ESC lists a recovered signing cert/key on a token as encryption key (TPS storing incorrect info?)

[pki-bot]

This issue was migrated from Pagure Issue #2762. Originally filed by mharmsen (@mharmsen) on 2017-06-26 16:42:28:

• Assigned to nobody
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1465149

---

ESC lists a recovered signing cert/key on a token as encryption key

Steps to Reproduce:

1. Make the following changes to TPS config

    externalReg.enable=true

    op.enroll.userKey.keyGen.signing.serverKeygen.archive=true
    op.enroll.userKey.keyGen.signing.serverKeygen.drm.conn=kra1
    op.enroll.userKey.keyGen.signing.serverKeygen.enable=true

2. Enroll a smartcard token with the following user (externalRegAddtoToken tokentype)

    dn: uid=pkiuser3,ou=People,dc=pki-ca-Jun21-CA
    objectClass: person
    objectClass: organizationalPerson
    objectClass: inetorgperson
    objectClass: top
    objectClass: extensibleobject
    cn: pkiuser3
    sn: pkiuser3
    uid: pkiuser3
    givenName: pkiuser3
    mail: pkiuser3@example.org
    firstname: pkiuser3
    userPassword: redhat
    certstoadd: 56063789,ca1,55,kra1 - encryption cert and key
    certstoadd: 11403942,ca1,60,kra1 - signing cert and key

Actual results:

ESC list the signing key recovered onto the token as encryption key

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-06-26 16:43:05

Metadata Update from @mharmsen:

• Custom field component adjusted to General
• Custom field feature adjusted to ''
• Custom field origin adjusted to Community
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1465149
• Custom field type adjusted to defect
• Custom field version adjusted to ''
• Issue priority set to: critical
• Issue set to the milestone: 10.4

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-08-04 13:41:43

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.5 (was: 10.4)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-09-25 16:59:21

Metadata Update from @mharmsen:

• Issue priority set to: major (was: critical)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-10-25 13:06:45

[20171025] - Offline Triage ==> 10.6

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-10-25 13:06:48

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.6 (was: 10.5)