[ECA-4337] EJBCA client toolbox PKCS11HSMKeyTool generate command should not overwrite existing keys - PrimeKey Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: EJBCA 6.13.0
Component/s: CLI
Labels:

Issue discovered during:
Customer
Epic Link:
ClientToolbox should not overwrite existing keys
Sprint:
EJBCA Sprint 12 (2 weeks)

Description

The current behaviour (in EJBCA 6.3.2 and lower) for the EJBCA client toolbox command PKCS11HSMKeyTool generate, which creates a new key in HSM, is to overwrite the existing key (if it exists under the same provided name) without any warning, notice, or prompting.

This can have rather undesired effect if the generate command for database protection key is accidentally re-run after the key ceremony (in case where the command is still in history).

It would be much safer to have the command fail if the key with the same name already exists. If it is necessary to allow forcing the key overwrite, a new option should be added (let's say --force), and this option should also print out a warning in case the key just got overwritten.

Attachments

Issue Links

is duplicated by

ECA-5590 ClientToolBox should check if a key exists before overwriting it

Closed

Activity

People

Assignee:: Ulf Undmark

Reporter:: Chris Job

Verified by:: Henrik Sunmark

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2015-07-10 09:06

Updated:: 2019-05-13 13:11

Resolved:: 2018-04-27 11:50

Time Tracking

Estimated:

Remaining:

1h 45m

Logged:

15m