doesn't update revocation status when
- # Bugzilla Bug #1470433 - Add supported transitions to TPS (rhcs-maint)
- # Bugzilla Bug #1585722 - TMS - PKISocketFactory – Modify Logging to Allow
- # Bugzilla Bug #1642577 - TPS – Revoked Encryption Certificates Marked as
-
Tue Aug 13 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-1
- Updated jss, nuxwdog, and tomcatjss dependencies
- ##########################################################################
- # RHEL 7.8:
- ##########################################################################
- Bugzilla Bug #1733586 - Rebase pki-core from 10.5.16 to 10.5.17 (RHEL)
- ##########################################################################
- # RHCS 9.6:
- ##########################################################################
- # Bugzilla Bug #1718418 - Update RHCS version of CA, KRA, OCSP, and TKS so
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
-
Thu Jun 20 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-3
- ##########################################################################
- # RHEL 7.7:
- ##########################################################################
- Bugzilla Bug #1638379 - PKI startup initialization process should not
depend on LDAP operational attributes [ftweedal]
- ##########################################################################
- # RHCS 9.5:
- ##########################################################################
- # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
-
Thu Apr 04 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-2
- ##########################################################################
- # RHEL 7.7:
- ##########################################################################
- Bugzilla Bug #1491453 - Need Method to Include SKI in CA Signing
Certificate Request [ftweedal]
- ##########################################################################
- # RHCS 9.5:
- ##########################################################################
- # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
-
Mon Mar 18 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-1
- Updated jss dependencies
- ##########################################################################
- # RHEL 7.7:
- ##########################################################################
- Bugzilla Bug #1633422 - Rebase pki-core from 10.5.1 to 10.5.16 (RHEL)
- ##########################################################################
- # RHCS 9.5:
- ##########################################################################
- # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
-
Fri Feb 15 2019 Dogtag Team <pki-devel@redhat.com> 10.5.9-13
- Updated jss dependencies
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1671245 - CC: unable to verify cert before import
[rhel-7.6.z] [manpage] (ascheel)
- Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL)
[rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)