Name: | pki-kra |
Version: | 10.5.18 |
Release: | 23.el7_9 |
Architecture: | noarch |
Group: | System Environment/Daemons |
Size: | 518382 |
License: | GPLv2 |
RPM: |
pki-kra-10.5.18-23.el7_9.noarch.rpm
|
Source RPM: |
pki-core-10.5.18-23.el7_9.src.rpm
|
Build Date: | Mon Oct 24 2022 |
Build Host: | build-ol7-x86_64.oracle.com |
Vendor: | Oracle America |
URL: | http://pki.fedoraproject.org/ |
Summary: | Certificate System - Key Recovery Authority |
Description: | The Key Recovery Authority (KRA) is an optional PKI subsystem that can act
as a key archival facility. When configured in conjunction with the
Certificate Authority (CA), the KRA stores private encryption keys as part of
the certificate enrollment process. The key archival mechanism is triggered
when a user enrolls in the PKI and creates the certificate request. Using the
Certificate Request Message Format (CRMF) request format, a request is
generated for the user's private encryption key. This key is then stored in
the KRA which is configured to store keys in an encrypted format that can only
be decrypted by several agents requesting the key at one time, providing for
protection of the public encryption keys for the users in the PKI deployment.
Note that the KRA archives encryption keys; it does NOT archive signing keys,
since such archival would undermine non-repudiation properties of signing keys.
This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-base-python2 (alias for pki-base)
* pki-base-python3
* pki-base-java
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Key Recovery Authority (KRA)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
Python clients need only install the pki-base package. This
package contains the python REST client packages and the client
upgrade framework.
Java clients should install the pki-base-java package. This package
contains the legacy and REST Java client packages. These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools. The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages. |
-
Mon Oct 10 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-23
- ##########################################################################
- # RHEL 7.9 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
- Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)
-
Mon Aug 22 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-22
- ##########################################################################
- # RHEL 7.9 (Batch Update 17):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 17):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
- Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)
-
Tue May 31 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-21
- ##########################################################################
- # RHEL 7.9 (Batch Update 15):
- ##########################################################################
- Bugzilla Bug #2074722 - user password and pkcs12 password exposure when
debug level set to maximum [RHEL 7.9.z] (cfu)
- Bugzilla Bug #2082717 - SCEP manual approval failure (cfu)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)
-
Mon Apr 25 2022 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-20
- ##########################################################################
- # RHEL 7.9 (Batch Update 14):
- ##########################################################################
- Bugzilla Bug #2074722 - user password and pkcs12 password exposure when
debug level set to maximum [RHEL 7.9.z] (cfu)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)
-
Thu Dec 16 2021 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-19
- ##########################################################################
- # RHEL 7.9 (Batch Update 11):
- ##########################################################################
- Bugzilla Bug 1998597 - TPS RA Separation Issues (cfu)
- Bugzilla Bug 2008319 - PKISpawn with ECC Signing Algorithms fail
in FIPS Mode (cfu)
- Bugzilla Bug 2018608 - Invalid certificates with creation of subCA
(pkispawn single step) [rhel-7.9.0.z] (cfu)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)
-
Sat Oct 23 2021 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-18
- ##########################################################################
- # RHEL 7.9 (Batch Update 10):
- ##########################################################################
- Bugzillla Bug 1978345 - End Entity's List Certificates Page Back/Forward
Buttons are Broken (ckelley, jonahon.d.parrish@mail.mil, mharmsen)
- Bugzilla Bug 2008707 - pkispawn bails out too easily for things that could
have been worked around after installation [RHEL 7.9.z] (cfu)
- Bugzilla Bug 2016773 - Directory authentication plugin requires directory
admin password just for user authentication (rhel-7.9.z)
(awnuk@purestorage.com, jmagne)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)
-
Wed Sep 15 2021 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-17
- ##########################################################################
- # RHEL 7.9 (Batch Update 9):
- ##########################################################################
- Bugzilla Bug 1958788 - ipa: ERROR: Request failed with status 500: Non-2xx
response from CA REST API: 500 [ftweedal, ckelley]
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)
-
Mon Aug 09 2021 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-16
- ##########################################################################
- # RHEL 7.9 (Batch Update 8):
- ##########################################################################
- Bugzilla Bug 1958277 - PKCS10Client EC Attribute Encoding [cfu]
- Bugzilla Bug 1958788 - ipa: ERROR: Request failed with status 500:
Non-2xx response from CA REST API: 500 [ftweedale, ckelley]
- ##########################################################################
- # RHCS 9.7 (Batch Update 8):
- ##########################################################################
- Bugzilla Bug 1959937 - TPS Allowing Token Transactions while
the CA is Down [cfu]
- Bugzilla Bug 1979710 - TPS Not properly enforcing Token Profile
Separation [cfu]
-
Fri Jun 25 2021 Dogtag Team <devel@lists.dogtagpki.org> 10.5.18-15
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1905374 - restrict EE profile list and enrollment submission
per LDAP group without immediate issuance [rhel-7.9.z] (cfu)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)
-
Thu May 13 2021 Dogtag Team <pki-devel@redhat.com> 10.5.18-14
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1911472 - Revoke via REST API not working when Agent
certificate not issued by CA [rhel-7.9.z] (cfu)
- Bugzilla Bug 1914587 - RHEL IPA PKI - Failed to read product version
String.java.io.FileNotFoundException (ckelley)
- Bugzilla Bug 1942687 - TPS not populating Token Policy, or switching
PIN_RESET=YES to NO [rhel-7.9.z] (jmagne)
- Bugzilla Bug 1955633 - Recovery of Keys migrated to latest version of KRA
fail to recover and result in Null Point Exception [rhel-7.9.z] (jmagne)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 6)