ejbca-develop

[Ejbca-develop] Creation of a Token AES key when recovering a user key

[Jean-Luc C. <jea...@bu...>]

Hi,

We have performed integration tests between EJBCA 4.0.14 and a PKCS#11 provider. We noticed the following behavior:

When a user key is recovered, an AES key is created in the PKCS#11 token with the following attributes:
CKA_TOKEN: 01
CKA_CLASS: 04000000
CKA_KEY_TYPE: 1F000000
CKA_VALUE  length=32
This key is used to decrypt the user key.

The key is not deleted afterwards and remains in the PKCS#11 Token with no CKA_LABEL and no CKA_ID.

This generates a problem with the clientToolBox when it checks the content of the key store.

The questions are:

-          Why is this key created as a token key?

-          Is there a way to configure key recovery to avoid the creation of this key?

Thanks.
Jean-Luc Chardon

Re: [Ejbca-develop] Creation of a Token AES key when recovering a user key

[Tomas G. <to...@pr...>]

This is something that was fixed in EJBCA 5 some time ago. Due to 
differences in the underlying BC crypt library backporting to EJBCA 4 is 
not feasible (new version of BC needed to use different providers for 
signature and crypto operations).

Cheers,
Tomas
-----
PrimeKey Solutions offers commercial EJBCA and SignServer support 
subscriptions and training courses. Please see www.primekey.se or 
contact in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/

On 04/04/2013 04:05 PM, Jean-Luc Chardon wrote:
> Hi,
>
> We have performed integration tests between EJBCA 4.0.14 and a PKCS#11
> provider. We noticed the following behavior:
>
> When a user key is recovered, an AES key is created in the PKCS#11 token
> with the following attributes:
>
> CKA_TOKEN: 01
>
> CKA_CLASS: 04000000
>
> CKA_KEY_TYPE: 1F000000
>
> CKA_VALUE  length=32
>
> This key is used to decrypt the user key.
>
> The key is not deleted afterwards and remains in the PKCS#11 Token with
> no CKA_LABEL and no CKA_ID.
>
> This generates a problem with the clientToolBox when it checks the
> content of the key store.
>
> The questions are:
>
> -Why is this key created as a token key?
>
> -Is there a way to configure key recovery to avoid the creation of this key?
>
> Thanks.
>
> Jean-Luc Chardon
>
>
>
> ------------------------------------------------------------------------------
> Minimize network downtime and maximize team effectiveness.
> Reduce network management and security costs.Learn how to hire
> the most talented Cisco Certified professionals. Visit the
> Employer Resources Portal
> http://www.cisco.com/web/learning/employer_resources/index.html
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

[Ejbca-develop] ertificate management Protocol (CMP)

[sara <sar...@gm...>]

hi,

i can't configure CMP at my CA and i have been trying to follow the 
steps at ejbca.org but i failed.
how can i bulid cmpclient ?
and i have configured the cmp.propertirs file, so  what else i need to do ?

regards,

sara