The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
This issue was migrated from Pagure Issue #1048. Originally filed by edewata (@edewata) on 2014-06-20 21:19:49:
Assigned to nobody
Currently there is no way to archive a data that is already encrypted without doing additional encryption steps on both the client and server side:
encrypting/decrypting the data with session key
wrapping/unwrapping session key with transport certificate
Similar issue happens on retrieval as well.
Under certain scenarios (e.g. IPA), the data to be archived is already encrypted, and the KRA is located locally, so eliminating the extra encryption steps can improve the performance without reducing the level of security.
This issue was migrated from Pagure Issue #1048. Originally filed by edewata (@edewata) on 2014-06-20 21:19:49:
Currently there is no way to archive a data that is already encrypted without doing additional encryption steps on both the client and server side:
Similar issue happens on retrieval as well.
Under certain scenarios (e.g. IPA), the data to be archived is already encrypted, and the KRA is located locally, so eliminating the extra encryption steps can improve the performance without reducing the level of security.
Proposed milestone: 10.3