search

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
https://www.dogtagpki.org
GNU General Public License v2.0
373 stars 137 forks source link

DRM - during key recovery, verifyKeyPair() only works for RSA keys when they are bytes in memory #813

Open pki-bot opened 4 years ago

pki-bot commented 4 years ago

This issue was migrated from Pagure Issue #242. Originally filed by nkinder (@nkinder) on 2012-07-20 00:11:58:

The function verifyKeyPair() RecoveryService.java is called once a private key has been recovered. It is used to verify if the private key retrieved actually matches the public key or not. The function takes both public key and private key byte arrays, which was when before we changed to doing unwrapping and wrapping on the token (no handling clear text byte array in memory).

We need to have a corresponding functionality to handle the verification now that we don't directly handle byte arrays. Also the existing verifyKeyPair() only handles RSA key verification. So it needs to handle ECC as well as we move onto ECC key archival and recovery.

pki-bot commented 4 years ago

Comment from nkinder (@nkinder) at 2017-02-27 14:03:55

Metadata Update from @nkinder: